Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Referred]Adaware SE First Ever Log

Started by icarusq , Apr 26 2005 06:45 AM

Please log in to reply

#1
icarusq

Posted 26 April 2005 - 06:45 AM

Member

Member
13 posts

Hi, Here is my adawre log, however I run the Fix options from Ad Aware as I was not quite tuned in last night... been a long week and it was only Monday!

HJT Log is here: http://www.geekstogo...showtopic=19659

Lavasoft Ad-Aware Personal Build 1.03
Logfile created on:25 April 2005 22:30:45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
PromulGate(TAC index:5):3 total references
Tracking Cookie(TAC index:3):107 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R3 12.08.2004
Internal build : 3
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 326465 Bytes
Total size : 1041582 Bytes
Signature data size : 1020492 Bytes
Reference data size : 20578 Bytes
Signatures total : 28677
Fingerprints total : 17
Fingerprints size : 902 Bytes
Target categories : 15
Target families : 530
(Requires Ad-Aware SE or higher)

25-04-2005 22:25:11 WebUpdate

Installing Update...
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
(Requires Ad-Aware SE or higher)

25-04-2005 22:25:34 Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:17 %
Total physical memory:261100 kb
Available physical memory:42824 kb
Total page file size:771864 kb
Available on page file:284532 kb
Total virtual memory:2097024 kb
Available virtual memory:2034268 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

25-04-2005 22:30:45 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 24-04-2005 21:22:05
BasePriority : Normal

#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 24-04-2005 21:22:11
BasePriority : High

#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 24-04-2005 21:22:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 760
ThreadCreationTime : 24-04-2005 21:22:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 24-04-2005 21:22:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : n/a
ProcessID : 1060
ThreadCreationTime : 24-04-2005 21:22:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 1468
ThreadCreationTime : 24-04-2005 21:22:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : n/a
ProcessID : 1920
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal

#:9 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
Command Line : n/a
ProcessID : 1968
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:10 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\
Command Line : n/a
ProcessID : 2012
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:11 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\
Command Line : n/a
ProcessID : 544
ThreadCreationTime : 24-04-2005 21:22:32
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:12 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\
Command Line : n/a
ProcessID : 620
ThreadCreationTime : 24-04-2005 21:22:32
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:13 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : rundll32.exe "C:\WINDOWS\system32\jtbexec.dll",DllGetVersion
ProcessID : 160
ThreadCreationTime : 24-04-2005 21:23:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 400
ThreadCreationTime : 24-04-2005 21:23:29
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 1584
ThreadCreationTime : 24-04-2005 21:23:34
BasePriority : Normal
FileVersion : 6.13.10.3017
ProductVersion : 6.13.10.3017
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:16 [ico.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : "C:\WINDOWS\system32\ICO.EXE"
ProcessID : 1596
ThreadCreationTime : 24-04-2005 21:23:34
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:17 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1628
ThreadCreationTime : 24-04-2005 21:23:35
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:18 [jogserv2.exe]
ModuleName : C:\Program Files\Sony\Jog Dial Navigator\
Command Line : "C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe"
ProcessID : 1028
ThreadCreationTime : 24-04-2005 21:23:35
BasePriority : Normal
FileVersion : 7, 1, 0, 7230
ProductVersion : 7, 1, 0, 7230
ProductName : Jog Dial Main Server Executable File
CompanyName : Sony Corporation
FileDescription : Jog Dial Main Server
InternalName : JogServ2
LegalCopyright : Copyright 1999,2000,2001,2002 Sony Corp.
OriginalFilename : JogServ2.EXE

#:19 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1012
ThreadCreationTime : 24-04-2005 21:23:36
BasePriority : Normal

#:20 [wlansta.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : "C:\WINDOWS\system32\WLANSTA.EXE" START
ProcessID : 920
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:21 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~2\
Command Line : "C:\PROGRA~1\NORTON~2\navapw32.exe"
ProcessID : 1752
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:22 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1864
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal

#:23 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 2084
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE

#:24 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2108
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2136
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [picsvr.exe]
ModuleName : C:\WINDOWS\system32\picsvr\
Command Line : "C:\WINDOWS\system32\picsvr\picsvr.exe"
ProcessID : 2168
ThreadCreationTime : 24-04-2005 21:23:40
BasePriority : Normal

#:27 [iasmmta.exe]
ModuleName : c:\windows\system32\
Command Line : "c:\windows\system32\iasmmta.exe" svozljn
ProcessID : 2324
ThreadCreationTime : 24-04-2005 21:23:46
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2620
ThreadCreationTime : 24-04-2005 21:23:52
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:29 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : n/a
ProcessID : 2628
ThreadCreationTime : 24-04-2005 21:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2640
ThreadCreationTime : 24-04-2005 21:23:53
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2728
ThreadCreationTime : 24-04-2005 21:24:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [histkill.exe]
ModuleName : C:\Program Files\HistoryKill\
Command Line : "C:\Program Files\HistoryKill\histkill.exe" /startup
ProcessID : 3096
ThreadCreationTime : 24-04-2005 21:24:42
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HistoryKill
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HistoryKill privacy utility
InternalName : histkill
LegalCopyright : © Copyright SwankSoft Technologies, Inc. 1998-2003
OriginalFilename : histkill.exe
Comments : http://www.historykill.com

#:33 [audevicemgr.exe]
ModuleName : C:\Program Files\Sony Ericsson\Mobile\
Command Line : "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe"
ProcessID : 3860
ThreadCreationTime : 24-04-2005 21:24:49
BasePriority : Normal
FileVersion : 1, 2, 6, 0
ProductVersion : 1, 2, 6, 0
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : audevicemgr.exe

#:34 [hkpopupkiller.exe]
ModuleName : C:\Program Files\HistoryKill\
Command Line : "C:\Program Files\HistoryKill\hkPopupKiller.exe" /STARTUP
ProcessID : 888
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HK PopUp Killer
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HK PopUp Killer
InternalName : hkPopupKiller
LegalCopyright : SwankSoft Technologies, Inc.
LegalTrademarks : HistoryKill™
OriginalFilename : hkPopupKiller.exe

#:35 [connmn~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\
Command Line : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE -Embedding
ProcessID : 536
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 1, 0, 0, 28
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE

#:36 [pcfmgr.exe]
ModuleName : C:\Program Files\PowerPanel\Program\
Command Line : "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch
ProcessID : 1544
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 5.0.0.1
ProductVersion : 5.0.0-S001
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0 ™
OriginalFilename : PCFMgr.exe

#:37 [mrouterruntime.exe]
ModuleName : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\
Command Line : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
ProcessID : 3016
ThreadCreationTime : 24-04-2005 21:25:01
BasePriority : Normal
FileVersion : 2, 0, 0, 356
ProductVersion : 2, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Symbian Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE

#:38 [epmwor~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\
Command Line : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE -Embedding
ProcessID : 2204
ThreadCreationTime : 24-04-2005 21:25:14
BasePriority : Normal
FileVersion : 1, 2, 0,873
ProductVersion : 1,2,0,209
ProductName : CAPI_Worker Module
CompanyName : Teleca Software Solutions AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:39 [outlook.exe]
ModuleName : C:\PROGRA~1\MICROS~2\OFFICE11\
Command Line : "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
ProcessID : 3844
ThreadCreationTime : 24-04-2005 21:25:29
BasePriority : Normal

#:40 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ProcessID : 1532
ThreadCreationTime : 24-04-2005 21:25:41
BasePriority : Normal

#:41 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : n/a
ProcessID : 3440
ThreadCreationTime : 25-04-2005 15:56:52
BasePriority : High

#:42 [syncin~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\
Command Line : C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE -Embedding
ProcessID : 1224
ThreadCreationTime : 25-04-2005 17:48:56
BasePriority : Normal
FileVersion : 1, 1, 0, 29
ProductVersion : 1, 1, 0, 29
ProductName : Sync Station
CompanyName : Teleca Software Solutions AB
FileDescription : SyncIndicator Module
InternalName : SyncIndicator
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : SyncIndicator.exe

#:43 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" /REVIVE /SETHOOK
ProcessID : 2372
ThreadCreationTime : 25-04-2005 21:04:12
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:44 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" http://66.230.146.2/...ms-uk-bm15.html
ProcessID : 4032
ThreadCreationTime : 25-04-2005 21:10:50
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:45 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" http://66.230.146.2/...ms-uk-bm15.html
ProcessID : 236
ThreadCreationTime : 25-04-2005 21:17:51
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3284
ThreadCreationTime : 25-04-2005 21:22:31
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:47 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2220
ThreadCreationTime : 25-04-2005 21:22:43
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:48 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" http://66.230.146.2/...ms-uk-bm15.html
ProcessID : 2556
ThreadCreationTime : 25-04-2005 21:24:52
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Ricochet "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Ricochet

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@004[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@004[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@00fun[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@00fun[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@adviva[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@adviva[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@ajrotator[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@ajrotator[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@bluemountain[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@bluemountain[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@bravenet[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@bravenet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[6].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[7].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[7].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[8].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[8].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@cgi-bin[9].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@cgi-bin[9].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@clickbank[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@clickbank[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@commission-junction[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@commission-junction[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@findwhat[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@findwhat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@goclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@goclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@internetfuel[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@internetfuel[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@linksynergy[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@metriweb[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@metriweb[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\

Edited by icarusq, 26 April 2005 - 06:51 AM.

#2
icarusq

Posted 26 April 2005 - 06:53 AM

Member

Topic Starter
Member
13 posts

Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@qsrch[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@qsrch[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@spinbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@spinbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@targetnet[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@valueclick[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rae@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Rae\Cookies\rae@zedo[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 113

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 113

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
15 entries scanned.
New critical objects:0
Objects found so far: 113

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 115

23:09:52 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:39:07.666
Objects scanned:178143
Objects identified:115
Objects ignored:0
New critical objects:115

#3
Rawe

Posted 26 April 2005 - 07:14 AM

Visiting Staff

Member
4,746 posts

Hi.
You have an OLD version of Ad-aware running..
Please do following;
UNinstall your current Ad-aware, and download/install Latest Build Here
After installed, open it up, and read Logfile Posting Instructions
Then post a new logfile here.
(Remember to delete all tracking cookies from your system before you post your scanlog..)

- Rawe :tazz:

#4
icarusq

Posted 26 April 2005 - 07:39 AM

Member

Topic Starter
Member
13 posts

OK it's away Rawe... Ill post it up when finished, was 40mins last time :tazz:

Delete tracking cookies from system? Using Adaware? Or Just clearing cookies? or do you mean delete the entries from the log before I post it?
Cheers

Edited by icarusq, 26 April 2005 - 07:40 AM.

#5
Rawe

Posted 26 April 2005 - 07:45 AM

Visiting Staff

Member
4,746 posts

I just meant that you should delete tracking cookies before you scan with Ad-aware.
Or you can also do this..
When your ad-aware has finished scanning, delete all tracking cookies with it, run a rescan and THEN post a new logfile.
Tracking cookies just take space in your post's, i don't wish to see them.

- Rawe :tazz:

#6
icarusq

Posted 26 April 2005 - 08:27 AM

Member

Topic Starter
Member
13 posts

Here you go mate :tazz:

Ad-Aware SE Build 1.05
Logfile Created on:26 April 2005 14:31:18
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

26-04-2005 14:29:30 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650

26-04-2005 14:29:39 Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:12 %
Total physical memory:261100 kb
Available physical memory:29876 kb
Total page file size:907032 kb
Available on page file:176120 kb
Total virtual memory:2097024 kb
Available virtual memory:2047096 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

26-04-2005 14:31:18 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 24-04-2005 21:22:05
BasePriority : Normal

#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 24-04-2005 21:22:11
BasePriority : High

#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 24-04-2005 21:22:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 760
ThreadCreationTime : 24-04-2005 21:22:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 24-04-2005 21:22:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1060
ThreadCreationTime : 24-04-2005 21:22:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1468
ThreadCreationTime : 24-04-2005 21:22:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 1920
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal

#:9 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : n/a
ProcessID : 1968
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:10 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 2012
ThreadCreationTime : 24-04-2005 21:22:28
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:11 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 544
ThreadCreationTime : 24-04-2005 21:22:32
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:12 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 620
ThreadCreationTime : 24-04-2005 21:22:32
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:13 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\jtbexec.dll",DllGetVersion
ProcessID : 160
ThreadCreationTime : 24-04-2005 21:23:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 400
ThreadCreationTime : 24-04-2005 21:23:29
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\atiptaxx.exe
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 1584
ThreadCreationTime : 24-04-2005 21:23:34
BasePriority : Normal
FileVersion : 6.13.10.3017
ProductVersion : 6.13.10.3017
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:16 [ico.exe]
ModuleName : C:\WINDOWS\system32\ICO.EXE
Command Line : "C:\WINDOWS\system32\ICO.EXE"
ProcessID : 1596
ThreadCreationTime : 24-04-2005 21:23:34
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:17 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1628
ThreadCreationTime : 24-04-2005 21:23:35
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:18 [jogserv2.exe]
ModuleName : C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
Command Line : "C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe"
ProcessID : 1028
ThreadCreationTime : 24-04-2005 21:23:35
BasePriority : Normal
FileVersion : 7, 1, 0, 7230
ProductVersion : 7, 1, 0, 7230
ProductName : Jog Dial Main Server Executable File
CompanyName : Sony Corporation
FileDescription : Jog Dial Main Server
InternalName : JogServ2
LegalCopyright : Copyright 1999,2000,2001,2002 Sony Corp.
OriginalFilename : JogServ2.EXE

#:19 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1012
ThreadCreationTime : 24-04-2005 21:23:36
BasePriority : Normal

#:20 [wlansta.exe]
ModuleName : C:\WINDOWS\system32\WLANSTA.EXE
Command Line : "C:\WINDOWS\system32\WLANSTA.EXE" START
ProcessID : 920
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:21 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~2\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~2\navapw32.exe"
ProcessID : 1752
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:22 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1864
ThreadCreationTime : 24-04-2005 21:23:37
BasePriority : Normal

#:23 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 2084
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE

#:24 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2108
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2136
ThreadCreationTime : 24-04-2005 21:23:39
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [picsvr.exe]
ModuleName : C:\WINDOWS\system32\picsvr\picsvr.exe
Command Line : "C:\WINDOWS\system32\picsvr\picsvr.exe"
ProcessID : 2168
ThreadCreationTime : 24-04-2005 21:23:40
BasePriority : Normal

#:27 [iasmmta.exe]
ModuleName : c:\windows\system32\iasmmta.exe
Command Line : "c:\windows\system32\iasmmta.exe" svozljn
ProcessID : 2324
ThreadCreationTime : 24-04-2005 21:23:46
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2620
ThreadCreationTime : 24-04-2005 21:23:52
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:29 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 2628
ThreadCreationTime : 24-04-2005 21:23:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2640
ThreadCreationTime : 24-04-2005 21:23:53
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2728
ThreadCreationTime : 24-04-2005 21:24:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [histkill.exe]
ModuleName : C:\Program Files\HistoryKill\histkill.exe
Command Line : "C:\Program Files\HistoryKill\histkill.exe" /startup
ProcessID : 3096
ThreadCreationTime : 24-04-2005 21:24:42
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HistoryKill
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HistoryKill privacy utility
InternalName : histkill
LegalCopyright : © Copyright SwankSoft Technologies, Inc. 1998-2003
OriginalFilename : histkill.exe
Comments : http://www.historykill.com

#:33 [audevicemgr.exe]
ModuleName : C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
Command Line : "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe"
ProcessID : 3860
ThreadCreationTime : 24-04-2005 21:24:49
BasePriority : Normal
FileVersion : 1, 2, 6, 0
ProductVersion : 1, 2, 6, 0
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : audevicemgr.exe

#:34 [hkpopupkiller.exe]
ModuleName : C:\Program Files\HistoryKill\hkPopupKiller.exe
Command Line : "C:\Program Files\HistoryKill\hkPopupKiller.exe" /STARTUP
ProcessID : 888
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HK PopUp Killer
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HK PopUp Killer
InternalName : hkPopupKiller
LegalCopyright : SwankSoft Technologies, Inc.
LegalTrademarks : HistoryKill™
OriginalFilename : hkPopupKiller.exe

#:35 [connmn~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE -Embedding
ProcessID : 536
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 1, 0, 0, 28
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE

#:36 [pcfmgr.exe]
ModuleName : C:\Program Files\PowerPanel\Program\PcfMgr.exe
Command Line : "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch
ProcessID : 1544
ThreadCreationTime : 24-04-2005 21:24:53
BasePriority : Normal
FileVersion : 5.0.0.1
ProductVersion : 5.0.0-S001
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0 ™
OriginalFilename : PCFMgr.exe

#:37 [mrouterruntime.exe]
ModuleName : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
Command Line : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
ProcessID : 3016
ThreadCreationTime : 24-04-2005 21:25:01
BasePriority : Normal
FileVersion : 2, 0, 0, 356
ProductVersion : 2, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Symbian Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE

#:38 [epmwor~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE -Embedding
ProcessID : 2204
ThreadCreationTime : 24-04-2005 21:25:14
BasePriority : Normal
FileVersion : 1, 2, 0,873
ProductVersion : 1,2,0,209
ProductName : CAPI_Worker Module
CompanyName : Teleca Software Solutions AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:39 [outlook.exe]
ModuleName : C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
Command Line : "C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE" /recycle
ProcessID : 3844
ThreadCreationTime : 24-04-2005 21:25:29
BasePriority : Normal

#:40 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
ProcessID : 1532
ThreadCreationTime : 24-04-2005 21:25:41
BasePriority : Normal

#:41 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 3440
ThreadCreationTime : 25-04-2005 15:56:52
BasePriority : High

#:42 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\WISPTIS.EXE
Command Line : "C:\WINDOWS\System32\WISPTIS.EXE" -Embedding
ProcessID : 2928
ThreadCreationTime : 26-04-2005 07:40:16
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:43 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" /REVIVE /SETHOOK
ProcessID : 4564
ThreadCreationTime : 26-04-2005 08:09:41
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:44 [syncin~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\SYNCIN~1.EXE -Embedding
ProcessID : 5728
ThreadCreationTime : 26-04-2005 08:48:27
BasePriority : Normal
FileVersion : 1, 1, 0, 29
ProductVersion : 1, 1, 0, 29
ProductName : Sync Station
CompanyName : Teleca Software Solutions AB
FileDescription : SyncIndicator Module
InternalName : SyncIndicator
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : SyncIndicator.exe

#:45 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\HJT\hijackthis26.04.05.txt
ProcessID : 2920
ThreadCreationTime : 26-04-2005 12:52:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:46 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" http://www.geekstogo...view=getnewpost
ProcessID : 3512
ThreadCreationTime : 26-04-2005 13:27:02
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +483832
ProcessID : 2716
ThreadCreationTime : 26-04-2005 13:29:20
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
15 entries scanned.
New critical objects:0
Objects found so far: 0

15:10:18 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:39:00.726
Objects scanned:179933
Objects identified:0
Objects ignored:0
New critical objects:0

#7
Rawe

Posted 26 April 2005 - 08:33 AM

Visiting Staff

Member
4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
15 entries scanned.

If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:

Also, run this online virus scan..
- Trend Micro

Delete/clean everything it finds, if it finds..
Do both things above (with host file viewer and online scan)
After done that, reboot, read Logfile Posting Instructions and post a fresh Ad-aware log here as a reply.

#8
icarusq

Posted 27 April 2005 - 03:03 AM

Member

Topic Starter
Member
13 posts

host

127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com

This is the log that keeps getting messed back. BTW I cannot get HouseCall to clean! I cannot make it produce the "ticket" It finds 3 infections one which reports as being a trojan capable of dowloading the nasties that seem to be in my hosts file! Scan takes ages too! :tazz:

#9
Rawe

Posted 27 April 2005 - 03:07 AM

Visiting Staff

Member
4,746 posts

So, you can't restore your hosts file to default?

- Rawe :tazz:

#10
icarusq

Posted 27 April 2005 - 03:08 AM

Member

Topic Starter
Member
13 posts

I can restore it to default. I do this, check the file and it's just 127.0.0.1 but the next time I check, its back to the list above...
I would like to get HouseCall working next too.

Edited by icarusq, 27 April 2005 - 03:22 AM.

#11
Rawe

Posted 27 April 2005 - 04:15 AM

Visiting Staff

Member
4,746 posts

Try this program.
There is a free trial available..
Trojan Hunter

- Rawe :tazz:

#12
icarusq

Posted 27 April 2005 - 07:40 AM

Member

Topic Starter
Member
13 posts

Hi Rawe,
bad news im afraid. After running the new app, it found loads of trojans, I ramn clean and it done so but there was one memory resident one it couldn't clear and now when windows starts I have no explorer?
Please Help.
PS Using another PC in the interim :tazz:

Might be longer in replies from me now

edit: actually it only happensif i run the trojanhunter cleaN ON STARTUP FOR AGENT.167 ANDANOTHERONEI LOST THENAMEFOR... the other is adware.VX2.110

Edited by icarusq, 27 April 2005 - 08:02 AM.

#13
icarusq

Posted 27 April 2005 - 08:54 AM

Member

Topic Starter
Member
13 posts

Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 14:48:39
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
PromulGate(TAC index:5):11 total references
Tracking Cookie(TAC index:3):4 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:18 %
Total physical memory:261100 kb
Available physical memory:45724 kb
Total page file size:771928 kb
Available on page file:539100 kb
Total virtual memory:2097024 kb
Available virtual memory:2043396 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

27-04-2005 14:48:39 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 640
ThreadCreationTime : 27-04-2005 13:41:21
BasePriority : Normal

#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 712
ThreadCreationTime : 27-04-2005 13:41:26
BasePriority : High

#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 756
ThreadCreationTime : 27-04-2005 13:41:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 768
ThreadCreationTime : 27-04-2005 13:41:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 924
ThreadCreationTime : 27-04-2005 13:41:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1060
ThreadCreationTime : 27-04-2005 13:41:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1476
ThreadCreationTime : 27-04-2005 13:41:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 1920
ThreadCreationTime : 27-04-2005 13:41:42
BasePriority : Normal

#:9 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : n/a
ProcessID : 1968
ThreadCreationTime : 27-04-2005 13:41:42
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:10 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 2036
ThreadCreationTime : 27-04-2005 13:41:42
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:11 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 276
ThreadCreationTime : 27-04-2005 13:41:47
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:12 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 1012
ThreadCreationTime : 27-04-2005 13:41:47
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1720
ThreadCreationTime : 27-04-2005 13:41:51
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\atiptaxx.exe
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 316
ThreadCreationTime : 27-04-2005 13:42:05
BasePriority : Normal
FileVersion : 6.13.10.3017
ProductVersion : 6.13.10.3017
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:15 [ico.exe]
ModuleName : C:\WINDOWS\system32\ICO.EXE
Command Line : "C:\WINDOWS\system32\ICO.EXE"
ProcessID : 508
ThreadCreationTime : 27-04-2005 13:42:06
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:16 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 164
ThreadCreationTime : 27-04-2005 13:42:06
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:17 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 548
ThreadCreationTime : 27-04-2005 13:42:06
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:18 [jogserv2.exe]
ModuleName : C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
Command Line : "C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe"
ProcessID : 560
ThreadCreationTime : 27-04-2005 13:42:06
BasePriority : Normal
FileVersion : 7, 1, 0, 7230
ProductVersion : 7, 1, 0, 7230
ProductName : Jog Dial Main Server Executable File
CompanyName : Sony Corporation
FileDescription : Jog Dial Main Server
InternalName : JogServ2
LegalCopyright : Copyright 1999,2000,2001,2002 Sony Corp.
OriginalFilename : JogServ2.EXE

#:19 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 552
ThreadCreationTime : 27-04-2005 13:42:07
BasePriority : Normal

#:20 [wlansta.exe]
ModuleName : C:\WINDOWS\system32\WLANSTA.EXE
Command Line : "C:\WINDOWS\system32\WLANSTA.EXE" START
ProcessID : 596
ThreadCreationTime : 27-04-2005 13:42:07
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:21 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~2\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~2\navapw32.exe"
ProcessID : 220
ThreadCreationTime : 27-04-2005 13:42:08
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:22 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1048
ThreadCreationTime : 27-04-2005 13:42:08
BasePriority : Normal

#:23 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 1220
ThreadCreationTime : 27-04-2005 13:42:10
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE

#:24 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1636
ThreadCreationTime : 27-04-2005 13:42:10
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1672
ThreadCreationTime : 27-04-2005 13:42:11
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [thguard.exe]
ModuleName : C:\Program Files\TrojanHunter 4.2\THGuard.exe
Command Line : "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
ProcessID : 2248
ThreadCreationTime : 27-04-2005 13:42:19
BasePriority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:27 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 2288
ThreadCreationTime : 27-04-2005 13:42:22
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2384
ThreadCreationTime : 27-04-2005 13:42:23
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:29 [usfokp.exe]
ModuleName : c:\windows\system32\usfokp.exe
Command Line : "c:\windows\system32\usfokp.exe" ajyvjrg
ProcessID : 3800
ThreadCreationTime : 27-04-2005 13:42:41
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:30 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1236
ThreadCreationTime : 27-04-2005 13:42:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\guard.tmp",DllGetVersion
ProcessID : 2520
ThreadCreationTime : 27-04-2005 13:42:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 3228
ThreadCreationTime : 27-04-2005 13:43:21
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:33 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3436
ThreadCreationTime : 27-04-2005 13:43:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [histkill.exe]
ModuleName : C:\Program Files\HistoryKill\histkill.exe
Command Line : "C:\Program Files\HistoryKill\histkill.exe" /startup
ProcessID : 4052
ThreadCreationTime : 27-04-2005 13:43:29
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HistoryKill
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HistoryKill privacy utility
InternalName : histkill
LegalCopyright : © Copyright SwankSoft Technologies, Inc. 1998-2003
OriginalFilename : histkill.exe
Comments : http://www.historykill.com

#:35 [audevicemgr.exe]
ModuleName : C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
Command Line : "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe"
ProcessID : 3312
ThreadCreationTime : 27-04-2005 13:43:43
BasePriority : Normal
FileVersion : 1, 2, 6, 0
ProductVersion : 1, 2, 6, 0
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : audevicemgr.exe

#:36 [connmn~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE -Embedding
ProcessID : 4040
ThreadCreationTime : 27-04-2005 13:43:48
BasePriority : Normal
FileVersion : 1, 0, 0, 28
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE

#:37 [pcfmgr.exe]
ModuleName : C:\Program Files\PowerPanel\Program\PcfMgr.exe
Command Line : "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch
ProcessID : 1932
ThreadCreationTime : 27-04-2005 13:43:49
BasePriority : Normal
FileVersion : 5.0.0.1
ProductVersion : 5.0.0-S001
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0 ™
OriginalFilename : PCFMgr.exe

#:38 [hkpopupkiller.exe]
ModuleName : C:\Program Files\HistoryKill\hkPopupKiller.exe
Command Line : "C:\Program Files\HistoryKill\hkPopupKiller.exe" /STARTUP
ProcessID : 1316
ThreadCreationTime : 27-04-2005 13:43:49
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HK PopUp Killer
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HK PopUp Killer
InternalName : hkPopupKiller
LegalCopyright : SwankSoft Technologies, Inc.
LegalTrademarks : HistoryKill™
OriginalFilename : hkPopupKiller.exe

#:39 [mrouterruntime.exe]
ModuleName : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
Command Line : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
ProcessID : 2732
ThreadCreationTime : 27-04-2005 13:44:00
BasePriority : Normal
FileVersion : 2, 0, 0, 356
ProductVersion : 2, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Symbian Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE

#:40 [epmwor~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE -Embedding
ProcessID : 3060
ThreadCreationTime : 27-04-2005 13:44:18
BasePriority : Normal
FileVersion : 1, 2, 0,873
ProductVersion : 1,2,0,209
ProductName : CAPI_Worker Module
CompanyName : Teleca Software Solutions AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3868
ThreadCreationTime : 27-04-2005 13:48:25
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : darren@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\darren@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : darren@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\darren@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : darren@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\darren@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : darren@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\darren@valueclick[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
12 entries scanned.
New critical objects:0
Objects found so far: 19

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 20

15:25:40 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:37:01.735
Objects scanned:170646
Objects identified:20
Objects ignored:0
New critical objects:20

#14
Rawe

Posted 27 April 2005 - 08:57 AM

Visiting Staff

Member
4,746 posts

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.

Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)

Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to VX2 objects ONLY. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.

Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:

#15
icarusq

Posted 27 April 2005 - 09:21 AM

Member

Topic Starter
Member
13 posts

I can luanch explorer from Task Manager but cannot get the start bar up etc? I can't remember what I need to get that going? PLus I have a NAV window up warning me about edmond.exe.tcf Trojan Horse and I cant close it by clicking on the OK button?