Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]adawareSE logcheck


  • Please log in to reply

#1
GrapleIRIS

GrapleIRIS

    Member

  • Member
  • PipPip
  • 16 posts
I'm having an issue with what I believe is a hijacker. I cannot log into my msn messenger, my yahoo messenger, do a windows update, nor update any of my spyware programs.

The hijack forum asks to please have an adaware log anylized before posting there. I followed the instructions posted...below is the log. Please note I was unable to update due to whatever has a hold of my machine.

Any help with this is deeply appreciated.


Ad-Aware SE Build 1.05
Logfile Created on:Monday, April 25, 2005 12:57:21 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):17 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R32 10.03.2005
Internal build : 37
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 428186 Bytes
Total size : 1349216 Bytes
Signature data size : 1322253 Bytes
Reference data size : 26451 Bytes
Signatures total : 37482
Fingerprints total : 709
Fingerprints size : 26393 Bytes
Target categories : 15
Target families : 639


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:23 %
Total physical memory:458092 kb
Available physical memory:103184 kb
Total page file size:1082456 kb
Available on page file:823448 kb
Total virtual memory:2097024 kb
Available virtual memory:2042820 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-25-2005 12:57:21 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 396
ThreadCreationTime : 4-25-2005 2:09:56 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 4-25-2005 2:09:59 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 556
ThreadCreationTime : 4-25-2005 2:09:59 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 4-25-2005 2:10:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 4-25-2005 2:10:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 4-25-2005 2:10:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 4-25-2005 2:10:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 4-25-2005 2:10:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 968
ThreadCreationTime : 4-25-2005 2:10:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 4-25-2005 2:10:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1296
ThreadCreationTime : 4-25-2005 2:10:03 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1332
ThreadCreationTime : 4-25-2005 2:10:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 1456
ThreadCreationTime : 4-25-2005 2:10:05 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [hpqcmon.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
ProcessID : 1472
ThreadCreationTime : 4-25-2005 2:10:05 AM
BasePriority : Normal
FileVersion : 1.2.0.66
ProductVersion : 1.2.0.66
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:15 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1480
ThreadCreationTime : 4-25-2005 2:10:05 AM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:16 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 1488
ThreadCreationTime : 4-25-2005 2:10:05 AM
BasePriority : High


#:17 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1500
ThreadCreationTime : 4-25-2005 2:10:05 AM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ProcessID : 1880
ThreadCreationTime : 4-25-2005 2:10:06 AM
BasePriority : Normal


#:19 [hpztsb08.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 1888
ThreadCreationTime : 4-25-2005 2:10:06 AM
BasePriority : Normal
FileVersion : 2,223,0,0
ProductVersion : 2,223,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003

#:20 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1896
ThreadCreationTime : 4-25-2005 2:10:06 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:21 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1908
ThreadCreationTime : 4-25-2005 2:10:06 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:22 [hpgs2wnf.exe]
FilePath : c:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1952
ThreadCreationTime : 4-25-2005 2:10:07 AM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:23 [ppcontrol.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ProcessID : 1988
ThreadCreationTime : 4-25-2005 2:10:07 AM
BasePriority : Normal
FileVersion : 4, 4, 4, 73
ProductVersion : 4.4
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : PestPatrol tray application
InternalName : ppcontrol
LegalCopyright : Copyright © 2004 Computer Associates International
OriginalFilename : ppcontrol.exe

#:24 [ppmemcheck.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ProcessID : 2016
ThreadCreationTime : 4-25-2005 2:10:07 AM
BasePriority : Normal


#:25 [cookiepatrol.exe]
FilePath : C:\PROGRA~1\PESTPA~1\
ProcessID : 2044
ThreadCreationTime : 4-25-2005 2:10:07 AM
BasePriority : Normal
FileVersion : 4, 4, 4, 82
ProductVersion : 4, 4, 4, 0
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : CookiePatrol Application
InternalName : CookiePatrol
LegalCopyright : Copyright © 2005 Computer Associates International, Inc.
OriginalFilename : CookiePatrol.exe

#:26 [msnappau.exe]
FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\
ProcessID : 140
ThreadCreationTime : 4-25-2005 2:10:07 AM
BasePriority : Normal


#:27 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 184
ThreadCreationTime : 4-25-2005 2:10:08 AM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 192
ThreadCreationTime : 4-25-2005 2:10:08 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 236
ThreadCreationTime : 4-25-2005 2:10:08 AM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:30 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 356
ThreadCreationTime : 4-25-2005 2:10:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:31 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 668
ThreadCreationTime : 4-25-2005 2:10:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:32 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 780
ThreadCreationTime : 4-25-2005 2:10:12 AM
BasePriority : Normal
FileVersion : 6.14.01.4303
ProductVersion : 6.14.01.4303
ProductName : NVIDIA Driver Helper Service, Version 43.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 43.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:33 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 4-25-2005 2:10:13 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1164
ThreadCreationTime : 4-25-2005 2:12:04 AM
BasePriority : Normal


#:35 [spamsubtract.exe]
FilePath : C:\Program Files\interMute\SpamSubtract\
ProcessID : 1416
ThreadCreationTime : 4-25-2005 2:12:06 AM
BasePriority : Normal
FileVersion : 1,0,0,66
ProductVersion : 1,0,0,66
ProductName : SpamSubtract from interMute
CompanyName : interMute, Inc.
FileDescription : SpamSubtract
InternalName : SpamSubtract
LegalCopyright : Copyright © 2002
OriginalFilename : SpamSubtract.EXE

#:36 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2084
ThreadCreationTime : 4-25-2005 2:12:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:37 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3208
ThreadCreationTime : 4-25-2005 2:12:38 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1092
ThreadCreationTime : 4-25-2005 2:16:43 AM
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:39 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2276
ThreadCreationTime : 4-25-2005 1:34:22 PM
BasePriority : Normal
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1276
ThreadCreationTime : 4-25-2005 4:49:33 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@servedby.advertising.com/
Expires : 5-25-2005 1:25:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@edge.ru4[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@edge.ru4.com/
Expires : 4-17-2035 7:08:34 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@advertising.com/
Expires : 4-24-2010 1:25:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[1].txt
Category : Data Miner
Comment : Hits:146
Value : Cookie:owner@valueclick.com/
Expires : 4-18-2030 9:34:58 PM
LastSync : Hits:146
UseCount : 0
Hits : 146

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@questionmarket.com/
Expires : 6-15-2006 1:12:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[1].txt
Category : Data Miner
Comment : Hits:24
Value : Cookie:owner@realmedia.com/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@tribalfusion.com/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@bluestreak.com/
Expires : 4-22-2015 4:51:20 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@2o7.net/
Expires : 4-24-2010 1:25:42 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
Category : Data Miner
Comment : Hits:445
Value : Cookie:owner@fastclick.net/
Expires : 4-24-2007 9:34:56 PM
LastSync : Hits:445
UseCount : 0
Hits : 445

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@atdmt.com/
Expires : 4-22-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@targetnet[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@targetnet.com/
Expires : 5-17-2033 11:33:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@overture[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@overture.com/
Expires : 4-23-2015 12:32:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@rccl.bridgetrack[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@rccl.bridgetrack.com/
Expires : 4-19-2006
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@doubleclick.net/
Expires : 4-23-2008 7:05:52 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@perf.overture[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@perf.overture.com/
Expires : 4-24-2009 12:30:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 17




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

1:21:02 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:41.329
Objects scanned:220756
Objects identified:17
Objects ignored:0
New critical objects:17
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
At this current point * SE1R40 20.04.2005 * is the most recent definition file.

Please could you update your definition file

Then to scan your computer using the full system setting.

Following by posting your new logfile here...

Thank you

All the best

Andy
  • 0

#3
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.
We need to see ad-aware "Full system scan", with latest definitions.
Please read Logfile posting instructions
And post a new log.

(Also what comes to tracking cookies, please delete them before you post a new log)

- Rawe :tazz:
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Oh, Andy was faster than me :tazz:
  • 0

#5
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok...is there a way i can download the update I need other than the way that is posted? I CANNOT update my adaware definitions in the manner suggested as whatever has hold of my machine won't allow it. The server will not connect to update.
  • 0

#6
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok...never mind that last post...I think I was able to find the correct update on line and substitute it into the Adaware folder...in any case it isn't prompting me to update anymore and does say SE1R40 20.04.2005 ... am running the full scan now...hopefully that will have worked

Edited by GrapleIRIS, 25 April 2005 - 12:46 PM.

  • 0

#7
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
and here it is:

Ad-Aware SE Build 1.05
Logfile Created on:Monday, April 25, 2005 2:39:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer(TAC index:5):2 total references
Lycos Sidesearch(TAC index:7):9 total references
Tracking Cookie(TAC index:3):4 total references
Win32.TrojanDownloader.Agent.De(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:11 %
Total physical memory:458092 kb
Available physical memory:49736 kb
Total page file size:1082456 kb
Available on page file:866976 kb
Total virtual memory:2097024 kb
Available virtual memory:2045824 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-25-2005 2:39:19 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 476
ThreadCreationTime : 4-25-2005 5:31:18 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 4-25-2005 5:31:21 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 560
ThreadCreationTime : 4-25-2005 5:31:21 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 4-25-2005 5:31:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 4-25-2005 5:31:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 764
ThreadCreationTime : 4-25-2005 5:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 840
ThreadCreationTime : 4-25-2005 5:31:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 908
ThreadCreationTime : 4-25-2005 5:31:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 972
ThreadCreationTime : 4-25-2005 5:31:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1072
ThreadCreationTime : 4-25-2005 5:31:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1308
ThreadCreationTime : 4-25-2005 5:31:26 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1348
ThreadCreationTime : 4-25-2005 5:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1456
ThreadCreationTime : 4-25-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 1476
ThreadCreationTime : 4-25-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 1.2.0.66
ProductVersion : 1.2.0.66
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:15 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 1488
ThreadCreationTime : 4-25-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:16 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1496
ThreadCreationTime : 4-25-2005 5:31:27 PM
BasePriority : High


#:17 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1512
ThreadCreationTime : 4-25-2005 5:31:28 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [hpwuschd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
ProcessID : 1692
ThreadCreationTime : 4-25-2005 5:31:28 PM
BasePriority : Normal


#:19 [hpztsb08.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe"
ProcessID : 1732
ThreadCreationTime : 4-25-2005 5:31:28 PM
BasePriority : Normal
FileVersion : 2,223,0,0
ProductVersion : 2,223,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003

#:20 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 1752
ThreadCreationTime : 4-25-2005 5:31:28 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:21 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 1768
ThreadCreationTime : 4-25-2005 5:31:29 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:22 [ppcontrol.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\PPControl.exe
Command Line : "C:\PROGRA~1\PESTPA~1\PPControl.exe"
ProcessID : 1960
ThreadCreationTime : 4-25-2005 5:31:29 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 73
ProductVersion : 4.4
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : PestPatrol tray application
InternalName : ppcontrol
LegalCopyright : Copyright © 2004 Computer Associates International
OriginalFilename : ppcontrol.exe

#:23 [ppmemcheck.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
Command Line : "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
ProcessID : 1996
ThreadCreationTime : 4-25-2005 5:31:29 PM
BasePriority : Normal


#:24 [cookiepatrol.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
Command Line : "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
ProcessID : 2024
ThreadCreationTime : 4-25-2005 5:31:29 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 82
ProductVersion : 4, 4, 4, 0
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : CookiePatrol Application
InternalName : CookiePatrol
LegalCopyright : Copyright © 2005 Computer Associates International, Inc.
OriginalFilename : CookiePatrol.exe

#:25 [hpgs2wnf.exe]
ModuleName : c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 2036
ThreadCreationTime : 4-25-2005 5:31:30 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:26 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 2044
ThreadCreationTime : 4-25-2005 5:31:30 PM
BasePriority : Normal


#:27 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 164
ThreadCreationTime : 4-25-2005 5:31:30 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 172
ThreadCreationTime : 4-25-2005 5:31:30 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe" -cnetwait.odl
ProcessID : 228
ThreadCreationTime : 4-25-2005 5:31:30 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:30 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 400
ThreadCreationTime : 4-25-2005 5:31:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:31 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 468
ThreadCreationTime : 4-25-2005 5:31:34 PM
BasePriority : Normal


#:32 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\GEARSEC.EXE
Command Line : C:\WINDOWS\System32\GEARSEC.EXE
ProcessID : 816
ThreadCreationTime : 4-25-2005 5:31:35 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:33 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 896
ThreadCreationTime : 4-25-2005 5:31:35 PM
BasePriority : Normal
FileVersion : 6.14.01.4303
ProductVersion : 6.14.01.4303
ProductName : NVIDIA Driver Helper Service, Version 43.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 43.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1108
ThreadCreationTime : 4-25-2005 5:31:36 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:35 [rnathchk.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe"
ProcessID : 1588
ThreadCreationTime : 4-25-2005 5:32:38 PM
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:36 [spamsubtract.exe]
ModuleName : C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
Command Line : "C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe" -q
ProcessID : 948
ThreadCreationTime : 4-25-2005 5:33:25 PM
BasePriority : Normal
FileVersion : 1,0,0,66
ProductVersion : 1,0,0,66
ProductName : SpamSubtract from interMute
CompanyName : interMute, Inc.
FileDescription : SpamSubtract
InternalName : SpamSubtract
LegalCopyright : Copyright © 2002
OriginalFilename : SpamSubtract.EXE

#:37 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 192
ThreadCreationTime : 4-25-2005 5:33:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 3056
ThreadCreationTime : 4-25-2005 5:33:56 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:39 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
ProcessID : 3596
ThreadCreationTime : 4-25-2005 5:34:23 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3668
ThreadCreationTime : 4-25-2005 6:36:49 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}
Value :

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}
Value :

Win32.TrojanDownloader.Agent.De Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : retro64_loader.r64loader.1

Win32.TrojanDownloader.Agent.De Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : retro64_loader.r64loader.1
Value :

Win32.TrojanDownloader.Agent.De Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : retro64_loader.r64loader

Win32.TrojanDownloader.Agent.De Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : retro64_loader.r64loader
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafic[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@trafic.ro/
Expires : 1-11-2037 10:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@versiontracker[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@versiontracker.com/
Expires : 4-25-2007 2:13:08 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@atdmt.com/
Expires : 4-23-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 12



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\
FileVersion : 1, 8, 1, 0
ProductVersion : 1, 8, 1, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32


Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\
FileVersion : 1, 8, 0, 0
ProductVersion : 1, 8, 0, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : DisplayName

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : UninstallString

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoModify

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoRepair

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 19

3:02:43 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:24.15
Objects scanned:231987
Objects identified:19
Objects ignored:0
New critical objects:19
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#9
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I am a person who really appreciates help...especially knowing that you all work for free. I am doing my absolute best to follow instructions as presented. However, I'm confused and getting frustrated.

Your instruction tell me to disconnect from the internet...and then to download the CCCleaning program....

Later I'm instructed to : Please shutdown/restart your computer after removal, run a new scan and post the results as a reply. Do not launch any programs or connect to the internet at this time....

How do I post if I'm not connected?

In any case the log comes out completely clean so I don't think there is anything to post?

This hasn't fixed my original problem (as i don't think it was meant to) would it be ok for me to post to the hijack this forum now?
  • 0

#10
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Sorry about the confusion.

:tazz:

Please download CCleaner,

Scan with Ad-aware

Connect to the internet and post your new logfile.

This hasn't fixed my original problem (as i don't think it was meant to) would it be ok for me to post to the hijack this forum now?


Could you possibly post your latest Ad-aware SE logfile?

Thanks


Andy
  • 0

Advertisements


#11
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 28, 2005 8:52:23 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:20 %
Total physical memory:458092 kb
Available physical memory:91600 kb
Total page file size:1082456 kb
Available on page file:871324 kb
Total virtual memory:2097024 kb
Available virtual memory:2045944 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-28-2005 8:52:23 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 476
ThreadCreationTime : 4-28-2005 12:28:16 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 4-28-2005 12:28:19 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 4-28-2005 12:28:19 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 4-28-2005 12:28:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 612
ThreadCreationTime : 4-28-2005 12:28:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 764
ThreadCreationTime : 4-28-2005 12:28:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 840
ThreadCreationTime : 4-28-2005 12:28:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 908
ThreadCreationTime : 4-28-2005 12:28:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 4-28-2005 12:28:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 4-28-2005 12:28:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1324
ThreadCreationTime : 4-28-2005 12:28:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1332
ThreadCreationTime : 4-28-2005 12:28:24 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1464
ThreadCreationTime : 4-28-2005 12:28:25 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 1480
ThreadCreationTime : 4-28-2005 12:28:25 PM
BasePriority : Normal
FileVersion : 1.2.0.66
ProductVersion : 1.2.0.66
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:15 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 1488
ThreadCreationTime : 4-28-2005 12:28:25 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:16 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1540
ThreadCreationTime : 4-28-2005 12:28:26 PM
BasePriority : High


#:17 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1564
ThreadCreationTime : 4-28-2005 12:28:26 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [hpwuschd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
ProcessID : 1904
ThreadCreationTime : 4-28-2005 12:28:26 PM
BasePriority : Normal


#:19 [hpztsb08.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe"
ProcessID : 1912
ThreadCreationTime : 4-28-2005 12:28:26 PM
BasePriority : Normal
FileVersion : 2,223,0,0
ProductVersion : 2,223,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003

#:20 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 1920
ThreadCreationTime : 4-28-2005 12:28:27 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:21 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 1928
ThreadCreationTime : 4-28-2005 12:28:27 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:22 [hpgs2wnf.exe]
ModuleName : c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 1968
ThreadCreationTime : 4-28-2005 12:28:27 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:23 [ppcontrol.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\PPControl.exe
Command Line : "C:\PROGRA~1\PESTPA~1\PPControl.exe"
ProcessID : 1984
ThreadCreationTime : 4-28-2005 12:28:27 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 73
ProductVersion : 4.4
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : PestPatrol tray application
InternalName : ppcontrol
LegalCopyright : Copyright © 2004 Computer Associates International
OriginalFilename : ppcontrol.exe

#:24 [ppmemcheck.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
Command Line : "C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
ProcessID : 2032
ThreadCreationTime : 4-28-2005 12:28:28 PM
BasePriority : Normal


#:25 [cookiepatrol.exe]
ModuleName : C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
Command Line : "C:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
ProcessID : 132
ThreadCreationTime : 4-28-2005 12:28:28 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 82
ProductVersion : 4, 4, 4, 0
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : CookiePatrol Application
InternalName : CookiePatrol
LegalCopyright : Copyright © 2005 Computer Associates International, Inc.
OriginalFilename : CookiePatrol.exe

#:26 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 168
ThreadCreationTime : 4-28-2005 12:28:28 PM
BasePriority : Normal


#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 188
ThreadCreationTime : 4-28-2005 12:28:28 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:28 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe" -cnetwait.odl
ProcessID : 216
ThreadCreationTime : 4-28-2005 12:28:29 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:29 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 380
ThreadCreationTime : 4-28-2005 12:28:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:30 [spamsubtract.exe]
ModuleName : C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
Command Line : "C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe" -q
ProcessID : 440
ThreadCreationTime : 4-28-2005 12:28:32 PM
BasePriority : Normal
FileVersion : 1,0,0,66
ProductVersion : 1,0,0,66
ProductName : SpamSubtract from interMute
CompanyName : interMute, Inc.
FileDescription : SpamSubtract
InternalName : SpamSubtract
LegalCopyright : Copyright © 2002
OriginalFilename : SpamSubtract.EXE

#:31 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\GEARSEC.EXE
Command Line : C:\WINDOWS\System32\GEARSEC.EXE
ProcessID : 736
ThreadCreationTime : 4-28-2005 12:28:33 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:32 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 816
ThreadCreationTime : 4-28-2005 12:28:33 PM
BasePriority : Normal
FileVersion : 6.14.01.4303
ProductVersion : 6.14.01.4303
ProductName : NVIDIA Driver Helper Service, Version 43.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 43.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 944
ThreadCreationTime : 4-28-2005 12:28:33 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 1364
ThreadCreationTime : 4-28-2005 12:28:34 PM
BasePriority : Normal


#:35 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1436
ThreadCreationTime : 4-28-2005 12:30:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:36 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 2356
ThreadCreationTime : 4-28-2005 12:30:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:37 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 3124
ThreadCreationTime : 4-28-2005 12:30:31 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Owner\Desktop\New Text Document.txt
ProcessID : 2260
ThreadCreationTime : 4-28-2005 12:33:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:39 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\unzipped\hijackthis[1]\hijackthis.log
ProcessID : 2164
ThreadCreationTime : 4-28-2005 12:35:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:40 [rnathchk.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe"
ProcessID : 2500
ThreadCreationTime : 4-28-2005 12:35:59 PM
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:41 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[38c]SUSDS2262d55c7365cb4ea6faafae9b5e3697
ProcessID : 3068
ThreadCreationTime : 4-28-2005 12:50:25 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2236
ThreadCreationTime : 4-28-2005 12:52:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:owner@advertising.com/
Expires : 4-26-2010 5:07:12 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@2o7.net/
Expires : 4-26-2010 5:40:24 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

9:13:44 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:20.203
Objects scanned:206518
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again!
As I looked your Ad-aware log, it seems to be clean. Congratulations!
Only 2 tracking cookies showing, they are always safe to delete and are no security threat.
If you wish to do this, just run ccleaner.
How is your system working at the moment?
Any troubles?

- Rawe :tazz:
  • 0

#13
GrapleIRIS

GrapleIRIS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
my system is working fine as far as internet search and basic functions.

The reason I posted here at all was that I'm having a problem with what I believe is a hijacker of some sort. I cannot log into msn messenger, hotmail, yahoo messenger, update Windows, update any of my spyware programs, nor log into my ISP's mail system.

The hijack support people ask that the adaware staff check over adaware first...

So basically I'm jumping through a hoop here.

I've managed to manually update my adaware and spybot S & D and run them. I've also run Microtrend's on line scan, Panda's, and BitDefender's.

At this point everything is coming up clean, but my machine is still being blocked from certain sites....

ok to post to the hijack forum now?
  • 0

#14
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
It is ok, yes.
But..
Wait for an Ad-aware Expert to come and move (referr) this topic to Malware forums.
Don't start a new topic yet.

- Rawe :tazz:
  • 0

#15
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP