Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Please - smitfraud.c trojan

Started by bratbut , Apr 21 2005 10:28 PM

  • This topic is locked This topic is locked

#1
bratbut
Posted 21 April 2005 - 10:28 PM

bratbut

    New Member

  • Member
  • Pip
  • 6 posts
Please review this log file. any assistance will be greatly appreciated...






ArchiveData(auto-quarantine- 2005-04-21 22-18-12.bckp)
Referencefile : SE1R40 20.04.2005
======================================================

WINDUPDATES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll
obj[1]=RegValue : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll ".Owner"
obj[2]=RegValue : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}"
obj[3]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs "C:\WINDOWS\Downloaded Program Files\WinStatX.dll"
obj[82]=File : c:\/windows/downloaded program files/winstatx.dll
obj[84]=File : C:\WINDOWS\Downloaded Program Files\WinStatX.dll

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=IECache Entry : Cookie:[email protected]/
obj[5]=IECache Entry : Cookie:[email protected]/
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/
obj[12]=IECache Entry : Cookie:[email protected]/
obj[13]=IECache Entry : Cookie:[email protected]/
obj[14]=IECache Entry : Cookie:[email protected]/
obj[15]=IECache Entry : Cookie:[email protected]/
obj[16]=IECache Entry : Cookie:[email protected]/
obj[17]=IECache Entry : Cookie:[email protected]/
obj[18]=IECache Entry : Cookie:[email protected]/
obj[19]=IECache Entry : Cookie:[email protected]/
obj[20]=IECache Entry : Cookie:[email protected]/
obj[21]=IECache Entry : Cookie:[email protected]/
obj[22]=IECache Entry : Cookie:[email protected]/
obj[23]=IECache Entry : Cookie:[email protected]/
obj[24]=IECache Entry : Cookie:[email protected]/
obj[25]=IECache Entry : Cookie:[email protected]/
obj[26]=IECache Entry : Cookie:[email protected]/
obj[27]=IECache Entry : Cookie:[email protected]/
obj[28]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[29]=IECache Entry : Cookie:[email protected]/HTM/384/0
obj[30]=IECache Entry : Cookie:[email protected]/adrevolver/
obj[31]=IECache Entry : Cookie:[email protected]/
obj[32]=IECache Entry : Cookie:[email protected]/
obj[33]=IECache Entry : Cookie:[email protected]/
obj[34]=IECache Entry : Cookie:[email protected]/
obj[35]=IECache Entry : Cookie:[email protected]/
obj[36]=IECache Entry : Cookie:[email protected]/
obj[37]=IECache Entry : Cookie:[email protected]/
obj[38]=IECache Entry : Cookie:[email protected]/
obj[39]=IECache Entry : Cookie:[email protected]/
obj[40]=IECache Entry : Cookie:[email protected]/
obj[41]=IECache Entry : Cookie:[email protected]/
obj[42]=IECache Entry : Cookie:[email protected]/
obj[43]=IECache Entry : Cookie:[email protected]/
obj[44]=IECache Entry : Cookie:[email protected]/
obj[45]=IECache Entry : Cookie:[email protected]/
obj[46]=IECache Entry : Cookie:[email protected]/
obj[47]=IECache Entry : Cookie:[email protected]/
obj[48]=IECache Entry : Cookie:[email protected]/
obj[49]=IECache Entry : Cookie:[email protected]/
obj[50]=IECache Entry : Cookie:[email protected]/cgi-bin
obj[51]=IECache Entry : Cookie:[email protected]/
obj[52]=IECache Entry : Cookie:[email protected]/
obj[53]=IECache Entry : Cookie:[email protected]/
obj[54]=IECache Entry : Cookie:[email protected]/
obj[55]=IECache Entry : Cookie:[email protected]/
obj[56]=IECache Entry : Cookie:[email protected]/
obj[57]=IECache Entry : Cookie:[email protected]/
obj[58]=IECache Entry : Cookie:[email protected]/
obj[59]=IECache Entry : Cookie:[email protected]/
obj[60]=IECache Entry : Cookie:[email protected]/
obj[61]=IECache Entry : Cookie:[email protected]/
obj[62]=IECache Entry : Cookie:[email protected]/
obj[63]=IECache Entry : Cookie:[email protected]/

COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[64]=RegKey : software\microsoft\windows\currentversion\uninstall\sw
obj[65]=RegValue : software\microsoft\windows\currentversion\uninstall\sw "DisplayName"
obj[66]=RegValue : software\microsoft\windows\currentversion\uninstall\sw "UninstallString"
obj[67]=RegKey : software\microsoft\windows\currentversion\uninstall\se
obj[68]=RegValue : software\microsoft\windows\currentversion\uninstall\se "DisplayName"
obj[69]=RegValue : software\microsoft\windows\currentversion\uninstall\se "UninstallString"
obj[70]=RegKey : software\microsoft\windows\currentversion\uninstall\hsa
obj[71]=RegValue : software\microsoft\windows\currentversion\uninstall\hsa "DisplayName"
obj[72]=RegValue : software\microsoft\windows\currentversion\uninstall\hsa "UninstallString"
obj[73]=RegKey : software\microsoft\internet explorer\urlsearchhooks
obj[74]=RegValue : software\microsoft\internet explorer\urlsearchhooks "{E7065518-0E66-202A-4EB4-121DBCBCE4D0}"
obj[75]=RegValue : software\microsoft\internet explorer\search "SearchAssistant"
obj[76]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"
obj[77]=RegValue : software\microsoft\internet explorer\search\searchproperties\en-us "Panel@Web"
obj[78]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[79]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[80]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[81]=RegData : software\microsoft\internet explorer\main "Start Page"
obj[83]=File : C:\WINDOWS\ahich.txt
obj[88]=File : C:\WINDOWS\wplog.txt

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[85]=File : C:\Documents and Settings\Paula\Favorites\Only sex website.url
obj[86]=File : C:\Documents and Settings\Paula\Favorites\Search the web.url
obj[87]=File : C:\Documents and Settings\Paula\Favorites\Seven days of free [bleep].url




Thanks
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 22 April 2005 - 12:43 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome to Geeks to go

In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R39 15.04.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck and

Andy
  • 0

#3
bratbut
Posted 22 April 2005 - 05:44 AM

bratbut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
sorry about my mistake here is a complete log file.




Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 6:32:07 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references.
Tracking Cookie(TAC index:3):2 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Include Alternate Datastream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-2005 6:32:07 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Paula\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Paula\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\picture it! publishing\5.0\recent file list
Description : list of recently used files in microsoft picture it!


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1004336348-362288127-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 392
ThreadCreationTime : 4-22-2005 3:37:46 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 4-22-2005 3:37:47 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 4-22-2005 3:37:49 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 4-22-2005 3:37:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 4-22-2005 3:37:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 4-22-2005 3:37:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 740
ThreadCreationTime : 4-22-2005 3:37:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 844
ThreadCreationTime : 4-22-2005 3:37:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 4-22-2005 3:37:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1048
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1204
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1216
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal


#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1232
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1252
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1288
ThreadCreationTime : 4-22-2005 3:37:54 AM
BasePriority : Normal
FileVersion : 4, 0, 6, 1
ProductVersion : 4, 0, 6, 1
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1408
ThreadCreationTime : 4-22-2005 3:37:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 4-22-2005 3:37:55 AM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:19 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2040
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal
FileVersion : 6.14.10.5021
ProductVersion : 6.14.10.5021
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:20 [ikeymain.exe]
FilePath : C:\PROGRA~1\Keyboard\
ProcessID : 144
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal


#:21 [htpatch.exe]
FilePath : C:\WINDOWS\
ProcessID : 156
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal


#:22 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 176
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:23 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 184
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 200
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:25 [hydradm.exe]
FilePath : C:\Program Files\ATI Technologies\ATI HydraVision\
ProcessID : 188
ThreadCreationTime : 4-22-2005 3:38:37 AM
BasePriority : Normal
FileVersion : 3.21.2108
ProductVersion : 3.21.2108
ProductName : ATI Technologies Inc. HydraVision Desktop Manager
CompanyName : ATI Technologies Inc.
FileDescription : HydraDM
InternalName : HydraDM
LegalCopyright : Copyright © ATI Technologies Inc. 1985-2002
OriginalFilename : HydraDM.exe

#:26 [wp.exe]
FilePath : C:\
ProcessID : 224
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal


#:27 [callwaveaccel.exe]
FilePath : C:\Program Files\CIA\
ProcessID : 236
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal
FileVersion : 3.2.12
ProductVersion : 3.2.12

#:28 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 240
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:29 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 248
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:30 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 260
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal
FileVersion : 3.07.4 (3-September-2004)
ProductVersion : 3.07.4 (3-September-2004)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe

#:31 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 944
ThreadCreationTime : 4-22-2005 3:38:44 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:32 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1448
ThreadCreationTime : 4-22-2005 3:38:45 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:33 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 1012
ThreadCreationTime : 4-22-2005 3:39:12 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:34 [spybotsd.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 2284
ThreadCreationTime : 4-22-2005 11:29:31 AM
BasePriority : Normal
FileVersion : 1.4.0.0
ProductVersion : 1, 4, 0, 0
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:35 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 1808
ThreadCreationTime : 4-22-2005 11:31:56 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 28


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 28


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 28


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : paula@atdmt[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-20-2010 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : paula@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 2
Objects found so far: 30



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 30


Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 30

6:41:32 AM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:25.469
Objects scanned:166964
Objects identified:2
Objects ignored:0
New Critical Objects:2


thanks
  • 0

#4
Guest_Andy_veal_*
Posted 22 April 2005 - 10:06 AM

Guest_Andy_veal_*
  • Guest

#:26 [wp.exe]
FilePath : C:\
ProcessID : 224
ThreadCreationTime : 4-22-2005 3:38:38 AM
BasePriority : Normal


Do you know what process this is?

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.


To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.


Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#5
bratbut
Posted 23 April 2005 - 09:20 AM

bratbut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I do now know what that process is. Sorry I could not help. Here is another log file.




Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 23, 2005 10:00:29 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Include Alternate Datastream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 10:00:29 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 392
ThreadCreationTime : 4-23-2005 2:32:37 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 4-23-2005 2:32:38 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 4-23-2005 2:32:42 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 4-23-2005 2:32:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 4-23-2005 2:32:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 4-23-2005 2:32:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 740
ThreadCreationTime : 4-23-2005 2:32:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 4-23-2005 2:32:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 924
ThreadCreationTime : 4-23-2005 2:32:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1056
ThreadCreationTime : 4-23-2005 2:32:45 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1260
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1272
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal


#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1292
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1308
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1336
ThreadCreationTime : 4-23-2005 2:32:47 PM
BasePriority : Normal
FileVersion : 4, 0, 6, 1
ProductVersion : 4, 0, 6, 1
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:17 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1404
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal
FileVersion : 6.14.10.5021
ProductVersion : 6.14.10.5021
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [ikeymain.exe]
FilePath : C:\PROGRA~1\Keyboard\
ProcessID : 1412
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal


#:19 [htpatch.exe]
FilePath : C:\WINDOWS\
ProcessID : 1420
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal


#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1428
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1436
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:22 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1444
ThreadCreationTime : 4-23-2005 2:32:48 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:23 [hydradm.exe]
FilePath : C:\Program Files\ATI Technologies\ATI HydraVision\
ProcessID : 1452
ThreadCreationTime : 4-23-2005 2:32:49 PM
BasePriority : Normal
FileVersion : 3.21.2108
ProductVersion : 3.21.2108
ProductName : ATI Technologies Inc. HydraVision Desktop Manager
CompanyName : ATI Technologies Inc.
FileDescription : HydraDM
InternalName : HydraDM
LegalCopyright : Copyright © ATI Technologies Inc. 1985-2002
OriginalFilename : HydraDM.exe

#:24 [wp.exe]
FilePath : C:\
ProcessID : 1472
ThreadCreationTime : 4-23-2005 2:32:49 PM
BasePriority : Normal


#:25 [callwaveaccel.exe]
FilePath : C:\Program Files\CIA\
ProcessID : 1532
ThreadCreationTime : 4-23-2005 2:32:50 PM
BasePriority : Normal
FileVersion : 3.2.12
ProductVersion : 3.2.12

#:26 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1548
ThreadCreationTime : 4-23-2005 2:32:50 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:27 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1588
ThreadCreationTime : 4-23-2005 2:32:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:28 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 1616
ThreadCreationTime : 4-23-2005 2:32:50 PM
BasePriority : Normal
FileVersion : 3.07.4 (3-September-2004)
ProductVersion : 3.07.4 (3-September-2004)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe

#:29 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 4-23-2005 2:32:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1944
ThreadCreationTime : 4-23-2005 2:32:54 PM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:31 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 812
ThreadCreationTime : 4-23-2005 2:32:59 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:32 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 816
ThreadCreationTime : 4-23-2005 2:33:01 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:33 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 1888
ThreadCreationTime : 4-23-2005 2:33:26 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:34 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2236
ThreadCreationTime : 4-23-2005 2:33:38 PM
BasePriority : Normal


#:35 [ad-aware.exe]
FilePath : C:\Program Files\Ad-Aware SE Personal\
ProcessID : 3172
ThreadCreationTime : 4-23-2005 2:59:24 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0
10:09:11 AM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:42.141
Objects scanned:142228
Objects identified:0
Objects ignored:0
New Critical Objects:0
  • 0

#6
Guest_Andy_veal_*
Posted 23 April 2005 - 06:04 PM

Guest_Andy_veal_*
  • Guest
Advise edited.

Please follow nommork's post below. :tazz:

Edited by Andy_veal, 23 April 2005 - 06:32 PM.

  • 0

#7
Guest_nommork_*
Posted 23 April 2005 - 06:09 PM

Guest_nommork_*
  • Guest
wp.exe is adware

Download the following program called Killbox from here: http://www.downloads...org/KillBox.zip

You can also try to have Killbox remove this file

Edited by Andy_veal, 23 April 2005 - 06:21 PM.

  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP