[Referred]Ad-Aware log file [CLOSED], Posting Ad-Aware log file |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 May 4 2005, 08:44 PM
Post
#1
|
|
|
Member  Posts: 53 OS: XP Pro  |
I am posting my Ad-Aware log file as requested for your review:
Ad-Aware SE Build 1.05 Logfile Created on:Wednesday, May 04, 2005 8:20:15 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):4 total references Adintelligence.AproposToolbar(TAC index:5):6 total references begin2search(TAC index:3):19 total references BookedSpace(TAC index:10):7 total references EGroup Dialer(TAC index:5):3 total references IBIS Toolbar(TAC index:5):44 total references MediaMotor(TAC index:8):2 total references MRU List(TAC index:0):36 total references PeopleOnPage(TAC index:9):4 total references SahAgent(TAC index:9):2 total references Tracking Cookie(TAC index:3):27 total references Virtumonde(TAC index:10):1 total references VX2(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:21 % Total physical memory:523244 kb Available physical memory:105920 kb Total page file size:1279172 kb Available on page file:970116 kb Total virtual memory:2097024 kb Available virtual memory:2018392 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Obtain command line of scanned processes Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 5-4-2005 8:20:15 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Keith Nielsen\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Keith Nielsen\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\mediaplayer\player\recenturllist Description : list of recently used web addresses in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : software\microsoft\office\10.0\clip organizer\search\last query Description : last query in microsoft clip organizer MRU List Object Recognized! Location: : software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : software\microsoft\office\10.0\common\search\last query Description : last query in microsoft office MRU List Object Recognized! Location: : software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : software\microsoft\office\10.0\publisher\recent file list Description : list of recent files used by microsoft publisher MRU List Object Recognized! Location: : software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 600 ThreadCreationTime : 5-5-2005 12:58:09 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 664 ThreadCreationTime : 5-5-2005 12:58:11 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 688 ThreadCreationTime : 5-5-2005 12:58:12 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 732 ThreadCreationTime : 5-5-2005 12:58:12 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 744 ThreadCreationTime : 5-5-2005 12:58:12 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 900 ThreadCreationTime : 5-5-2005 12:58:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 944 ThreadCreationTime : 5-5-2005 12:58:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 1036 ThreadCreationTime : 5-5-2005 12:58:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1088 ThreadCreationTime : 5-5-2005 12:58:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1128 ThreadCreationTime : 5-5-2005 12:58:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1500 ThreadCreationTime : 5-5-2005 12:58:15 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1628 ThreadCreationTime : 5-5-2005 12:58:17 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [bcmsmmsg.exe] ModuleName : C:\WINDOWS\BCMSMMSG.exe Command Line : "C:\WINDOWS\BCMSMMSG.exe" ProcessID : 1776 ThreadCreationTime : 5-5-2005 12:58:18 AM BasePriority : Normal FileVersion : 3.5.25 08/27/2003 20:04:35 ProductVersion : 3.5.25 08/27/2003 20:04:35 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:14 [ctsysvol.exe] ModuleName : C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe Command Line : "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ProcessID : 1792 ThreadCreationTime : 5-5-2005 12:58:18 AM BasePriority : Normal FileVersion : 1.0.9.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:15 [ctdvddet.exe] ModuleName : C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE Command Line : "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ProcessID : 1800 ThreadCreationTime : 5-5-2005 12:58:18 AM BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:16 [cthelper.exe] ModuleName : C:\WINDOWS\system32\CTHELPER.EXE Command Line : "C:\WINDOWS\system32\CTHELPER.EXE" ProcessID : 1808 ThreadCreationTime : 5-5-2005 12:58:18 AM BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:17 [dsentry.exe] ModuleName : C:\WINDOWS\System32\DSentry.exe Command Line : "C:\WINDOWS\System32\DSentry.exe" ProcessID : 1840 ThreadCreationTime : 5-5-2005 12:58:18 AM BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:18 [realplay.exe] ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ProcessID : 1860 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE #:19 [mm_tray.exe] ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ProcessID : 1868 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 8.10.2026 ProductVersion : 8.10.2026 ProductName : MUSICMATCH JUKEBOX CompanyName : MUSICMATCH, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © MUSICMATCH 1998-2003 LegalTrademarks : OriginalFilename : mm_tray.exe #:20 [support.exe] ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe" ProcessID : 1876 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 2, 0, 0, 33 ProductVersion : 1, 0, 0, 1 ProductName : Dell Support CompanyName : Dell FileDescription : Support InternalName : Support LegalCopyright : Copyright © 2002 OriginalFilename : Support.exe #:21 [hpgs2wnd.exe] ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ProcessID : 1884 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 2,3,0,0\ 161 ProductVersion : 2,3,0,0\ 161 ProductName : Hewlett-Packard hpgs2wnd CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd LegalCopyright : Copyright © 2001 OriginalFilename : hpgs2wnd.exe #:22 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 1892 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:23 [mmtask.exe] ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ProcessID : 1900 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> InternalName : mmtask.exe LegalCopyright : TODO: © <Company name>. All rights reserved. OriginalFilename : mmtask.exe #:24 [viewmgr.exe] ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ProcessID : 1908 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 2, 0, 0, 42 ProductVersion : 2, 0, 0, 42 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:25 [avgcc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP ProcessID : 1916 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:26 [gcasserv.exe] ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" ProcessID : 1928 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Idle FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Service InternalName : gcasServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasServ.exe #:27 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ProcessID : 1940 ThreadCreationTime : 5-5-2005 12:58:19 AM BasePriority : Normal #:28 [incd.exe] ModuleName : C:\Program Files\Ahead\InCD\InCD.exe Command Line : "C:\Program Files\Ahead\InCD\InCD.exe" ProcessID : 2012 ThreadCreationTime : 5-5-2005 12:58:20 AM BasePriority : Normal FileVersion : 4, 0, 10, 0 ProductVersion : 4, 0, 10, 0 ProductName : InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright © Ahead Software 1996-2003, Karlsbad, Germany LegalTrademarks : InCD TM OriginalFilename : InCD.exe #:29 [bitsprx2.exe] ModuleName : C:\WINDOWS\system32\bitsprx2.exe Command Line : "C:\WINDOWS\system32\bitsprx2.exe" ProcessID : 2040 ThreadCreationTime : 5-5-2005 12:58:20 AM BasePriority : Normal #:30 [gsmedia3.exe] ModuleName : C:\WINDOWS\system32\GSMedia3.exe Command Line : "C:\WINDOWS\system32\GSMedia3.exe" ProcessID : 172 ThreadCreationTime : 5-5-2005 12:58:20 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : URLBrowser CompanyName : Atix InternalName : URLBrowser OriginalFilename : URLBrowser.exe #:31 [hpgs2wnf.exe] ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding ProcessID : 208 ThreadCreationTime : 5-5-2005 12:58:20 AM BasePriority : Normal FileVersion : 2, 6, 0, 161 ProductVersion : 2, 6, 0, 161 ProductName : hpgs2wnf Module FileDescription : hpgs2wnf Module InternalName : hpgs2wnf LegalCopyright : Copyright 2001 OriginalFilename : hpgs2wnf.EXE #:32 [dlg.exe] ModuleName : C:\Program Files\Digital Line Detect\DLG.exe Command Line : "C:\Program Files\Digital Line Detect\DLG.exe" ProcessID : 412 ThreadCreationTime : 5-5-2005 12:58:22 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2001 OriginalFilename : TestLine.exe #:33 [hpobnz08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ProcessID : 620 ThreadCreationTime : 5-5-2005 12:58:22 AM BasePriority : Normal FileVersion : 2.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBNZ08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOBNZ08.EXE Comments : HP OfficeJet <Banzai> Series COM Device Objects #:34 [hposol08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe Command Line : "C:\Program ProcessID : 652 ThreadCreationTime : 5-5-2005 12:58:22 AM BasePriority : Normal FileVersion : 2.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOSOL08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOSOL08.EXE Comments : HP OfficeJet <Solar> Series COM Device Objects #:35 [avgamsvr.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ProcessID : 1140 ThreadCreationTime : 5-5-2005 12:58:24 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:36 [avgupsvc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ProcessID : 1160 ThreadCreationTime : 5-5-2005 12:58:24 AM BasePriority : Normal FileVersion : 7,1,0,285 ProductVersion : 7.1.0.285 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:37 [cisvc.exe] ModuleName : C:\WINDOWS\system32\cisvc.exe Command Line : C:\WINDOWS\system32\cisvc.exe ProcessID : 1228 ThreadCreationTime : 5-5-2005 12:58:24 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:38 [hpoevm08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding ProcessID : 1272 ThreadCreationTime : 5-5-2005 12:58:24 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOEVM08.EXE Comments : HP OfficeJet COM Event Manager #:39 [ctsvccda.exe] ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe Command Line : C:\WINDOWS\System32\CTsvcCDA.exe ProcessID : 1300 ThreadCreationTime : 5-5-2005 12:58:24 AM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:40 [incdsrv.exe] ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe" ProcessID : 1396 ThreadCreationTime : 5-5-2005 12:58:25 AM BasePriority : Normal FileVersion : 4, 0, 10, 0 ProductVersion : 4, 0, 10, 0 ProductName : AHEAD Software incdsrv CompanyName : AHEAD Software FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright © 2003 OriginalFilename : incdsrv.exe #:41 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 1716 ThreadCreationTime : 5-5-2005 12:58:27 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:42 [hposts08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp officejet 6100 series#1042776839" /Startup ProcessID : 2112 ThreadCreationTime : 5-5-2005 12:58:28 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOCPY08.EXE Comments : HP OfficeJet Status #:43 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 2204 ThreadCreationTime : 5-5-2005 12:58:31 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:44 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 2252 ThreadCreationTime : 5-5-2005 12:58:31 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:45 [mspmspsv.exe] ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe Command Line : C:\WINDOWS\System32\MsPMSPSv.exe ProcessID : 2316 ThreadCreationTime : 5-5-2005 12:58:31 AM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:46 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3076 ThreadCreationTime : 5-5-2005 12:58:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:47 [gcasdtserv.exe] ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe" ProcessID : 3708 ThreadCreationTime : 5-5-2005 12:58:41 AM BasePriority : Normal FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasDtServ.exe #:48 [cidaemon.exe] ModuleName : C:\WINDOWS\system32\cidaemon.exe Command Line : "cidaemon.exe" DownLevelDaemon "c:\program files\dell\support\ui\search\catalog.wci" 196672l 1228l ProcessID : 3576 ThreadCreationTime : 5-5-2005 1:05:55 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:49 [cidaemon.exe] ModuleName : C:\WINDOWS\system32\cidaemon.exe Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1228l ProcessID : 2588 ThreadCreationTime : 5-5-2005 1:06:01 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:50 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ProcessID : 3000 ThreadCreationTime : 5-5-2005 1:24:07 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:51 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3520 ThreadCreationTime : 5-5-2005 2:00:15 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{66c22569-f05c-4a70-a142-763b337e1002} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{66c22569-f05c-4a70-a142-763b337e1002} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da} Value : Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} Adintelligence.AproposToolbar Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} Value : Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} Adintelligence.AproposToolbar Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d1951679-1d52-43fc-9585-0737143585f5} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d1951679-1d52-43fc-9585-0737143585f5} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : radio.radioplayer IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : radio.radioplayer Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tbps.plugindownadd IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tbps.plugindownadd Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb.1 Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622} IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4} IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6} EGroup Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\egdhtml 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 49 Objects found so far: 85 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 85 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» |
 |
 
|
|
May 5 2005, 03:01 AM
Post
#2
|
|
 Visiting Staff  Posts: 4,746 From: Finland OS: XP Home - SP2 |
Good day!
Ad-aware has found object(s) on your computer If you chose to clean your computer from what Ad-aware found, follow these instructions below… Make sure that you are using the * SE1R42 28.04.2005 * definition file. Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied. Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder); Run CCleaner to help in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click Ok. Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to. When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to SahAgent ONLY. Click next, Click Ok. If problems are caused by deleting a family, just leave it. Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time. Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type. Remember to post your fresh scanlog in THIS topic. - Rawe 
|
|
|
|
|
May 11 2005, 08:18 AM
Post
#3
|
|
|
Member Posts: 53 OS: XP Pro |
Hello,
I have followed your instructions and this is the full scan results: Ad-Aware SE Build 1.05 Logfile Created on:Tuesday, May 10, 2005 11:04:54 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):4 total references Adintelligence.AproposToolbar(TAC index:5):6 total references begin2search(TAC index:3):19 total references BookedSpace(TAC index:10):7 total references IBIS Toolbar(TAC index:5):42 total references PeopleOnPage(TAC index:9):1 total references VX2(TAC index:10):11 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R44 10.05.2005 Internal build : 52 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 470885 Bytes Total size : 1423894 Bytes Signature data size : 1392940 Bytes Reference data size : 30442 Bytes Signatures total : 39753 Fingerprints total : 872 Fingerprints size : 29756 Bytes Target categories : 15 Target families : 668 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:76 % Total physical memory:523244 kb Available physical memory:393876 kb Total page file size:1279172 kb Available on page file:1210456 kb Total virtual memory:2097024 kb Available virtual memory:2048780 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Obtain command line of scanned processes Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 5-10-2005 11:04:54 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 176 ThreadCreationTime : 5-11-2005 5:03:54 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 228 ThreadCreationTime : 5-11-2005 5:04:03 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 252 ThreadCreationTime : 5-11-2005 5:04:05 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 296 ThreadCreationTime : 5-11-2005 5:04:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 308 ThreadCreationTime : 5-11-2005 5:04:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 460 ThreadCreationTime : 5-11-2005 5:04:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 524 ThreadCreationTime : 5-11-2005 5:04:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs ProcessID : 568 ThreadCreationTime : 5-11-2005 5:04:15 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 780 ThreadCreationTime : 5-11-2005 5:04:26 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 848 ThreadCreationTime : 5-11-2005 5:04:40 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} Adintelligence.AproposToolbar Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10} Value : Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} Adintelligence.AproposToolbar Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904} Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.amo.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.iiittt.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.momo.1 Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb Value : begin2search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb.1 begin2search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : trfdsk.ohb.1 Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e} Value : BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622} IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{66c22569-f05c-4a70-a142-763b337e1002} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{66c22569-f05c-4a70-a142-763b337e1002} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d1951679-1d52-43fc-9585-0737143585f5} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d1951679-1d52-43fc-9585-0737143585f5} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7} IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7} Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : radio.radioplayer IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : radio.radioplayer Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tbps.plugindownadd IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tbps.plugindownadd Value : IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4} IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{09049e4f-8d9e-4c8a-a952-5baf1a115c59} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : pynixdll.pynixdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : pynixdll.pynixdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : pynixdll.pynixdllobj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : pynixdll.pynixdllobj Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd} Value : 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 55 Objects found so far: 55 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 55 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 55 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» PeopleOnPage Object Recognized! Type : File Data : 31518036-F336-4C09-A6EE-506403 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\8323DEC3-2824-4006-8D4A-63B5F4\ FileVersion : 5.1.18 ProductVersion : 5.1.18 ProductName : ACE FileDescription : ACE InternalName : ACEDLL OriginalFilename : ACE.DLL IBIS Toolbar Object Recognized! Type : File Data : 3FB81249-A596-4617-8110-8D14B1 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ IBIS Toolbar Object Recognized! Type : File Data : 59318AA2-1E3B-42F9-97E9-E8D3D3 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ IBIS Toolbar Object Recognized! Type : File Data : 8EE793DA-90A7-40E9-8203-FED475 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ VX2 Object Recognized! Type : File Data : kwv2.dat Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 60 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4546 entries scanned. New critical objects:0 Objects found so far: 60 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\autoloader Adintelligence.AproposToolbar Object Recognized! Type : Folder Category : Misc Comment : Object : C:\Program Files\AutoUpdate begin2search Object Recognized! Type : File Data : msxml3.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ begin2search Object Recognized! Type : File Data : msxml3a.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 8.00.7820.0 built by: Lab06_N(dagbuild) ProductVersion : 8.00.7820.0 ProductName : Microsoft Data Access Components CompanyName : Microsoft Corporation FileDescription : XML Resources for Win32 InternalName : MSXML3A.dll LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSXML3A.dll begin2search Object Recognized! Type : File Data : MSXML3R.DLL Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 8.20.8730.1 ProductVersion : 8.20.8730.1 ProductName : Microsoft Data Access Components CompanyName : Microsoft Corporation FileDescription : XML Resources InternalName : MSXML3R.dll LegalCopyright : Copyright © Microsoft Corporation. 1981-2000 OriginalFilename : MSXML3R.dll BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor Value : VendorName IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrShadow IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrHighlight IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrForeColor IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrBackColor IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrDownload IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrViewed IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrStatic IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto Value : C IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto Value : A IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : You will need to restart your computer and rescan in order to complete the removal of this item. Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_tbpssvc IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : You will need to restart your computer and rescan in order to complete the removal of this item. Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_tbpssvc Value : NextInstance IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : CustomizeSearch IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata Value : TUID VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions Value : iexplore.exe VX2 Object Recognized! Type : File Data : Pynix.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} Value : BarSize 180Solutions Object Recognized! Type : File Data : log.bak.txt Category : Data Miner Comment : Object : C:\WINDOWS\system32\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 30 Objects found so far: 90 11:18:11 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:13:17.407 Objects scanned:103441 Objects identified:90 Objects ignored:0 New critical objects:90 Thank you for your help! |
|
|
|
|
May 11 2005, 08:25 AM
Post
#4
|
|
|
Member Posts: 53 OS: XP Pro |
Here is the continued log from previous post. I hope I'm doing this correct:
Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 55 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» PeopleOnPage Object Recognized! Type : File Data : 31518036-F336-4C09-A6EE-506403 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\8323DEC3-2824-4006-8D4A-63B5F4\ FileVersion : 5.1.18 ProductVersion : 5.1.18 ProductName : ACE FileDescription : ACE InternalName : ACEDLL OriginalFilename : ACE.DLL IBIS Toolbar Object Recognized! Type : File Data : 3FB81249-A596-4617-8110-8D14B1 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ IBIS Toolbar Object Recognized! Type : File Data : 59318AA2-1E3B-42F9-97E9-E8D3D3 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ IBIS Toolbar Object Recognized! Type : File Data : 8EE793DA-90A7-40E9-8203-FED475 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\9AFEAE86-B55F-46D7-8383-3BE446\ VX2 Object Recognized! Type : File Data : kwv2.dat Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 60 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4546 entries scanned. New critical objects:0 Objects found so far: 60 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\autoloader Adintelligence.AproposToolbar Object Recognized! Type : Folder Category : Misc Comment : Object : C:\Program Files\AutoUpdate begin2search Object Recognized! Type : File Data : msxml3.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ begin2search Object Recognized! Type : File Data : msxml3a.dll Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 8.00.7820.0 built by: Lab06_N(dagbuild) ProductVersion : 8.00.7820.0 ProductName : Microsoft Data Access Components CompanyName : Microsoft Corporation FileDescription : XML Resources for Win32 InternalName : MSXML3A.dll LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSXML3A.dll begin2search Object Recognized! Type : File Data : MSXML3R.DLL Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 8.20.8730.1 ProductVersion : 8.20.8730.1 ProductName : Microsoft Data Access Components CompanyName : Microsoft Corporation FileDescription : XML Resources InternalName : MSXML3R.dll LegalCopyright : Copyright © Microsoft Corporation. 1981-2000 OriginalFilename : MSXML3R.dll BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr BookedSpace Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor BookedSpace Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor Value : VendorName IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrShadow IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrHighlight IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrForeColor IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrBackColor IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrDownload IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrViewed IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrStatic IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto Value : C IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata\sto Value : A IBIS Toolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : You will need to restart your computer and rescan in order to complete the removal of this item. Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_tbpssvc IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : You will need to restart your computer and rescan in order to complete the removal of this item. Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_tbpssvc Value : NextInstance IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : CustomizeSearch IBIS Toolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata Value : TUID VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions Value : iexplore.exe VX2 Object Recognized! Type : File Data : Pynix.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38} Value : BarSize 180Solutions Object Recognized! Type : File Data : log.bak.txt Category : Data Miner Comment : Object : C:\WINDOWS\system32\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 30 Objects found so far: 90 11:18:11 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:13:17.407 Objects scanned:103441 Objects identified:90 Objects ignored:0 New critical objects:90 Thanks |
|
|
|
|
May 11 2005, 01:42 PM
Post
#5
|
|
|
Member Posts: 53 OS: XP Pro |
I just wanted to clarify that my Ad-Aware Log File is split between Post 1 and Post 4. I'm not sure why it didn't post in consecutive order.
Thanks |
|
|
|
| Guest_Andy_veal_* |
May 11 2005, 03:58 PM
Post
#6
|
|
|
Hello and Welcome
Ad-aware has found objects on your computer If you chose to clean your computer from what Ad-aware found please follow these instructions below… Please make sure that you are using the * SE1R44 10.05.2005 * definition file. Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Please then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder): Please run CCleaner to assist in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Please run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click OK. Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK. If problems are caused by deleting a family, please leave it. Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time. Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type. Please post back here Good luck Andy |
|
|
|
|
May 11 2005, 04:04 PM
Post
#7
|
|
|
Member Posts: 53 OS: XP Pro |
Hi Andy,
I already did everything you posted according to the instructions from RAWE. The second log file is the scan results after doing everything you suggested. Did I do it wrong? Also, one other thing, how do I post a reply if I am not supposed to connect to the internet. When I do connect I am flooded with pop ups to the point I have to disconnect anyway. Any suggestions? I really appreciate your help! Keithster |
|
|
|
| Guest_Andy_veal_* |
May 11 2005, 04:21 PM
Post
#8
|
|
|
I am lost,
What logfile shows objects that were removed after my set of instructions? QUOTE Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4546 entries scanned. New critical objects:0 If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings. http://members.accessbee.com/mitch/HostsFileReader.zip |
|
|
|
|
May 11 2005, 04:58 PM
Post
#9
|
|
|
Member Posts: 53 OS: XP Pro |
I originally sent my Ad-Aware log file on May 4. Someone identified as RAWE sent me the same instructions you did. I followed them ie. I ran ccleaner and then Ad-Aware in safe mode and posted and checked SahAgent and then rebooted and ran Ad-Aware again and posted my log file. That is the one you looked at. Maybe I am not understanding the process. Please advise
|
|
|
|
|
May 11 2005, 05:05 PM
Post
#10
|
|
|
Member Posts: 53 OS: XP Pro |
Please pardon me. I see something on your post that I did not see on Rawe's. It say put a check by each target family I wish to remove. How do I know what to remove or do I just try to remove them all? In order to post the log file is it ok to reconnect to the internet?
Please advise. Thanks! |
|
|
|
|
May 11 2005, 05:20 PM
Post
#11
|
|
|
Member Posts: 53 OS: XP Pro |
One other point of clarification. The original instructions from Rawe were to delete Sahagent only. On your instructions am I to assume that I delete all of items with a box?
Thanks |
|
|
|
|
May 12 2005, 07:51 AM
Post
#12
|
|
|
Member Posts: 53 OS: XP Pro |
Here is my Ad-Aware Scan Results after following your instructions:
Ad-Aware SE Build 1.05 Logfile Created on:Wednesday, May 11, 2005 7:50:19 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» None »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R44 10.05.2005 Internal build : 52 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 470885 Bytes Total size : 1423894 Bytes Signature data size : 1392940 Bytes Reference data size : 30442 Bytes Signatures total : 39753 Fingerprints total : 872 Fingerprints size : 29756 Bytes Target categories : 15 Target families : 668 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:30 % Total physical memory:523244 kb Available physical memory:155676 kb Total page file size:1279172 kb Available on page file:1028548 kb Total virtual memory:2097024 kb Available virtual memory:2046184 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Obtain command line of scanned processes Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 5-11-2005 7:50:19 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 612 ThreadCreationTime : 5-12-2005 1:09:04 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 676 ThreadCreationTime : 5-12-2005 1:09:06 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 700 ThreadCreationTime : 5-12-2005 1:09:06 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 744 ThreadCreationTime : 5-12-2005 1:09:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 756 ThreadCreationTime : 5-12-2005 1:09:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 904 ThreadCreationTime : 5-12-2005 1:09:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 960 ThreadCreationTime : 5-12-2005 1:09:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 996 ThreadCreationTime : 5-12-2005 1:09:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1048 ThreadCreationTime : 5-12-2005 1:09:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1088 ThreadCreationTime : 5-12-2005 1:09:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1384 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1412 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [avgamsvr.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ProcessID : 1552 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:14 [avgupsvc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ProcessID : 1588 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 7,1,0,285 ProductVersion : 7.1.0.285 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:15 [cisvc.exe] ModuleName : C:\WINDOWS\system32\cisvc.exe Command Line : C:\WINDOWS\system32\cisvc.exe ProcessID : 1600 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:16 [ctsvccda.exe] ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe Command Line : C:\WINDOWS\System32\CTsvcCDA.exe ProcessID : 1620 ThreadCreationTime : 5-12-2005 1:09:10 AM BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:17 [incdsrv.exe] ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe" ProcessID : 1680 ThreadCreationTime : 5-12-2005 1:09:11 AM BasePriority : Normal FileVersion : 4, 0, 10, 0 ProductVersion : 4, 0, 10, 0 ProductName : AHEAD Software incdsrv CompanyName : AHEAD Software FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright © 2003 OriginalFilename : incdsrv.exe #:18 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 1828 ThreadCreationTime : 5-12-2005 1:09:12 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [bcmsmmsg.exe] ModuleName : C:\WINDOWS\BCMSMMSG.exe Command Line : "C:\WINDOWS\BCMSMMSG.exe" ProcessID : 1940 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 3.5.25 08/27/2003 20:04:35 ProductVersion : 3.5.25 08/27/2003 20:04:35 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:20 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 1964 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:21 [ctsysvol.exe] ModuleName : C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe Command Line : "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" ProcessID : 1972 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 1.0.9.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTSysVol.exe #:22 [ctdvddet.exe] ModuleName : C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE Command Line : "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" ProcessID : 2012 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 1.0.2.0 ProductVersion : 1.0.2.0 ProductName : CTDVDDET CompanyName : Creative Technology Ltd FileDescription : CTDVDDET InternalName : CTDVDDET LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved. OriginalFilename : CTDVDDET.EXE #:23 [cthelper.exe] ModuleName : C:\WINDOWS\system32\CTHELPER.EXE Command Line : "C:\WINDOWS\system32\CTHELPER.EXE" ProcessID : 2020 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 1, 0, 0, 10 ProductVersion : 1, 0, 0, 10 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper MFC Application InternalName : CtHelper LegalCopyright : Copyright © 2002 OriginalFilename : CtHelper.EXE #:24 [dsentry.exe] ModuleName : C:\WINDOWS\System32\DSentry.exe Command Line : "C:\WINDOWS\System32\DSentry.exe" ProcessID : 164 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : Dell - DVDSentry CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry LegalCopyright : Copyright © 2002 Dell OriginalFilename : DSentry.exe Comments : DVDSentry launches your software DVD player when a DVD is inserted. #:25 [realplay.exe] ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ProcessID : 200 ThreadCreationTime : 5-12-2005 1:09:13 AM BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE #:26 [mm_tray.exe] ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ProcessID : 212 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 8.10.2026 ProductVersion : 8.10.2026 ProductName : MUSICMATCH JUKEBOX CompanyName : MUSICMATCH, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © MUSICMATCH 1998-2003 LegalTrademarks : OriginalFilename : mm_tray.exe #:27 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 244 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:28 [support.exe] ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe" ProcessID : 252 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 2, 0, 0, 33 ProductVersion : 1, 0, 0, 1 ProductName : Dell Support CompanyName : Dell FileDescription : Support InternalName : Support LegalCopyright : Copyright © 2002 OriginalFilename : Support.exe #:29 [hpgs2wnd.exe] ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ProcessID : 260 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 2,3,0,0\ 161 ProductVersion : 2,3,0,0\ 161 ProductName : Hewlett-Packard hpgs2wnd CompanyName : Hewlett-Packard FileDescription : hpgs2wnd InternalName : hpgs2wnd LegalCopyright : Copyright © 2001 OriginalFilename : hpgs2wnd.exe #:30 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 288 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:31 [mspmspsv.exe] ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe Command Line : C:\WINDOWS\System32\MsPMSPSv.exe ProcessID : 304 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:32 [mmtask.exe] ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ProcessID : 368 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> InternalName : mmtask.exe LegalCopyright : TODO: © <Company name>. All rights reserved. OriginalFilename : mmtask.exe #:33 [viewmgr.exe] ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ProcessID : 424 ThreadCreationTime : 5-12-2005 1:09:14 AM BasePriority : Normal FileVersion : 2, 0, 0, 42 ProductVersion : 2, 0, 0, 42 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:34 [avgcc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP ProcessID : 444 ThreadCreationTime : 5-12-2005 1:09:15 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:35 [gcasserv.exe] ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" ProcessID : 468 ThreadCreationTime : 5-12-2005 1:09:15 AM BasePriority : Idle FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Service InternalName : gcasServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasServ.exe #:36 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ProcessID : 484 ThreadCreationTime : 5-12-2005 1:09:15 AM BasePriority : Normal #:37 [hpgs2wnf.exe] ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding ProcessID : 552 ThreadCreationTime : 5-12-2005 1:09:16 AM BasePriority : Normal FileVersion : 2, 6, 0, 161 ProductVersion : 2, 6, 0, 161 ProductName : hpgs2wnf Module FileDescription : hpgs2wnf Module InternalName : hpgs2wnf LegalCopyright : Copyright 2001 OriginalFilename : hpgs2wnf.EXE #:38 [incd.exe] ModuleName : C:\Program Files\Ahead\InCD\InCD.exe Command Line : "C:\Program Files\Ahead\InCD\InCD.exe" ProcessID : 584 ThreadCreationTime : 5-12-2005 1:09:16 AM BasePriority : Normal FileVersion : 4, 0, 10, 0 ProductVersion : 4, 0, 10, 0 ProductName : InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright © Ahead Software 1996-2003, Karlsbad, Germany LegalTrademarks : InCD TM OriginalFilename : InCD.exe #:39 [bitsprx2.exe] ModuleName : C:\WINDOWS\system32\bitsprx2.exe Command Line : "C:\WINDOWS\system32\bitsprx2.exe" ProcessID : 644 ThreadCreationTime : 5-12-2005 1:09:16 AM BasePriority : Normal #:40 [gsmedia3.exe] ModuleName : C:\WINDOWS\system32\GSMedia3.exe Command Line : "C:\WINDOWS\system32\GSMedia3.exe" ProcessID : 124 ThreadCreationTime : 5-12-2005 1:09:16 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : URLBrowser CompanyName : Atix InternalName : URLBrowser OriginalFilename : URLBrowser.exe #:41 [dlg.exe] ModuleName : C:\Program Files\Digital Line Detect\DLG.exe Command Line : "C:\Program Files\Digital Line Detect\DLG.exe" ProcessID : 1288 ThreadCreationTime : 5-12-2005 1:09:18 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BVRP Software TestLine CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine LegalCopyright : Copyright © 2001 OriginalFilename : TestLine.exe #:42 [hpobnz08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe" ProcessID : 1348 ThreadCreationTime : 5-12-2005 1:09:18 AM BasePriority : Normal FileVersion : 2.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBNZ08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOBNZ08.EXE Comments : HP OfficeJet <Banzai> Series COM Device Objects #:43 [hposol08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe Command Line : "C:\Program ProcessID : 1652 ThreadCreationTime : 5-12-2005 1:09:19 AM BasePriority : Normal FileVersion : 2.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOSOL08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOSOL08.EXE Comments : HP OfficeJet <Solar> Series COM Device Objects #:44 [gcasdtserv.exe] ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe" ProcessID : 2336 ThreadCreationTime : 5-12-2005 1:09:27 AM BasePriority : Normal FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasDtServ.exe #:45 [hpoevm08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding ProcessID : 2380 ThreadCreationTime : 5-12-2005 1:09:28 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOEVM08.EXE Comments : HP OfficeJet COM Event Manager #:46 [hposts08.exe] ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp officejet 6100 series#1042776839" /Startup ProcessID : 2480 ThreadCreationTime : 5-12-2005 1:09:32 AM BasePriority : Normal FileVersion : 1.00 ProductVersion : 001.000.000.155 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOCPY08.EXE Comments : HP OfficeJet Status #:47 [hpzipm12.exe] ModuleName : C:\WINDOWS\System32\HPZipm12.exe Command Line : C:\WINDOWS\System32\HPZipm12.exe ProcessID : 2776 ThreadCreationTime : 5-12-2005 1:09:36 AM BasePriority : Normal FileVersion : 4, 5, 0, 802 ProductVersion : 4, 5, 0, 802 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:48 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 2800 ThreadCreationTime : 5-12-2005 1:09:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:49 [cidaemon.exe] ModuleName : C:\WINDOWS\system32\cidaemon.exe Command Line : "cidaemon.exe" DownLevelDaemon "c:\program files\dell\support\ui\search\catalog.wci" 196672l 1600l ProcessID : 3672 ThreadCreationTime : 5-12-2005 1:16:49 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:50 [cidaemon.exe] ModuleName : C:\WINDOWS\system32\cidaemon.exe Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1600l ProcessID : 3692 ThreadCreationTime : 5-12-2005 1:16:52 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:51 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2944 ThreadCreationTime : 5-12-2005 1:50:11 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4546 entries scanned. New critical objects:0 Objects found so far: 0 8:02:18 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:58.328 Objects scanned:105125 Objects identified:0 Objects ignored:0 New critical objects:0 |
|
|
|
|
May 12 2005, 07:59 AM
Post
#13
|
|
|
Member Posts: 53 OS: XP Pro |
This is a continuation of my Ad-Aware Scan log posted May 12, 2005:
Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4546 entries scanned. New critical objects:0 Objects found so far: 0 8:02:18 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:58.328 Objects scanned:105125 Objects identified:0 Objects ignored:0 New critical objects:0 |
|
|
|
| Guest_Andy_veal_* |
May 12 2005, 09:56 AM
Post
#14
|
|
|
Sorry for my unclear instructions.
Firstly you removed Sahagent which needs to be removed by itself. Secondly, you removed all other objects  Thanks |
|
|
|
|
May 12 2005, 10:00 AM
Post
#15
|
|
|
Member Posts: 53 OS: XP Pro |
Thanks for your help! Have you looked at my latest log after removing all other objects? What do I do at this point? I have not run any programs or connected to the internet after running my latest scan.
Thanks again Keith |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
 |
13 / 2,034 | 26th August 2005 - 01:36 AM hava33 started - last by Kat |
||||
|
6 / 2,098 | 15th June 2005 - 01:47 PM kchute started - last by numbnuts |
|||||
|
2 / 1,219 | 30th May 2005 - 12:48 PM computerdude1985 started - last by don77 |
|||||
|
0 / 0 | 24th May 2005 - 04:18 PM RABB started - last by Andy_veal |
|||||
|
Time is now: 21st November 2009 - 07:59 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising