Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Adaware SE First Ever Log

Started by icarusq , Apr 26 2005 06:45 AM

  • Please log in to reply

#16
icarusq
Posted 27 April 2005 - 01:59 PM

icarusq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK Rawe,
I done what you asked, but CCleaner did not appear able to delete 3 files in my /IE/summat, I the safe mode res I could not resolve the rest of the path. So I continued as you suggested and set up Adaware with the command line you said to invoke, Adawre did not launch and scan, so I assume the switch was to set some other option once I initiated the full scan?
Here is the logfile from that scan mate:


Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 19:52:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
PromulGate(TAC index:5):11 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:11 %
Total physical memory:261100 kb
Available physical memory:28260 kb
Total page file size:771928 kb
Available on page file:526752 kb
Total virtual memory:2097024 kb
Available virtual memory:2043388 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 19:52:20 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 572
ThreadCreationTime : 27-04-2005 18:40:46
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 660
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 716
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 864
ThreadCreationTime : 27-04-2005 18:40:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 948
ThreadCreationTime : 27-04-2005 18:40:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1244
ThreadCreationTime : 27-04-2005 18:40:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 1348
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal


#:9 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : n/a
ProcessID : 1416
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:10 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1464
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:11 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 1700
ThreadCreationTime : 27-04-2005 18:40:57
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:12 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 1776
ThreadCreationTime : 27-04-2005 18:40:57
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:13 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\lhcal10N.dll",DllGetVersion
ProcessID : 832
ThreadCreationTime : 27-04-2005 18:43:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1452
ThreadCreationTime : 27-04-2005 18:43:34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\atiptaxx.exe
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 1884
ThreadCreationTime : 27-04-2005 18:43:41
BasePriority : Normal
FileVersion : 6.13.10.3017
ProductVersion : 6.13.10.3017
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:16 [ico.exe]
ModuleName : C:\WINDOWS\system32\ICO.EXE
Command Line : "C:\WINDOWS\system32\ICO.EXE"
ProcessID : 1172
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:17 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1364
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:18 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 968
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:19 [jogserv2.exe]
ModuleName : C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
Command Line : "C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe"
ProcessID : 312
ThreadCreationTime : 27-04-2005 18:43:43
BasePriority : Normal
FileVersion : 7, 1, 0, 7230
ProductVersion : 7, 1, 0, 7230
ProductName : Jog Dial Main Server Executable File
CompanyName : Sony Corporation
FileDescription : Jog Dial Main Server
InternalName : JogServ2
LegalCopyright : Copyright 1999,2000,2001,2002 Sony Corp.
OriginalFilename : JogServ2.EXE

#:20 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 936
ThreadCreationTime : 27-04-2005 18:43:43
BasePriority : Normal


#:21 [wlansta.exe]
ModuleName : C:\WINDOWS\system32\WLANSTA.EXE
Command Line : "C:\WINDOWS\system32\WLANSTA.EXE" START
ProcessID : 2044
ThreadCreationTime : 27-04-2005 18:43:44
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:22 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~2\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~2\navapw32.exe"
ProcessID : 1580
ThreadCreationTime : 27-04-2005 18:43:44
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:23 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 216
ThreadCreationTime : 27-04-2005 18:43:46
BasePriority : Normal


#:24 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 448
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE

#:25 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 468
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 492
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:27 [thguard.exe]
ModuleName : C:\Program Files\TrojanHunter 4.2\THGuard.exe
Command Line : "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
ProcessID : 560
ThreadCreationTime : 27-04-2005 18:43:48
BasePriority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:28 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 1044
ThreadCreationTime : 27-04-2005 18:43:49
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:29 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1128
ThreadCreationTime : 27-04-2005 18:43:49
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:30 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2168
ThreadCreationTime : 27-04-2005 18:43:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2796
ThreadCreationTime : 27-04-2005 18:43:58
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:32 [histkill.exe]
ModuleName : C:\Program Files\HistoryKill\histkill.exe
Command Line : "C:\Program Files\HistoryKill\histkill.exe" /startup
ProcessID : 3000
ThreadCreationTime : 27-04-2005 18:44:00
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HistoryKill
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HistoryKill privacy utility
InternalName : histkill
LegalCopyright : © Copyright SwankSoft Technologies, Inc. 1998-2003
OriginalFilename : histkill.exe
Comments : http://www.historykill.com

#:33 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 3888
ThreadCreationTime : 27-04-2005 18:44:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [hkpopupkiller.exe]
ModuleName : C:\Program Files\HistoryKill\hkPopupKiller.exe
Command Line : "C:\Program Files\HistoryKill\hkPopupKiller.exe" /STARTUP
ProcessID : 2412
ThreadCreationTime : 27-04-2005 18:44:18
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HK PopUp Killer
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HK PopUp Killer
InternalName : hkPopupKiller
LegalCopyright : SwankSoft Technologies, Inc.
LegalTrademarks : HistoryKill™
OriginalFilename : hkPopupKiller.exe

#:35 [audevicemgr.exe]
ModuleName : C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
Command Line : "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe"
ProcessID : 2624
ThreadCreationTime : 27-04-2005 18:44:41
BasePriority : Normal
FileVersion : 1, 2, 6, 0
ProductVersion : 1, 2, 6, 0
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : audevicemgr.exe

#:36 [pcfmgr.exe]
ModuleName : C:\Program Files\PowerPanel\Program\PcfMgr.exe
Command Line : "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch
ProcessID : 1972
ThreadCreationTime : 27-04-2005 18:44:47
BasePriority : Normal
FileVersion : 5.0.0.1
ProductVersion : 5.0.0-S001
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0 ™
OriginalFilename : PCFMgr.exe

#:37 [connmn~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE -Embedding
ProcessID : 3608
ThreadCreationTime : 27-04-2005 18:45:12
BasePriority : Normal
FileVersion : 1, 0, 0, 28
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE

#:38 [mrouterruntime.exe]
ModuleName : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
Command Line : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
ProcessID : 4044
ThreadCreationTime : 27-04-2005 18:45:16
BasePriority : Normal
FileVersion : 2, 0, 0, 356
ProductVersion : 2, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Symbian Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE

#:39 [epmwor~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE -Embedding
ProcessID : 2744
ThreadCreationTime : 27-04-2005 18:45:25
BasePriority : Normal
FileVersion : 1, 2, 0,873
ProductVersion : 1,2,0,209
ProductName : CAPI_Worker Module
CompanyName : Teleca Software Solutions AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:40 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : n/a
ProcessID : 3024
ThreadCreationTime : 27-04-2005 18:47:57
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [tmjgqvi.exe]
ModuleName : c:\windows\system32\tmjgqvi.exe
Command Line : "c:\windows\system32\tmjgqvi.exe" qkcsux
ProcessID : 2924
ThreadCreationTime : 27-04-2005 18:48:39
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:42 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\adaware.txt
ProcessID : 4060
ThreadCreationTime : 27-04-2005 18:51:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3236
ThreadCreationTime : 27-04-2005 18:52:02
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 12


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 12




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

20:21:57 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:36.835
Objects scanned:168920
Objects identified:12
Objects ignored:0
New critical objects:12
  • 0

Advertisements

#17
icarusq
Posted 27 April 2005 - 02:05 PM

icarusq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
#:41 [tmjgqvi.exe]

This is the TODO right? MS Spyware launched a window when windows started asking me to allow or block this, I picked block, then a Windows dialogue asked me to confirm this blocking action and I confirmed it. Yet it's still listed in the scan?
Just thought I'd mention that in case it's of any use. Sorry I left notepad open, I had your instructions in it to do the process, No printer at home mate!
Dal
  • 0

#18
Guest_Andy_veal_*
Posted 27 April 2005 - 05:50 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP