Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spy sheriff [RESOLVED]

Started by brentmack , Jun 18 2005 11:25 AM

  • This topic is locked This topic is locked

#1
brentmack
Posted 18 June 2005 - 11:25 AM

brentmack

    New Member

  • Member
  • Pip
  • 4 posts
Hi, thanks for your service and help, I'm a newbie to removing these pests and can sure use your help.

It appears I have the Spy Sheriff spyware on my system. A big sign comes up saying "System Stopped" run spy ware remover etc... then the Spy Shriff adds come insisting I buy their product to get rid of what they gave me. There ought to be a law.

My desktop cannot be restored. I can't remove it with the AV , spyware tools I have. I followed your general instructions re. clean all, Ad Aware; Spy Bot & S&D; Ewido; Hijack this; Active Scan(Panda). I see that I have the "trojan-spy.html.smitfraud.c virus showing up as well. I'm not sure if this is the same as the Spy sheriff spyware.
I ran Ewido in safe mode and saved the log file and then I ran Active Scan and then the Hijack this.

Here is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 1:17:56 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
E:\new programs\security suite\ewidoctrl.exe
E:\new programs\security suite\ewidoguard.exe
E:\new programs\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\new programs\gcasServ.exe
C:\WINDOWS\System32\mqtgsvc.exe
F:\program files\qttask.exe
C:\Program Files\Daily Weather Forecast\weather.exe
E:\new programs\Picasa2\PicasaMediaDetector.exe
E:\new programs\java\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\new programs\WeatherEye.exe
C:\Program Files\SpySheriff\SpySheriff.exe
E:\new programs\Distillr\acrotray.exe
E:\new programs\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.c...shp?hl=en&gl=ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.c...shp?hl=en&gl=ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\new programs\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\new programs\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\new programs\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "E:\new programs\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\program files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [Picasa Media Detector] E:\new programs\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\new programs\java\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] E:\new programs\WeatherEye.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\new programs\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\new programs\java\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\new programs\java\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\NEWPRO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.shim.bc.c...v6/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110724281646
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\new programs\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\new programs\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - E:\new programs\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Here is the Ewido log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:28:53 AM, 6/18/2005
+ Report-Checksum: DB1B6938

+ Date of database: 6/17/2005
+ Version of scan engine: v3.0

+ Duration: 434 min
+ Scanned Files: 683145
+ Speed: 26.20 Files/Second
+ Infected files: 66
+ Removed files: 22
+ Files put in quarantine: 22
+ Files that could not be opened: 0
+ Files that could not be cleaned: 44

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Program Files\Lycos
C:\
D:\
E:\
F:\
C:\
C:\
D:\
E:\
F:\
C:\
D:\
E:\
F:\
C:\

+ Scan result:
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\14493.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\19120.exe -> Trojan.Agent.eo -> Cleaned with backup
D:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Norton_Antivirus_Subscription_Crack.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-WinPatrol_v6.0.0.10.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Adobe_Photoshop_Elements_v2.0_by_N-GeN.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\Program Files\PestPatrol\Quarantine\1225 -> Spyware.MyWay -> Cleaned with backup
E:\Program Files\PestPatrol\Quarantine\1226 -> Spyware.MyWay.e -> Cleaned with backup
F:\RecoveryBin\Volume-9fe78415-9f83-11d5-a87c-806d6172696f\drive c\Documents and Settings\MacKinnon\My Documents\Karen\Jokes, etc\cokegift(01C167616D7901FA).exe -> Not-A-Virus.Joke.Coke -> Cleaned with backup
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@atdmt[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@fastclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@spylog[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\14493.exe -> Not-A-Virus.Hoax.Renos.a -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\19120.exe -> Trojan.Agent.eo -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@atdmt[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@fastclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@spylog[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\14493.exe -> Not-A-Virus.Hoax.Renos.a -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\19120.exe -> Trojan.Agent.eo -> Error during cleaning
D:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet -> Error during cleaning
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Norton_Antivirus_Subscription_Crack.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-WinPatrol_v6.0.0.10.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Adobe_Photoshop_Elements_v2.0_by_N-GeN.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\Program Files\PestPatrol\Quarantine\1225 -> Spyware.MyWay -> Error during cleaning
E:\Program Files\PestPatrol\Quarantine\1226 -> Spyware.MyWay.e -> Error during cleaning
F:\RecoveryBin\Volume-9fe78415-9f83-11d5-a87c-806d6172696f\drive c\Documents and Settings\MacKinnon\My Documents\Karen\Jokes, etc\cokegift(01C167616D7901FA).exe -> Not-A-Virus.Joke.Coke -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@atdmt[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@fastclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@spylog[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\14493.exe -> Not-A-Virus.Hoax.Renos.a -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\19120.exe -> Trojan.Agent.eo -> Error during cleaning
D:\Program Files\Altnet\Download Manager\asm.exe -> Spyware.Altnet -> Error during cleaning
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Norton_Antivirus_Subscription_Crack.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-WinPatrol_v6.0.0.10.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\My Documents\Down\CRACK-LOCATOR[1].COM-Adobe_Photoshop_Elements_v2.0_by_N-GeN.RB0/pscan.exe -> Spyware.PurityScan.a -> Cleaned with backup
E:\Program Files\PestPatrol\Quarantine\1225 -> Spyware.MyWay -> Error during cleaning
E:\Program Files\PestPatrol\Quarantine\1226 -> Spyware.MyWay.e -> Error during cleaning
F:\RecoveryBin\Volume-9fe78415-9f83-11d5-a87c-806d6172696f\drive c\Documents and Settings\MacKinnon\My Documents\Karen\Jokes, etc\cokegift(01C167616D7901FA).exe -> Not-A-Virus.Joke.Coke -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@atdmt[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@fastclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Cookies\brent@spylog[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\14493.exe -> Not-A-Virus.Hoax.Renos.a -> Error during cleaning
C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Local Settings\Temp\19120.exe -> Trojan.Agent.eo -> Error during cleaning


::Report End

Here is the Active Scan report (Panda on line)

Incident Status Location

Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\OLEADM.dll
Adware:Adware/SpywareNo No disinfected C:\Program Files\SpySheriff\ProcMon.dll
Adware:Adware/DownloadWare No disinfected C:\Program Files\MediaLoads*
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Daily Weather Forecast
Adware:Adware/Lop No disinfected C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Favorites\ Home
Adware:Adware/CWS No disinfected C:\Documents and Settings\Brent.BRENT-M3XWI8N89\Favorites\Health
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos
Adware:Adware/Startpage.JY No disinfected Windows Registry
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp
Adware:Adware/SpywareNo No disinfected C:\Program Files\SpySheriff\ProcMon.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\oleadm.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp
Spyware:Spyware/ISTbar No disinfected E:\My Documents\Down\Microsoft_Visio_XP_Pro (www[1].crack.cd).zip[ota.exe]
Adware:Adware/Envolo No disinfected E:\Program Files\PestPatrol\Quarantine\1231
Adware:Adware/Envolo No disinfected E:\Program Files\PestPatrol\Quarantine\1232
  • 0

Advertisements

#2
brentmack
Posted 25 June 2005 - 10:56 AM

brentmack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is a link to my original post. Metallica advised me to run Adaware again and I did. th spy sheriff sign and demands to buy their software is gone but my desk top is still frozen with no options in display properties. Here is my original post.
http://www.geekstogo...ST&f=37&t=37042

Here is the Adaware log filel


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, June 25, 2005 12:12:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):7 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : E:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:31 %
Total physical memory:261616 kb
Available physical memory:79572 kb
Total page file size:633092 kb
Available on page file:397116 kb
Total virtual memory:2097024 kb
Available virtual memory:2040688 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : Use permanent archive caching
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Disable manual quarantine if auto-quarantine is selected
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Snap windows to desktop borders
Set : Limit drive selection to fixed drives
Set : Use gridlines in results lists
Set : Show detail tooltips in results lists
Set : Create and save WebUpdate log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects


6-25-2005 12:12:31 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Brent.BRENT-M3XWI8N89\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1563985344-1957994488-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1563985344-1957994488-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1960408961-1563985344-1957994488-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 6-25-2005 1:09:16 PM
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 6-25-2005 1:09:19 PM
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 6-25-2005 1:09:23 PM
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\wldap32.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemprox.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\System32\wbem\fastprox.dll...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rasman.dll...
Scanning Module:C:\WINDOWS\system32\TAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rtutils.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\ES.DLL...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 6-25-2005 1:09:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 6-25-2005 1:09:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 748
ThreadCreationTime : 6-25-2005 1:09:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 6-25-2005 1:09:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 880
ThreadCreationTime : 6-25-2005 1:09:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\iprip.dll...
Scanning Module:c:\windows\system32\WSOCK32.dll...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:C:\WINDOWS\system32\msxml3.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:c:\windows\system32\msi.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:C:\WINDOWS\System32\netcfgx.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\cryptnet.dll...
Scanning Module:C:\WINDOWS\System32\SensApi.dll...
Scanning Module:C:\WINDOWS\System32\upnp.dll...
Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 940
ThreadCreationTime : 6-25-2005 1:09:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1032
ThreadCreationTime : 6-25-2005 1:09:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1212
ThreadCreationTime : 6-25-2005 1:09:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\AdobePDF.dll...
Scanning Module:E:\new programs\Distillr\adistres.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\lprmon.dll...
Scanning Module:C:\WINDOWS\system32\LPRHELP.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1336
ThreadCreationTime : 6-25-2005 1:09:36 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgcfg.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgklib.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avglng.dll...

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1372
ThreadCreationTime : 6-25-2005 1:09:36 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe...

#:14 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1396
ThreadCreationTime : 6-25-2005 1:09:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
Scanning Module:C:\WINDOWS\System32\cisvc.exe...
Scanning Module:C:\WINDOWS\System32\query.dll...

#:15 [ewidoctrl.exe]
ModuleName : E:\new programs\security suite\ewidoctrl.exe
Command Line : "E:\new programs\security suite\ewidoctrl.exe"
ProcessID : 1424
ThreadCreationTime : 6-25-2005 1:09:37 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
Scanning Module:E:\new programs\security suite\ewidoctrl.exe...
Scanning Module:E:\new programs\security suite\lang.dll...

#:16 [ewidoguard.exe]
ModuleName : E:\new programs\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1444
ThreadCreationTime : 6-25-2005 1:09:37 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
Scanning Module:E:\new programs\security suite\ewidoguard.exe...
Scanning Module:E:\new programs\security suite\TScan1.dll...
Scanning Module:E:\new programs\security suite\wizard.dll...
Scanning Module:E:\new programs\security suite\framework.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...
Scanning Module:E:\new programs\security suite\configuration.dll...
Scanning Module:E:\new programs\security suite\archive.dll...
Scanning Module:E:\new programs\security suite\update_core.dll...
Scanning Module:E:\new programs\security suite\scan.dll...
Scanning Module:E:\new programs\security suite\tray_dll.dll...
Scanning Module:C:\WINDOWS\system32\dciman32.dll...
Scanning Module:C:\WINDOWS\system32\rsvpsp.dll...

#:17 [incdsrv.exe]
ModuleName : E:\new programs\InCD\InCDsrv.exe
Command Line : "E:\new programs\InCD\InCDsrv.exe"
ProcessID : 1500
ThreadCreationTime : 6-25-2005 1:09:38 PM
BasePriority : Normal
FileVersion : 4, 0, 8, 0
ProductVersion : 4, 0, 8, 0
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe
Scanning Module:E:\new programs\InCD\InCDsrv.exe...
Scanning Module:C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll...
Scanning Module:E:\new programs\InCD\incdshx.dll...

#:18 [msdtc.exe]
ModuleName : C:\WINDOWS\System32\msdtc.exe
Command Line : C:\WINDOWS\System32\msdtc.exe
ProcessID : 1532
ThreadCreationTime : 6-25-2005 1:09:39 PM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
Scanning Module:C:\WINDOWS\System32\msdtc.exe...
Scanning Module:C:\WINDOWS\System32\MSDTCTM.dll...
Scanning Module:C:\WINDOWS\System32\MSDTCPRX.dll...
Scanning Module:C:\WINDOWS\System32\MSDTCLOG.dll...
Scanning Module:C:\WINDOWS\System32\XOLEHLP.dll...
Scanning Module:C:\WINDOWS\System32\MTxOCI.Dll...

#:19 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1636
ThreadCreationTime : 6-25-2005 1:09:40 PM
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
Scanning Module:C:\WINDOWS\system32\nvsvc32.exe...

#:20 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 1720
ThreadCreationTime : 6-25-2005 1:09:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
Scanning Module:C:\WINDOWS\System32\tcpsvcs.exe...
Scanning Module:C:\WINDOWS\system32\simptcp.dll...

#:21 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 1752
ThreadCreationTime : 6-25-2005 1:09:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
Scanning Module:C:\WINDOWS\System32\snmp.exe...
Scanning Module:C:\WINDOWS\System32\snmpapi.dll...
Scanning Module:C:\WINDOWS\System32\lmmib2.dll...
Scanning Module:C:\WINDOWS\System32\inetmib1.dll...
Scanning Module:C:\WINDOWS\System32\hostmib.dll...
Scanning Module:C:\WINDOWS\System32\snmpmib.dll...
Scanning Module:C:\WINDOWS\System32\evntagnt.dll...
Scanning Module:C:\WINDOWS\System32\igmpagnt.dll...
Scanning Module:C:\WINDOWS\System32\mcastmib.dll...
Scanning Module:C:\WINDOWS\System32\rtipxmib.dll...
Scanning Module:C:\WINDOWS\System32\perfos.dll...

#:22 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1784
ThreadCreationTime : 6-25-2005 1:09:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\System32\wiafbdrv.dll...
Scanning Module:C:\WINDOWS\System32\hpsjmcro.dll...
Scanning Module:C:\WINDOWS\System32\actxprxy.dll...
Scanning Module:C:\WINDOWS\System32\sti.dll...

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1828
ThreadCreationTime : 6-25-2005 1:09:41 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:24 [mqsvc.exe]
ModuleName : C:\WINDOWS\System32\mqsvc.exe
Command Line : C:\WINDOWS\System32\mqsvc.exe
ProcessID : 128
ThreadCreationTime : 6-25-2005 1:09:45 PM
BasePriority : Normal
FileVersion : 5.01.1108
ProductVersion : 5.01.1108
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Message Queuing Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT™ is a trademark of Microsoft Corporation
OriginalFilename : MQSVC.EXE
Scanning Module:C:\WINDOWS\System32\mqsvc.exe...
Scanning Module:C:\WINDOWS\System32\MQQM.dll...
Scanning Module:C:\WINDOWS\System32\mqutil.dll...
Scanning Module:C:\WINDOWS\System32\mqsec.dll...
Scanning Module:C:\WINDOWS\System32\Security.dll...
Scanning Module:C:\WINDOWS\System32\MqLogMgr.dll...

#:25 [mqtgsvc.exe]
ModuleName : C:\WINDOWS\System32\mqtgsvc.exe
Command Line : C:\WINDOWS\System32\mqtgsvc.exe
ProcessID : 424
ThreadCreationTime : 6-25-2005 1:09:49 PM
BasePriority : Normal
FileVersion : 5.01.1108
ProductVersion : 5.01.1108
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Windows NT MSMQ Trigger Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT™ is a trademark of Microsoft Corporation
OriginalFilename : QMTGSVC.EXE
Scanning Module:C:\WINDOWS\System32\mqtgsvc.exe...
Scanning Module:C:\WINDOWS\System32\mqrt.dll...
Scanning Module:C:\WINDOWS\System32\MQTRIG.DLL...

#:26 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 860
ThreadCreationTime : 6-25-2005 1:09:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:27 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1396l
ProcessID : 2480
ThreadCreationTime : 6-25-2005 1:17:04 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
Scanning Module:C:\WINDOWS\system32\cidaemon.exe...
Scanning Module:C:\WINDOWS\system32\LangWrbk.dll...

#:28 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\documents and settings\all users.windows\application data\microsoft\visio\catalog.wci" 196672l 1396l
ProcessID : 2500
ThreadCreationTime : 6-25-2005 1:17:07 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:29 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 3076
ThreadCreationTime : 6-25-2005 3:52:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
Scanning Module:C:\WINDOWS\system32\wscntfy.exe...
Scanning Module:C:\WINDOWS\system32\MSCTF.dll...
Scanning Module:C:\WINDOWS\system32\nview.dll...

#:30 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 3164
ThreadCreationTime : 6-25-2005 3:52:37 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\System32\themeui.dll...
Scanning Module:C:\WINDOWS\System32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\System32\shimgvw.dll...
Scanning Module:C:\WINDOWS\system32\mlang.dll...
Scanning Module:C:\WINDOWS\System32\mshtml.dll...
Scanning Module:C:\WINDOWS\System32\msls31.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:E:\new programs\shellextension.dll...
Scanning Module:C:\WINDOWS\System32\shdoclc.dll...
Scanning Module:C:\WINDOWS\System32\webcheck.dll...
Scanning Module:C:\WINDOWS\System32\stobject.dll...
Scanning Module:C:\WINDOWS\System32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\upnpui.dll...
Scanning Module:C:\WINDOWS\System32\msimtf.dll...
Scanning Module:C:\WINDOWS\system32\mslbui.dll...
Scanning Module:C:\WINDOWS\ime\sptip.dll...
Scanning Module:C:\WINDOWS\system32\OLEACC.dll...
Scanning Module:C:\WINDOWS\IME\SPGRMR.DLL...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\WINDOWS\system32\nvcpl.dll...
Scanning Module:C:\WINDOWS\system32\nvwddi.dll...
Scanning Module:C:\WINDOWS\system32\nvshell.dll...
Scanning Module:E:\new programs\security suite\shellhook.dll...

#:31 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 2440
ThreadCreationTime : 6-25-2005 3:52:47 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\MFC71.DLL...
Scanning Module:C:\WINDOWS\system32\MSVFW32.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll...
Scanning Module:C:\WINDOWS\system32\MFC71ENU.DLL...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgf.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\AVGRES.DLL...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgcckrn.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgvault.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgscan.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgunarc.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgrep.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll...

#:32 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 3536
ThreadCreationTime : 6-25-2005 3:52:53 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll...
Scanning Module:C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgmail.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Free\avgcore.dll...

#:33 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 3544
ThreadCreationTime : 6-25-2005 3:52:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Scanning Module:C:\WINDOWS\system32\ctfmon.exe...
Scanning Module:C:\WINDOWS\system32\MSUTB.dll...

#:34 [gcasserv.exe]
ModuleName : E:\new programs\gcasServ.exe
Command Line : "E:\new programs\gcasServ.exe"
ProcessID : 3552
ThreadCreationTime : 6-25-2005 3:52:55 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
Scanning Module:E:\new programs\gcasServ.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:E:\new programs\gcAntiSpywareLibrary.dll...
Scanning Module:E:\new programs\ShFolder.dll...

#:35 [qttask.exe]
ModuleName : F:\program files\qttask.exe
Command Line : "F:\program files\qttask.exe" -atboottime
ProcessID : 3556
ThreadCreationTime : 6-25-2005 3:52:56 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Scanning Module:F:\program files\qttask.exe...

#:36 [weather.exe]
ModuleName : C:\Program Files\Daily Weather Forecast\weather.exe
Command Line : "C:\Program Files\Daily Weather Forecast\weather.exe"
ProcessID : 3592
ThreadCreationTime : 6-25-2005 3:52:58 PM
BasePriority : Normal

Scanning Module:C:\Program Files\Daily Weather Forecast\weather.exe...

#:37 [picasamediadetector.exe]
ModuleName : E:\new programs\Picasa2\PicasaMediaDetector.exe
Command Line : "E:\new programs\Picasa2\PicasaMediaDetector.exe"
ProcessID : 3620
ThreadCreationTime : 6-25-2005 3:52:58 PM
BasePriority : Normal

Scanning Module:E:\new programs\Picasa2\PicasaMediaDetector.exe...

#:38 [jusched.exe]
ModuleName : E:\new programs\java\bin\jusched.exe
Command Line : "E:\new programs\java\bin\jusched.exe"
ProcessID : 3668
ThreadCreationTime : 6-25-2005 3:52:59 PM
BasePriority : Normal

Scanning Module:E:\new programs\java\bin\jusched.exe...

#:39 [gcasdtserv.exe]
ModuleName : E:\new programs\gcasDtServ.exe
Command Line : "E:\new programs\gcasDtServ.exe"
ProcessID : 3696
ThreadCreationTime : 6-25-2005 3:52:59 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
Scanning Module:E:\new programs\gcasDtServ.exe...
Scanning Module:C:\WINDOWS\system32\GCCollection.dll...
Scanning Module:C:\WINDOWS\system32\hashlib.dll...

#:40 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 3788
ThreadCreationTime : 6-25-2005 3:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\system32\rundll32.exe...

#:41 [weathereye.exe]
ModuleName : E:\new programs\WeatherEye.exe
Command Line : "E:\new programs\WeatherEye.exe"
ProcessID : 3904
ThreadCreationTime : 6-25-2005 3:53:29 PM
BasePriority : Normal
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
ProductName : MétéoIMédia/WeatherEye
CompanyName : MétéoMédia/The Weather Network
FileDescription : MétéoIMédia/WeatherEye
InternalName : WeatherEye
LegalCopyright : MétéoMédia/The Weather Network
LegalTrademarks : MétéoMédia/The Weather Network
OriginalFilename : WeatherEye.exe
Comments : Author : Philippe Cotte, Jean-Michel Augustin, Benoit Fries
Scanning Module:E:\new programs\WeatherEye.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...

#:42 [acrotray.exe]
ModuleName : E:\new programs\Distillr\acrotray.exe
Command Line : "E:\new programs\Distillr\acrotray.exe"
ProcessID : 3936
ThreadCreationTime : 6-25-2005 3:53:32 PM
BasePriority : Normal
FileVersion : 6.0.0.2003040700
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
Scanning Module:E:\new programs\Distillr\acrotray.exe...

#:43 [ad-aware.exe]
ModuleName : E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 908
ThreadCreationTime : 6-25-2005 4:09:50 PM
BasePriority : Idle
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\system32\RICHED20.dll...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : brent@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-24-2010 7:55:26 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IEC
  • 0

#3
Metallica
Posted 25 June 2005 - 11:28 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Please try and keep your logs in one thread.

Copy the part in bold below into notepad and save it as permitall.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-


Doubleclick the file and confirm you want to merge it with the registry.

Reboot and check under Properties of your desktop if the Browse button is usable again.

Regards,
  • 0

#4
brentmack
Posted 25 June 2005 - 11:59 AM

brentmack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you Metallica, it worked, I 'am so pleased. Sorry about the my error posting. I'm not sure of the directions on doing the post so it was a hit and miss effort on my part. Would you advise getting rid of IE and go to Fire fox. I read somewhere that IE vunerabilities was the main cause of so much of this malware stuff. I'm running AVG, spybot; adaware, now Ewido and I have the ms spyware scanner going. Thanks again - your site and help are invaluable.
Brent
  • 0

#5
Metallica
Posted 25 June 2005 - 12:27 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi Brent,

Glad we could help.

Please do have a look at my site about removing and preventing spyware.

You will find a lot of options to make IE more secure.

FireFox is not foolproof either, but it certainly is a nice browser.
You can not get rid of IE by the way.
It is an integral part of the OS and you will find that you will need it sometimes.

Regards,
  • 0

#6
brentmack
Posted 25 June 2005 - 12:50 PM

brentmack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Great site Pieter, I've bookmarked it and will follow up with your suggestions. Thanks again,
Brent
  • 0

#7
Metallica
Posted 25 June 2005 - 12:53 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP