Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adaware log file - poup trouble


  • This topic is locked This topic is locked

#1
diydelboy

diydelboy

    Member

  • Member
  • PipPip
  • 15 posts
Hi, I'm geeting trouble with two popups, which spybot and adaware don't seem to be fixing.
Also had a virtual maid toolbar come up at same time, but killed that with toolbarcop.
I'm getting two popups, one saying 'your pc is infected with spyware, click here etc.'
One is an annoying yellow triangle with "!" in the middle of it that states " System Alert: Exploit Detected. System has detechted 4 active exploits that may cause frequent application crashes, instability or low computer preformance. Click the icon to remove exploits. "
Attached screen grab of one..
Any help much appreciated, thanks
Derek

Ad-Aware SE Build 1.05
Logfile Created on:20 April 2005 12:12:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:57 %
Total physical memory:785840 kb
Available physical memory:447656 kb
Total page file size:1923624 kb
Available on page file:1624116 kb
Total virtual memory:2097024 kb
Available virtual memory:2040216 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


20-04-2005 12:12:17 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 328
ThreadCreationTime : 20-04-2005 10:08:09
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 20-04-2005 10:08:11
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : Normal
FileVersion : 5.1.2600.1224 (xpsp2.030516-0318)
ProductVersion : 5.1.2600.1224
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 768
ThreadCreationTime : 20-04-2005 10:08:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 820
ThreadCreationTime : 20-04-2005 10:08:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1028
ThreadCreationTime : 20-04-2005 10:08:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1056
ThreadCreationTime : 20-04-2005 10:08:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1220
ThreadCreationTime : 20-04-2005 10:08:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1332
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1344
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal


#:13 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\avsynmgr.exe"
ProcessID : 1356
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal


#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1400
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 440
ThreadCreationTime : 20-04-2005 10:09:21
BasePriority : Normal


#:16 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 452
ThreadCreationTime : 20-04-2005 10:09:21
BasePriority : Normal


#:17 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe"
ProcessID : 336
ThreadCreationTime : 20-04-2005 10:09:22
BasePriority : High


#:18 [webscanx.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Webscanx.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Webscanx.exe"
ProcessID : 700
ThreadCreationTime : 20-04-2005 10:09:23
BasePriority : Normal


#:19 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 1420
ThreadCreationTime : 20-04-2005 10:09:27
BasePriority : Normal


#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1540
ThreadCreationTime : 20-04-2005 10:10:47
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 1708
ThreadCreationTime : 20-04-2005 10:10:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [dllhost.exe]
ModuleName : C:\WINDOWS\System32\DllHost.exe
Command Line : C:\WINDOWS\System32\DllHost.exe /Processid:{BAA8FB92-D1E7-4181-B0EE-94DA3329F7C0}
ProcessID : 1500
ThreadCreationTime : 20-04-2005 10:10:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:23 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1760
ThreadCreationTime : 20-04-2005 10:10:50
BasePriority : Normal


#:24 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
ProcessID : 1892
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal


#:25 [atiptaxx.exe]
ModuleName : C:\WINDOWS\System32\atiptaxx.exe
Command Line : "C:\WINDOWS\System32\atiptaxx.exe"
ProcessID : 1932
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal
FileVersion : 6.13.10.2529
ProductVersion : 6.13.10.2529
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:26 [soundman.exe]
ModuleName : C:\WINDOWS\soundman.exe
Command Line : "C:\WINDOWS\soundman.exe"
ProcessID : 148
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal
FileVersion : 4.1
ProductVersion : 4.1
ProductName : Avance Sound Effect Manager v.4.1
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Effect Manager
InternalName : SoundMan
LegalCopyright : Copyright © 2000-2001 Avance Logic, Inc.
OriginalFilename : SoundMan.exe
Comments : Avance Sound Effect Control Panel

#:27 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 176
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPLpr.exe

#:28 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 160
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPEnh.exe

#:29 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 1928
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LAUNCHAP Application
FileDescription : LAUNCHAP
InternalName : LAUNCHAP
LegalCopyright : Copyright 1999 - 2000
OriginalFilename : LAUNCHAP.EXE

#:30 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 372
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal


#:31 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 388
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal


#:32 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 844
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE

#:33 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1784
ThreadCreationTime : 20-04-2005 10:10:53
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:34 [datalayer.exe]
ModuleName : C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
Command Line : "C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe"
ProcessID : 936
ThreadCreationTime : 20-04-2005 10:10:54
BasePriority : Normal
FileVersion : 5, 00, 00, 042
ProductVersion : 5,0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phone Ltd.
FileDescription : DataLayer Module
InternalName : Data Layer
LegalCopyright : Copyright © 2002-2003. Nokia. All rights reserved.
OriginalFilename : DataLayer.EXE

#:35 [ncltray.exe]
ModuleName : C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
Command Line : "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe"
ProcessID : 1608
ThreadCreationTime : 20-04-2005 10:10:54
BasePriority : Normal


#:36 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1768
ThreadCreationTime : 20-04-2005 10:10:55
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:37 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 992
ThreadCreationTime : 20-04-2005 10:10:55
BasePriority : Normal


#:38 [servicelayer.exe]
ModuleName : C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Command Line : "C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" -Embedding
ProcessID : 2060
ThreadCreationTime : 20-04-2005 10:10:56
BasePriority : Normal
FileVersion : 5.00.018
ProductVersion : 5.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corp.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002, 2003 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:39 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2284
ThreadCreationTime : 20-04-2005 10:10:59
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:40 [mozilla.exe]
ModuleName : C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
Command Line : "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
ProcessID : 2384
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal


#:41 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2396
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:42 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 2428
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4080
ThreadCreationTime : 20-04-2005 11:10:00
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmaid.co...bar/index.html"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchmaid.co...bar/index.html"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainLocal Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Local Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainSearch Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainStart Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainSearch Barsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmaid.co...bar/index.html"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchmaid.co...bar/index.html"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainDefault_Search_URLsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainDefault_Page_URLsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainLocal Pagesearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Local Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchCustomizeSearchsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchURLsearchmaid.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "http://www.searchmai...arch.php?qq=%s"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 17




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

12:26:12 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:55.121
Objects scanned:174469
Objects identified:17
Objects ignored:0
New critical objects:17

Attached Thumbnails

  • eh2.jpg

  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi..
What browser do you use?
Ie?
Firefox?
Also, i noticed that your MSN messenger - version is old, and it is recommended to install latest version because there is bug updates, critical updates and feature - updates..
And another thing is, maybe you should try out Lavasoft's quite new Beta - testing project, sign up in the beta- team (it's free) and download latest beta definition and try it also.
And, you should take a look on windowsupdate to see if you have all critical updates on your computer..

- Rawe :tazz:
  • 0

#3
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
New update is out!
Please, update your Ad-aware SE personal to latest definitions, and post a fresh log :tazz:

- Rawe ;)
  • 0

#4
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,
cheers for help
I use mozilla generally, but occasionally IE6 for some sites.
just updating everthing and rescanning now..
thanks
D.
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

just updating everthing and rescanning now..


When you have updated your Ad-aware SE definition file.

Please scan using the full system scan setting and then post your new logfile here.


Thanks

Andy :tazz:
  • 0

#6
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi there
Taken a while, but all updates scans etc done, finally!
Here's the new log, and I'm still getting the two popups a stated in my initial email.
All help appreciated, cheers guys
Derek


Using definitions file:SE1B42 BETA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Logfile removed: Incorrect Definitions
Please view my post for more information

Edited by Andy_veal, 26 April 2005 - 11:13 AM.

  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

Using definitions file:SE1B42 BETA


Please submit this logfile to Lavasoft Research for you are currently running the BETA definition file.

Could you then download and install the normal definition files.

Please post back with a full system logfile using the normal defs.

Thanks


Andy
  • 0

#9
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi!
that was quick, not entirely sure what you maen tho!! ;-)
will try it tho..
Derek
  • 0

#10
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
You are currently using BETA definition files,

The logfile is ment to be submitted after scanning.

If not, then the Research and Development team will not know what was successfully removed.

Please provide the feedback to LS research and to then provided us with a normal definition file scan. :tazz:

Thanks

I hope you understand better
  • 0

Advertisements


#11
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi
Thought there was no need to post to lavasoft if there were no detections?
Am running the beta version as was advised to do so..
Will this hosts file issue sort things then?
Thnaks
Derek
  • 0

#12
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Maybe i am incorrect.

Sorry.

Please could you change definition files to the latest normal definiton:
* SE1R41 25.04.2005 *

Please then rescan using the definition file with the full system scan option.

Post your new logfile here as a reply.

- The host file will play a part in solving your computer problems.-
  • 0

#13
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,
I've changed the def files, and will rescan, may have t o post 2mrw now tho as need to get home!
What will restoring my hosts file to defaults do? and is it likely to have any undesirable effects?
cheers
Derek
  • 0

#14
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
It might solve some problems.

Post your logfile whenever you can. :tazz:
  • 0

#15
diydelboy

diydelboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
At last I can go home!!!
one new log file ;-)
cheers
Derek



Ad-Aware SE Build 1.05
Logfile Created on:26 April 2005 18:34:49
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:45 %
Total physical memory:785840 kb
Available physical memory:350596 kb
Total page file size:1923188 kb
Available on page file:1573688 kb
Total virtual memory:2097024 kb
Available virtual memory:2035280 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


26-04-2005 18:34:49 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 26-04-2005 14:20:21
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 524
ThreadCreationTime : 26-04-2005 14:20:23
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 548
ThreadCreationTime : 26-04-2005 14:20:25
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 592
ThreadCreationTime : 26-04-2005 14:20:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 604
ThreadCreationTime : 26-04-2005 14:20:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 760
ThreadCreationTime : 26-04-2005 14:20:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 26-04-2005 14:20:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 880
ThreadCreationTime : 26-04-2005 14:20:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 928
ThreadCreationTime : 26-04-2005 14:20:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1088
ThreadCreationTime : 26-04-2005 14:20:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1288
ThreadCreationTime : 26-04-2005 14:20:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1400
ThreadCreationTime : 26-04-2005 14:20:31
BasePriority : Normal


#:13 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\avsynmgr.exe"
ProcessID : 1412
ThreadCreationTime : 26-04-2005 14:20:31
BasePriority : Normal


#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1472
ThreadCreationTime : 26-04-2005 14:20:31
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1976
ThreadCreationTime : 26-04-2005 14:20:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 720
ThreadCreationTime : 26-04-2005 14:21:19
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [msole32.exe]
ModuleName : C:\WINDOWS\system32\msole32.exe
Command Line : "C:\WINDOWS\system32\msole32.exe"
ProcessID : 416
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal


#:18 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
ProcessID : 484
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal


#:19 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\atiptaxx.exe
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 308
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal
FileVersion : 6.13.10.2529
ProductVersion : 6.13.10.2529
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:20 [soundman.exe]
ModuleName : C:\WINDOWS\soundman.exe
Command Line : "C:\WINDOWS\soundman.exe"
ProcessID : 608
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal
FileVersion : 4.1
ProductVersion : 4.1
ProductName : Avance Sound Effect Manager v.4.1
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Effect Manager
InternalName : SoundMan
LegalCopyright : Copyright © 2000-2001 Avance Logic, Inc.
OriginalFilename : SoundMan.exe
Comments : Avance Sound Effect Control Panel

#:21 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 640
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPLpr.exe

#:22 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 860
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPEnh.exe

#:23 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 868
ThreadCreationTime : 26-04-2005 14:21:24
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LAUNCHAP Application
FileDescription : LAUNCHAP
InternalName : LAUNCHAP
LegalCopyright : Copyright 1999 - 2000
OriginalFilename : LAUNCHAP.EXE

#:24 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 912
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal


#:25 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 944
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal


#:26 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 1100
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE

#:27 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 264
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal


#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2036
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 172
ThreadCreationTime : 26-04-2005 14:21:25
BasePriority : Normal


#:30 [datalayer.exe]
ModuleName : C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
Command Line : "C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe"
ProcessID : 1236
ThreadCreationTime : 26-04-2005 14:21:27
BasePriority : Normal
FileVersion : 5, 00, 00, 042
ProductVersion : 5,0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phone Ltd.
FileDescription : DataLayer Module
InternalName : Data Layer
LegalCopyright : Copyright © 2002-2003. Nokia. All rights reserved.
OriginalFilename : DataLayer.EXE

#:31 [ncltray.exe]
ModuleName : C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
Command Line : "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe"
ProcessID : 1336
ThreadCreationTime : 26-04-2005 14:21:27
BasePriority : Normal


#:32 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1584
ThreadCreationTime : 26-04-2005 14:21:27
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:33 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe"
ProcessID : 1560
ThreadCreationTime : 26-04-2005 14:21:29
BasePriority : High


#:34 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1220
ThreadCreationTime : 26-04-2005 14:21:29
BasePriority : Normal


#:35 [webscanx.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Webscanx.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Webscanx.exe"
ProcessID : 2124
ThreadCreationTime : 26-04-2005 14:21:34
BasePriority : Normal


#:36 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 2128
ThreadCreationTime : 26-04-2005 14:21:34
BasePriority : Normal


#:37 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 2204
ThreadCreationTime : 26-04-2005 14:21:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:38 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2344
ThreadCreationTime : 26-04-2005 14:21:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:39 [servicelayer.exe]
ModuleName : C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Command Line : "C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" -Embedding
ProcessID : 2356
ThreadCreationTime : 26-04-2005 14:21:42
BasePriority : Normal
FileVersion : 5.00.018
ProductVersion : 5.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corp.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002, 2003 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:40 [mozilla.exe]
ModuleName : C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
Command Line : "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
ProcessID : 2364
ThreadCreationTime : 26-04-2005 14:21:42
BasePriority : Normal


#:41 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 3004
ThreadCreationTime : 26-04-2005 14:22:03
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:42 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 3788
ThreadCreationTime : 26-04-2005 16:09:03
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:43 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 3144
ThreadCreationTime : 26-04-2005 16:52:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:44 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" /runevent "C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll" RNMsgAutoCheck
ProcessID : 2884
ThreadCreationTime : 26-04-2005 17:21:31
BasePriority : Idle
FileVersion : 6.0.12.857
ProductVersion : 6.0.12.857
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:45 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3652
ThreadCreationTime : 26-04-2005 17:34:22
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


18:56:23 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:34.1
Objects scanned:188889
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP