Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Multi-Infection inhibits successful scanning with Ad-aware [RESOLVED]

Started by rbad , Jan 03 2006 11:12 PM

This topic is locked

#1
rbad

Posted 03 January 2006 - 11:12 PM

Member

Member
16 posts

SUMMARY

What follows is a blow for blow account of the last month so if it's too long, please just skip down to the hijack log (I have tried running all the programs you recommended, Ad-aware was the one that seems to get stuck on a temp file all the time, javascript:emoticon(':(',%20'smid_1') and everytime it runs it throws up new bugs that are picked up by Panda and Ewido javascript:emoticon(':confused:',%20'smid_8')).

BACKGROUND

I run XP. I never used the windows updates (so I never had SP2 or even SP1a I don’t think). I have SpyBot and SpyBlaster on the computer and I try and use Firefox principally though IE does get used. I have a belkin hardware firewall but no software firewall.

One month ago I began having a problem with lycos sidesearch. I removed it by using the trial version of spysweeper which has now expired. javascript:emoticon(':thumbsup:',%20'smid_17') Shortly after I began having problems with fake ‘you have spyware alerts.’ One would change the whole of my desktop to alert me of this obvious problem javascript:emoticon(':wacko:',%20'smid_20') (and also placed a red exclamation mark at the bottom right of my PC – I think this was the PS Guard spyware), the other which appeared later (after I ran Spybot and got rid of the PS Guard) just showed as a thin horizontal task bar at the top of my screen with a scrolling warning which when clicked tries to hijack my IE search page and direct me to bogus programs.javascript:emoticon(':whistling:',%20'smid_21')

REMEDIES ATTEMPTED X 3

So, I tried to run all the programs you’ve recommended as follows.

Clean up run successfully
Ad-aware SE unable to run
Spybot successfully picked up CWS and PS guard and others and cleaned out
CWShredder run ok and not picking up anything after running Spybot
Ewido installed and run successfully, removing around 200 threats. However everytime computer is turned back Ewido picks up 2.tmp or 3.tmp threat which I don’t think it is successfully clearing.
Trend Housecall – unable to properly install
Panda Activescan – installed successfully and detected threats – unsure if it cleared them initially since it began requesting that it be purchased to be properly activated – which I did not do
AVG run successfully picking up series of tmp Trojans and during the scan randomly opening the dos prompt and ms word
Trojan Hunter run successfully, nothing detected

The first time I ran the above sequence while offline. I then updated all the respective programs and ran all the above a second time. Ewido and Panda neutralized Adware/SpyFighter, SearchAid, AdClicker, DownloaderAgent.bc, Exploit/ByteVerify after which I did not re-encounter the troublesome banner described earlier. However I was still not able to successfully run Ad-aware which always seems to get blocked on certain local\temp\aawtmp files which I cannot find when I look for them. I actually tried to run Ad-aware several times, each time Panda kept picking up Trj/ClassLoader.U in different files. Also everytime I rebooted the computer Ewido kept picking up 2.tmp and 3.tmp.javascript:emoticon(':angry:',%20'smid_5')

After this, though I still think there's malware, I ran Windows Update SP1a but not SP2 as recommended.

Finally, I ran all the above programs in sequence AGAIN - only Ad-adware still does not seem to run.

Below are three ewido logs and the hijack log. Thank you very much for your help and sorry for the long winded story. javascript:emoticon(':help:',%20'smid_11')

EWIDO LOGS (three of them in order)

EWIDO LOG 1

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:34:53 PM, 1/1/2006
+ Report-Checksum: CD51331B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
[1512] C:\WINDOWS\system32\crqn32.exe -> Trojan.Agent.bi : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\6n9f2k1c.Elza\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Elza\Application Data\Mozilla\Firefox\Profiles\lx7bhevv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Invitato\Application Data\Mozilla\Firefox\Profiles\vsceuhas.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temp\3.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temp\7.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temp\__delete_on_reboot__2.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temporary Internet Files\Content.IE5\6HI5IZ4D\pic[2].wmf -> Not-A-Virus.Exploit.Win32.IMG-WMF : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temporary Internet Files\Content.IE5\SHUVK9AZ\start[1].exe -> Downloader.Small.cdd : Cleaned with backup
C:\ntdetecd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\ntfull.exe -> Trojan.LowZones.df : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\prflbmsgp32.dll -> Downloader.Delf.yb : Cleaned with backup

::Report End

EWIDO LOG 2

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:56:36 PM, 1/1/2006
+ Report-Checksum: 7AB5FD51

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
[768] C:\WINDOWS\iejt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temp\3.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Ramy\Local Settings\Temp\__delete_on_reboot__2.tmp -> Trojan.Small.ga : Cleaned with backup

::Report End

EWIDO LOG 3

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:26:15 PM, 1/3/2006
+ Report-Checksum: E9208B3E

+ Scan result:

C:\WINDOWS\iis6.log:kiirm -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB835732.log:vcuci -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\maxlink.ini:rctdh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setupact.log:lkqxo -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system.ini:wlbhk -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\WMSysPr9.prx:pwusf -> Downloader.Agent.td : Cleaned with backup

::Report End

HIJACK LOG

Logfile of HijackThis v1.99.1
Scan saved at 11:31:34 PM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\Ramy\Desktop\HijackThis.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {6D224D6C-9CD9-244E-1651-BCB09374072E} - C:\WINDOWS\system32\sysjc32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [croe32.exe] C:\WINDOWS\croe32.exe
O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\Ramy\LOCALS~1\Temp\5.tmp.exe
O4 - HKLM\..\Run: [6.tmp] C:\DOCUME~1\Ramy\LOCALS~1\Temp\6.tmp.exe
O4 - HKLM\..\Run: [5.tmp.exe] C:\DOCUME~1\Ramy\LOCALS~1\Temp\5.tmp.exe
O4 - HKLM\..\Run: [6.tmp.exe] C:\DOCUME~1\Ramy\LOCALS~1\Temp\6.tmp.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

Thank you once again for taking so much time to review all this.javascript:emoticon(':unsure:',%20'smid_18')

rbad

#2
Antartic-Boy

Posted 16 January 2006 - 06:59 AM

Visiting Staff

Visiting Consultant
1,120 posts

Hi rbad, and welcome to Geeks to Go.

I'm currently analyzing your log, and will post instructions to start with the clean up soon :tazz:

#3
Antartic-Boy

Posted 16 January 2006 - 08:17 AM

Visiting Staff

Visiting Consultant
1,120 posts

-----------------------1

Please save Hijack This in a permanent folder (i.e. C:\HJT) (Go to My Computer -> Double click on C -> File -> New -> Folder -> Right Click on it -> Rename -> Type in HJT and push the button Enter on the keyboard). This ensures backups are saved and accessible.

-----------------------2

You have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

-----------------------3

Update About:Buster

Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster

Update CWShredder

Open CWShredder and click I AGREE
Click Check For Update
Close CWShredder

-----------------------4

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: Class - {6D224D6C-9CD9-244E-1651-BCB09374072E} - C:\WINDOWS\system32\sysjc32.dll (file missing)
O4 - HKLM\..\Run: [croe32.exe] C:\WINDOWS\croe32.exe
O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\Ramy\LOCALS~1\Temp\5.tmp.exe
O4 - HKLM\..\Run: [6.tmp] C:\DOCUME~1\Ramy\LOCALS~1\Temp\6.tmp.exe
O4 - HKLM\..\Run: [5.tmp.exe] C:\DOCUME~1\Ramy\LOCALS~1\Temp\5.tmp.exe
O4 - HKLM\..\Run: [6.tmp.exe] C:\DOCUME~1\Ramy\LOCALS~1\Temp\6.tmp.exe

Now close all windows and browsers other than HiJackThis, then click Fix Checked.
Close HijackThis.

-----------------------5

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

-----------------------6

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

-----------------------7

Now please unhide hidden files and folders:

1.Click Start.
2.Open My Computer.
3.Select the Tools menu and click Folder Options.
4.Select the View Tab.
5.Under the Hidden files and folders heading select Show hidden files and folders.
6.Uncheck the Hide protected operating system files (recommended) option.
7.Click Yes to confirm.
8.Click OK.

Now please delete this file using Microsoft explorer (if present):
To run Microsoft explorer please go to Start -> Run -> type in explorer -> click on OK button

C:\WINDOWS\croe32.exe

Now hide hidden files and folders:

1.Click Start.
2.Open My Computer.
3.Select the Tools menu and click Folder Options.
4.Select the View Tab.
5.Under the Hidden files and folders heading select Show hidden files and folders.
6.Check the Hide protected operating system files (recommended) option.
7.Click Yes to confirm.
8.Click OK.

Reboot your computer into normal windows.

-----------------------8

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

-----------------------9

In your next reply I like to see:

The AboutBuster log;
A fresh HJT log;
The Kaspersky report;
New Ewido log.

#4
rbad

Posted 17 January 2006 - 03:17 AM

Member

Topic Starter
Member
16 posts

Dear Antarctica,

Thanks for the help. I followed your instructions to the letter but was unable to complete all the steps laid out. This may be because my Internet Explorer no longer works. Please read below

Step 7 After unhiding hidden files

Typing explorer into 'run' under 'start' opened up a normal windows folder, NOT internet explorer
In this folder I did NOT find c: windows\croe32.exe when looking in this folder.
I ran a search for the file which also did not discover anything - however the search explicitly said it was not searching unhidden files.

Step 8 Kaspersky Online Scanner

I initially accessed this page with Firefox. However, this scanner requires internet explorer.

My internet explorer when opened goes to the following address
http://www.microsoft...er=6&ar=msnhome
and it states that the page cannot be displayed

I tried to re-install IE. Version 6 for SP1 (I have not installed SP2 thus far) using this webpage

http://www.microsoft...&DisplayLang=en

It did not work so I also downloaded the update below

ttp://www.microsoft.com/downloads/details.aspx?familyid=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en

At this point I gave up and ran an Ewido log (came up clean) and HiJack.

Below I've posted AboutBuster log; fresh HJT log, and new Ewido log but of course no Kaspersky report.

ABOUT BUSTER logs (2)

AboutBuster 6.0
Scan started on [1/17/2006] at [2:04:52 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\msgsocm.log:jdljbr
Removed Stream! C:\WINDOWS\ntdtcsetup.log:ceeoec
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:fyamuz
Removed Stream! C:\WINDOWS\setupapi.log:xysrwb
Removed Stream! C:\WINDOWS\vbaddin.ini:tbopnz
-------------------------------------------------------------
Removed File! : C:\WINDOWS\System32\dzmap.txt
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:07:03 AM

AboutBuster 6.0
Scan started on [1/17/2006] at [2:12:06 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:13:56 AM

EWIDO report

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:54:48 AM, 1/17/2006
+ Report-Checksum: 8C048A99

+ Scan result:

No infected objects found.

::Report End

HIJACK LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:56:06 AM, on 1/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

I look forward to your response. I hope you will be able to help me reset the IE and complete this clean up job!

As an aside - after using About Buster, CWShredder did not identify anything but CleanUp did clean up a great deal and in particular I noticed it removed a certain Temp file that used to cause Ad-Adware to crash everytime I ran it. So while I await for you response I will try to to re-run Ad-Adware, SpyBot, AVG as I have done in the past.

Rbad

#5
Antartic-Boy

Posted 17 January 2006 - 08:56 AM

Visiting Staff

Visiting Consultant
1,120 posts

-----------------------1

To repair your Internet Explorer, please read this topic..

Once your IE is repaired please get the latest updates from Microsoft (Start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.)

----------------------->

Great job it appears your logfile is clean.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

#6
rbad

Posted 17 January 2006 - 02:27 PM

Member

Topic Starter
Member
16 posts

Thank you for the encourgement. But I don't think my computer is clean yet.

I ran Ad-Adware and it froze again on the same temp file I thought had been erased by CleanUp.

I've tried to repair Internet Explorer using the link you gave me. The first method did not work. I am having a hard time with the second recommended method so I'm not sure yet how to proceed. Any suggestions?

If my computer might still be infected then I cannot proceed to install SP2 right?

Finally, once I have cleaned the computer entirely which programs should I use to protect it. I had spyware blaster and Spybot before - but obviously that's not enough. Do I need to use AVG and Ad-Adware too or should I use even more? The more I use, the slower the computer will run and the more expensive it will be.

Thanks again.

rbad

#7
Antartic-Boy

Posted 17 January 2006 - 06:54 PM

Visiting Staff

Visiting Consultant
1,120 posts

Thank you for the encourgement. But I don't think my computer is clean yet.

Be sure that you are clean..

I've tried to repair Internet Explorer using the link you gave me. The first method did not work.

Please post your problem here.

Do I need to use AVG and Ad-Adware too or should I use even more?

It's enough..

#8
rbad

Posted 20 January 2006 - 12:37 AM

Member

Topic Starter
Member
16 posts

I am finally back!

Alright. I reinstalled Internet Explorer and then ran the Kaspersky Online scanner as you recommended.

The only problem is the Kaspersky scan for 'My Computer' took too long (at 20 hours it was only at 15%) and I think that was because it was scanning additional slave drives. However the scan was clearly identifying 7 infected objects/viruses which I eventually tracked down to the c:\recycler folder so I ran the scanner again and the report is below. I believe the rest of the C: drive is clear (see Critical Scan and believe me I sat through all the C drive scanning in the first hour of the 20h scan).

CRITICAL SCAN REPORT

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 19, 2006 21:21:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/01/2006
Kaspersky Anti-Virus database records: 172013
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\Ramy\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 14800
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 1069 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.

FOCUSSED SCAN REPORT

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 20, 2006 01:01:19
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/01/2006
Kaspersky Anti-Virus database records: 172029
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\RECYCLER\

Scan Statistics:
Total number of scanned objects: 268
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 26 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-725345543-688789844-682003330-1005\Dc34.exe/data0014 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\RECYCLER\S-1-5-21-725345543-688789844-682003330-1005\Dc34.exe/data0015 Infected: not-a-virus:AdWare.Win32.MyWay.j
C:\RECYCLER\S-1-5-21-725345543-688789844-682003330-1005\Dc34.exe/data0016 Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\RECYCLER\S-1-5-21-725345543-688789844-682003330-1005\Dc34.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo

Scan process completed.

I hope you will tell me what the significance of the above files is. My concern is that when I run Ad-Aware SE it STILL freezes on the same sub-folder (AAWTMP) it did when I first started to remove spyware (and I know some files in this folder were removed by CLEANUP! but I don't think all of them were)

C:\DOCUME~1\Ramy\LOCALS~1\Temp\AAWTMP\C1867234\213D23\Ramy2

Furthermore, Ad-Aware identifies 8 new critical objects which fall into the following categories

Registry Keys 3
Registry Values 5

I don't which files they are because the program freezes.

I have therefore three questions for you:

1) What do I do with Kaspersky infected objects/viruses result
2) Why is Ad-Aware still freezing and how do I get rid of the 8 new critical objects and the AAWTMP folder (which I cannot find on my HDD)?
3) Is it too soon to update to SP2 if I am still infected?

I look forward to your advice.

Regards,

rbad

#9
rbad

Posted 20 January 2006 - 07:18 AM

Member

Topic Starter
Member
16 posts

Addendum:

While awaiting your feedback I've undertaken another scan with Micro Trend Housecall overnight. It is still underway. So far it has identified several 'grayware' items.

ADW_SE 79613
ADW_SE 79614
ADW_SE 79615
ADW_SE 79616
ADW_SE 79617
ADW_SE 79618
BHJK_SE 55153
BHJK_SE 55240

I will try and clean these if given the option at the end of the scan - but again I'm not sure how long this will take since it's already been running 7 hours.

look forward to your help

rbad

#10
Antartic-Boy

Posted 20 January 2006 - 07:22 PM

Visiting Staff

Visiting Consultant
1,120 posts

-----------------------1

Now please save these instructions in notepad for use in Safe Mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now please unhide hidden files and folders:

1.Click Start.
2.Open My Computer.
3.Select the Tools menu and click Folder Options.
4.Select the View Tab.
5.Under the Hidden files and folders heading select Show hidden files and folders.
6.Uncheck the Hide protected operating system files (recommended) option.
7.Click Yes to confirm.
8.Click OK.

Now please go to Start -> Run -> type: C:\RECYCLER\ -> Ok -> click on Edit -> Select All -> click on File -> Delete -> click Yes.

Now please go to Start -> Run -> type: C:\DOCUME~1\Ramy\LOCALS~1\Temp\ -> Ok -> click on Edit -> Select All -> click on File -> Delete -> click Yes.

Now hide hidden files and folders:

1.Click Start.
2.Open My Computer.
3.Select the Tools menu and click Folder Options.
4.Select the View Tab.
5.Under the Hidden files and folders heading select Show hidden files and folders.
6.Check the Hide protected operating system files (recommended) option.
7.Click Yes to confirm.
8.Click OK.

Restart in normal mode..

----------------------->

You are clean.

#11
rbad

Posted 21 January 2006 - 03:57 PM

Member

Topic Starter
Member
16 posts

Thanks for getting back to me.

I'm not clean yet.

I was able to delete one of the two folders in C:\RECYCLER\. The other I could not because it kept insisting that it was in use by a program or person. I rescanned the folder I was not able to delete (it's 2 files of only 85KB) with Kaspersky and it did not pick up any infected objects/viruses. So I assume that the 7 objects originally detected have been deleted. I left it at that.

However, the challenge remains the C: DOCU-1\Locals-1\Temp\AAWTMP file. I detected and deleted it in Safe Mode when files were unhidden. I rebooted and ran Ad-Aware it still identified 8 critical key registry keys/values and proceeded until it hit the Temp\AAWTMP file which I thought deleted. I went to start>run and searched for it again. I found it and redeleted it. Emptied recycle bin, rebooted. Ran Ad-Aware it found the folder again! So I start>run for it again and this time deleted the Temp folder. I emptied recycle bin, ran start>run again it could no longer find anything. On running Ad-Aware again the file has recurred.

So what now? Ad-Aware is still unable to run completely so I'm not sure what the 8 critical registry files that it identifies are and it all seems to be because of this file that seems to respawn again and again.

Hope you can help with this final leg of the journey.

rbad

#12
Antartic-Boy

Posted 21 January 2006 - 07:12 PM

Visiting Staff

Visiting Consultant
1,120 posts

Post me the Ad-Aware Report.

#13
rbad

Posted 21 January 2006 - 07:37 PM

Member

Topic Starter
Member
16 posts

How? The Ad-aware freezes everytime on this particular file temp/AAWTMP file and then I have to close the application. I've never been given the option of having an Ad-Aware report.

rbad

#14
rbad

Posted 23 January 2006 - 08:34 PM

Member

Topic Starter
Member
16 posts

As I am unable to run a full Ad-Aware scan without encountering the Temp/AAWTMP file that freezes it I ran a 'smart' Ad-Aware scan. It identified 15 items falling in three groups CoolWebSearch, Alexa, & WhenU.Desktop. I quarantined and removed them. Below are the 'smart' Ad-Aware scans before and after removal of these items.

Ad-Aware Smart Scan First Time

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 23, 2006 8:33:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R88 20.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):4 total references
CoolWebSearch(TAC index:10):9 total references
WhenU.DesktopToolbar(TAC index:5):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-23-2006 8:33:55 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 756
ThreadCreationTime : 1-24-2006 1:15:32 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 1-24-2006 1:15:34 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 1-24-2006 1:15:37 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 1-24-2006 1:15:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 1-24-2006 1:15:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 1-24-2006 1:15:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1260
ThreadCreationTime : 1-24-2006 1:15:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1408
ThreadCreationTime : 1-24-2006 1:15:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1548
ThreadCreationTime : 1-24-2006 1:15:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [pnmsrv.exe]
FilePath : c:\program files\panda software\panda platinum 2006 internet security\firewall\
ProcessID : 1732
ThreadCreationTime : 1-24-2006 1:15:42 AM
BasePriority : Normal
FileVersion : 2, 0, 4, 46
ProductVersion : 2.0.0.0
ProductName : Panda Network Manager
CompanyName : Panda Software
FileDescription : Panda Network Manager Service
InternalName : PNMSRV.exe
LegalCopyright : Copyright © 2005 Panda Software
OriginalFilename : PNMSRV.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1804
ThreadCreationTime : 1-24-2006 1:15:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 120
ThreadCreationTime : 1-24-2006 1:15:49 AM
BasePriority : Normal
FileVersion : 7,1,0,364
ProductVersion : 7.1.0.364
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 148
ThreadCreationTime : 1-24-2006 1:15:49 AM
BasePriority : Normal
FileVersion : 7,0,0,346
ProductVersion : 7.0.0.346
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 180
ThreadCreationTime : 1-24-2006 1:15:49 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [pavfnsvr.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 192
ThreadCreationTime : 1-24-2006 1:15:50 AM
BasePriority : Normal
FileVersion : 5.09.06.02
ProductVersion : 5.09.06.02
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:16 [pavprsrv.exe]
FilePath : C:\Program Files\Common Files\Panda Software\PavShld\
ProcessID : 224
ThreadCreationTime : 1-24-2006 1:15:50 AM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:17 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 244
ThreadCreationTime : 1-24-2006 1:15:50 AM
BasePriority : High
FileVersion : 2, 0, 1840, 12
ProductVersion : 2.0.1840.12
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2005.
OriginalFilename : pavsrv.exe

#:18 [pskmssvc.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\
ProcessID : 340
ThreadCreationTime : 1-24-2006 1:15:50 AM
BasePriority : Normal
FileVersion : 1, 2, 1, 1
ProductVersion : 1, 2, 1, 1
ProductName : pskmsservice
CompanyName : PANDA SOFTWARE
FileDescription : pskmsservice
InternalName : pskmsservice
LegalCopyright : © Panda Software 2005
OriginalFilename : pskmsservice.exe

#:19 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 352
ThreadCreationTime : 1-24-2006 1:15:51 AM
BasePriority : Normal
FileVersion : 2, 0, 1840, 15
ProductVersion : 2.0.1840.15
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2005.
OriginalFilename : avengine.exe

#:20 [psimsvc.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 476
ThreadCreationTime : 1-24-2006 1:15:51 AM
BasePriority : Normal
FileVersion : 2, 1, 12, 0
ProductVersion : 2, 1, 12, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : PsImSvc
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 604
ThreadCreationTime : 1-24-2006 1:15:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [tpsrv.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 632
ThreadCreationTime : 1-24-2006 1:15:52 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : TPSrv Application
CompanyName : Panda Software
FileDescription : TPSrv Application
InternalName : TPSrv
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : TPSrv.exe

#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 1-24-2006 1:15:53 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2068
ThreadCreationTime : 1-24-2006 1:17:18 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2220
ThreadCreationTime : 1-24-2006 1:17:28 AM
BasePriority : Normal
FileVersion : 3.30.15.0
ProductVersion : 3.30.15.0
ProductName : Wireless Network Tray Applet
CompanyName : Belkin Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Belkin Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2232
ThreadCreationTime : 1-24-2006 1:17:29 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2260
ThreadCreationTime : 1-24-2006 1:17:30 AM
BasePriority : Normal

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2272
ThreadCreationTime : 1-24-2006 1:17:30 AM
BasePriority : Normal
FileVersion : 7.0.2
ProductVersion : QuickTime 7.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:29 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2292
ThreadCreationTime : 1-24-2006 1:17:32 AM
BasePriority : Normal
FileVersion : 5.0.1.4
ProductVersion : 5.0.1.4
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:30 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 2308
ThreadCreationTime : 1-24-2006 1:17:32 AM
BasePriority : Normal
FileVersion : 4, 0, 31, 0
ProductVersion : 10, 1, 0, 0
ProductName : Panda Platinum 2006 Internet Security
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : APVXDWIN
LegalCopyright : © Panda Software 2005
OriginalFilename : APVXDWIN.EXE

#:31 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2332
ThreadCreationTime : 1-24-2006 1:17:35 AM
BasePriority : Normal
FileVersion : 7,1,0,355
ProductVersion : 7.1.0.355
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:32 [thguard.exe]
FilePath : C:\Program Files\TrojanHunter 4.2\
ProcessID : 2456
ThreadCreationTime : 1-24-2006 1:17:38 AM
BasePriority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2472
ThreadCreationTime : 1-24-2006 1:17:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2524
ThreadCreationTime : 1-24-2006 1:17:45 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2928
ThreadCreationTime : 1-24-2006 1:17:52 AM
BasePriority : Normal
FileVersion : 5.0.1.4
ProductVersion : 5.0.1.4
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [avgw.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 3016
ThreadCreationTime : 1-24-2006 1:17:54 AM
BasePriority : Normal
FileVersion : 7,1,0,351
ProductVersion : 7.1.0.351
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE

#:37 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3384
ThreadCreationTime : 1-24-2006 1:18:03 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3408
ThreadCreationTime : 1-24-2006 1:18:03 AM
BasePriority : Normal

#:39 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 3848
ThreadCreationTime : 1-24-2006 1:18:19 AM
BasePriority : Normal
FileVersion : 1.7.1
ProductVersion : 1, 7, 1, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:40 [webproxy.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 2868
ThreadCreationTime : 1-24-2006 1:19:06 AM
BasePriority : Normal
FileVersion : 5, 10, 18, 28
ProductVersion : 5, 10, 10, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:41 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2452
ThreadCreationTime : 1-24-2006 1:21:49 AM
BasePriority : Normal

#:42 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3064
ThreadCreationTime : 1-24-2006 1:21:52 AM
BasePriority : High

#:43 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1824
ThreadCreationTime : 1-24-2006 1:23:35 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:44 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2396
ThreadCreationTime : 1-24-2006 1:24:04 AM
BasePriority : Normal
FileVersion : 3.30.15.0
ProductVersion : 3.30.15.0
ProductName : Wireless Network Tray Applet
CompanyName : Belkin Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Belkin Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:45 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1696
ThreadCreationTime : 1-24-2006 1:24:04 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:46 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 3116
ThreadCreationTime : 1-24-2006 1:24:05 AM
BasePriority : Normal

#:47 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3280
ThreadCreationTime : 1-24-2006 1:24:05 AM
BasePriority : Normal
FileVersion : 7.0.2
ProductVersion : QuickTime 7.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:48 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 3708
ThreadCreationTime : 1-24-2006 1:24:07 AM
BasePriority : Normal
FileVersion : 4, 0, 31, 0
ProductVersion : 10, 1, 0, 0
ProductName : Panda Platinum 2006 Internet Security
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : APVXDWIN
LegalCopyright : © Panda Software 2005
OriginalFilename : APVXDWIN.EXE

#:49 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 3508
ThreadCreationTime : 1-24-2006 1:24:10 AM
BasePriority : Normal
FileVersion : 7,1,0,355
ProductVersion : 7.1.0.355
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:50 [thguard.exe]
FilePath : C:\Program Files\TrojanHunter 4.2\
ProcessID : 3628
ThreadCreationTime : 1-24-2006 1:24:10 AM
BasePriority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:51 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3664
ThreadCreationTime : 1-24-2006 1:24:10 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:52 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3636
ThreadCreationTime : 1-24-2006 1:24:11 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:53 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 3056
ThreadCreationTime : 1-24-2006 1:24:22 AM
BasePriority : Normal
FileVersion : 1.7.1
ProductVersion : 1, 7, 1, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:54 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 1876
ThreadCreationTime : 1-24-2006 1:24:25 AM
BasePriority : Normal
FileVersion : 4.0
ProductVersion : 4.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:55 [srvload.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 3988
ThreadCreationTime : 1-24-2006 1:24:39 AM
BasePriority : Normal
FileVersion : 1.05.12.00
ProductVersion : 1.05.12.00
ProductName : Panda antispam trainer
CompanyName : panda
FileDescription : SRVLOAD
InternalName : SRVLOAD
LegalCopyright : © Panda Software International 2005
OriginalFilename : SRVLOAD.EXE

#:56 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 3564
ThreadCreationTime : 1-24-2006 1:27:07 AM
BasePriority : Normal
FileVersion : 1,0,0,82
ProductVersion : 1,0,0,82
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright © 2005
OriginalFilename : googletalk.exe

#:57 [avgw.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 3576
ThreadCreationTime : 1-24-2006 1:28:35 AM
BasePriority : Normal
FileVersion : 7,1,0,351
ProductVersion : 7.1.0.351
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE

#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3784
ThreadCreationTime : 1-24-2006 1:31:50 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WhenU.DesktopToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cb8acef9-1085-4b47-b969-963e56aa9543}

WhenU.DesktopToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{beae14db-a12a-442d-bf77-4644e3661211}

WhenU.DesktopToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b061650-38ae-49b4-9f5d-35396b2ceff5}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-688789844-682003330-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-688789844-682003330-1005\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-688789844-682003330-1004\software\microsoft\internet explorer\main
Value : HOMEOldSP

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Disk Scan Result for C:\DOCUME~1\Ramy\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\System32\wbem\logs\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 16

8:45:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:25.734
Objects scanned:84488
Objects identified:16
Objects ignored:0
New critical objects:16

Ad-Aware Smart Scan After Quarantine and Deletion

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 23, 2006 9:15:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R88 20.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-23-2006 9:15:53 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 752
ThreadCreationTime : 1-24-2006 2:10:27 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 1-24-2006 2:10:28 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 1-24-2006 2:10:30 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 1-24-2006 2:10:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 1-24-2006 2:10:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 1-24-2006 2:10:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 1-24-2006 2:10:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1340
ThreadCreationTime : 1-24-2006 2:10:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1396
ThreadCreationTime : 1-24-2006 2:10:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [pnmsrv.exe]
FilePath : c:\program files\panda software\panda platinum 2006 internet security\firewall\
ProcessID : 1716
ThreadCreationTime : 1-24-2006 2:10:34 AM
BasePriority : Normal
FileVersion : 2, 0, 4, 46
ProductVersion : 2.0.0.0
ProductName : Panda Network Manager
CompanyName : Panda Software
FileDescription : Panda Network Manager Service
InternalName : PNMSRV.exe
LegalCopyright : Copyright © 2005 Panda Software
OriginalFilename : PNMSRV.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1788
ThreadCreationTime : 1-24-2006 2:10:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2036
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : Normal
FileVersion : 7,1,0,364
ProductVersion : 7.1.0.364
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 120
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : Normal
FileVersion : 7,0,0,346
ProductVersion : 7.0.0.346
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 164
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [pavfnsvr.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 192
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : Normal
FileVersion : 5.09.06.02
ProductVersion : 5.09.06.02
ProductName : Panda Software PavFnSvr
CompanyName : Panda Software
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2005
OriginalFilename : PavFnSvr.exe

#:16 [pavprsrv.exe]
FilePath : C:\Program Files\Common Files\Panda Software\PavShld\
ProcessID : 264
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:17 [pavsrv51.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 312
ThreadCreationTime : 1-24-2006 2:10:43 AM
BasePriority : High
FileVersion : 2, 0, 1840, 12
ProductVersion : 2.0.1840.12
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2005.
OriginalFilename : pavsrv.exe

#:18 [pskmssvc.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\
ProcessID : 432
ThreadCreationTime : 1-24-2006 2:10:44 AM
BasePriority : Normal
FileVersion : 1, 2, 1, 1
ProductVersion : 1, 2, 1, 1
ProductName : pskmsservice
CompanyName : PANDA SOFTWARE
FileDescription : pskmsservice
InternalName : pskmsservice
LegalCopyright : © Panda Software 2005
OriginalFilename : pskmsservice.exe

#:19 [avengine.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 440
ThreadCreationTime : 1-24-2006 2:10:44 AM
BasePriority : Normal
FileVersion : 2, 0, 1840, 15
ProductVersion : 2.0.1840.15
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2005.
OriginalFilename : avengine.exe

#:20 [psimsvc.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 508
ThreadCreationTime : 1-24-2006 2:10:44 AM
BasePriority : Normal
FileVersion : 2, 1, 12, 0
ProductVersion : 2, 1, 12, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : PsImSvc
InternalName : PsImSvc
LegalCopyright : © Panda Software 2005.
OriginalFilename : PsImSvc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 616
ThreadCreationTime : 1-24-2006 2:10:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [tpsrv.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 628
ThreadCreationTime : 1-24-2006 2:10:45 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : TPSrv Application
CompanyName : Panda Software
FileDescription : TPSrv Application
InternalName : TPSrv
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : TPSrv.exe

#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 688
ThreadCreationTime : 1-24-2006 2:10:46 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1872
ThreadCreationTime : 1-24-2006 2:11:03 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [apvxdwin.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 1896
ThreadCreationTime : 1-24-2006 2:11:03 AM
BasePriority : Normal
FileVersion : 4, 0, 31, 0
ProductVersion : 10, 1, 0, 0
ProductName : Panda Platinum 2006 Internet Security
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : APVXDWIN
LegalCopyright : © Panda Software 2005
OriginalFilename : APVXDWIN.EXE

#:26 [srvload.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 552
ThreadCreationTime : 1-24-2006 2:11:06 AM
BasePriority : Normal
FileVersion : 1.05.12.00
ProductVersion : 1.05.12.00
ProductName : Panda antispam trainer
CompanyName : panda
FileDescription : SRVLOAD
InternalName : SRVLOAD
LegalCopyright : © Panda Software International 2005
OriginalFilename : SRVLOAD.EXE

#:27 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2052
ThreadCreationTime : 1-24-2006 2:11:16 AM
BasePriority : Normal
FileVersion : 3.30.15.0
ProductVersion : 3.30.15.0
ProductName : Wireless Network Tray Applet
CompanyName : Belkin Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Belkin Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:28 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2112
ThreadCreationTime : 1-24-2006 2:11:20 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:29 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2152
ThreadCreationTime : 1-24-2006 2:11:22 AM
BasePriority : Normal

#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2180
ThreadCreationTime : 1-24-2006 2:11:23 AM
BasePriority : Normal
FileVersion : 7.0.2
ProductVersion : QuickTime 7.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2280
ThreadCreationTime : 1-24-2006 2:11:24 AM
BasePriority : Normal
FileVersion : 5.0.1.4
ProductVersion : 5.0.1.4
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2364
ThreadCreationTime : 1-24-2006 2:11:26 AM
Base

#15
rbad

Posted 24 January 2006 - 09:29 AM

Member

Topic Starter
Member
16 posts

Sorry last post is incomplete.

Here is the remainder of the second smart Ad-Aware scan (after files quarantined and deleted).

#:32 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 2364
ThreadCreationTime : 1-24-2006 2:11:26 AM
BasePriority : Normal
FileVersion : 7,1,0,355
ProductVersion : 7.1.0.355
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:33 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2400
ThreadCreationTime : 1-24-2006 2:11:27 AM
BasePriority : Normal
FileVersion : 5.0.1.4
ProductVersion : 5.0.1.4
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:34 [webproxy.exe]
FilePath : C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\
ProcessID : 2440
ThreadCreationTime : 1-24-2006 2:11:29 AM
BasePriority : Normal
FileVersion : 5, 10, 18, 28
ProductVersion : 5, 10, 10, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:35 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2688
ThreadCreationTime : 1-24-2006 2:11:34 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2708
ThreadCreationTime : 1-24-2006 2:11:35 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:37 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 3068
ThreadCreationTime : 1-24-2006 2:11:45 AM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe

#:38 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 3112
ThreadCreationTime : 1-24-2006 2:11:46 AM
BasePriority : Normal
FileVersion : 1.7.1
ProductVersion : 1, 7, 1, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:39 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 3228
ThreadCreationTime : 1-24-2006 2:11:54 AM
BasePriority : Normal
FileVersion : 4.0
ProductVersion : 4.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2084
ThreadCreationTime : 1-24-2006 2:12:36 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOCUME~1\Ramy\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
9:19:14 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:20.875
Objects scanned:75152
Objects identified:0
Objects ignored:0
New critical objects:0

I am still unable to run a Full System Scan with Ad-Aware. The program still freezes on this Temp/AAWTMP file which seems to respawn everytime I erase it.

Within the Temp there is an AAWTMP folder and a notepad file named 'jusched' with the following data

Mon Jan 23 21:21:24 2006
:: nextSched=Sun Feb 19 22:00:00 2006
; sleeptime (sec=2335116, hours=648), actual sleep=2336373000 msecs

Mon Jan 23 21:21:24 2006
:: lastSchedTime= Thu Jan 19 22:00:00 2006
;

Is this in someway related to item 29 of the last Ad-Aware scan?

#:29 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2152
ThreadCreationTime : 1-24-2006 2:11:22 AM
BasePriority : Normal

I would appreciate your input on completing the clean.

regards,

rbad