I done what you asked, but CCleaner did not appear able to delete 3 files in my /IE/summat, I the safe mode res I could not resolve the rest of the path. So I continued as you suggested and set up Adaware with the command line you said to invoke, Adawre did not launch and scan, so I assume the switch was to set some other option once I initiated the full scan?
Here is the logfile from that scan mate:
Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 19:52:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
PromulGate(TAC index:5):11 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:11 %
Total physical memory:261100 kb
Available physical memory:28260 kb
Total page file size:771928 kb
Available on page file:526752 kb
Total virtual memory:2097024 kb
Available virtual memory:2043388 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
27-04-2005 19:52:20 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 572
ThreadCreationTime : 27-04-2005 18:40:46
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 660
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 716
ThreadCreationTime : 27-04-2005 18:40:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 864
ThreadCreationTime : 27-04-2005 18:40:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 948
ThreadCreationTime : 27-04-2005 18:40:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1244
ThreadCreationTime : 27-04-2005 18:40:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 1348
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal
#:9 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : n/a
ProcessID : 1416
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:10 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1464
ThreadCreationTime : 27-04-2005 18:40:56
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:11 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 1700
ThreadCreationTime : 27-04-2005 18:40:57
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:12 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 1776
ThreadCreationTime : 27-04-2005 18:40:57
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:13 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\lhcal10N.dll",DllGetVersion
ProcessID : 832
ThreadCreationTime : 27-04-2005 18:43:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1452
ThreadCreationTime : 27-04-2005 18:43:34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [atiptaxx.exe]
ModuleName : C:\WINDOWS\system32\atiptaxx.exe
Command Line : "C:\WINDOWS\system32\atiptaxx.exe"
ProcessID : 1884
ThreadCreationTime : 27-04-2005 18:43:41
BasePriority : Normal
FileVersion : 6.13.10.3017
ProductVersion : 6.13.10.3017
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:16 [ico.exe]
ModuleName : C:\WINDOWS\system32\ICO.EXE
Command Line : "C:\WINDOWS\system32\ICO.EXE"
ProcessID : 1172
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:17 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1364
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe
#:18 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 968
ThreadCreationTime : 27-04-2005 18:43:42
BasePriority : Normal
FileVersion : 6.6.0 05Jul02
ProductVersion : 6.6.0 05Jul02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe
#:19 [jogserv2.exe]
ModuleName : C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
Command Line : "C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe"
ProcessID : 312
ThreadCreationTime : 27-04-2005 18:43:43
BasePriority : Normal
FileVersion : 7, 1, 0, 7230
ProductVersion : 7, 1, 0, 7230
ProductName : Jog Dial Main Server Executable File
CompanyName : Sony Corporation
FileDescription : Jog Dial Main Server
InternalName : JogServ2
LegalCopyright : Copyright 1999,2000,2001,2002 Sony Corp.
OriginalFilename : JogServ2.EXE
#:20 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 936
ThreadCreationTime : 27-04-2005 18:43:43
BasePriority : Normal
#:21 [wlansta.exe]
ModuleName : C:\WINDOWS\system32\WLANSTA.EXE
Command Line : "C:\WINDOWS\system32\WLANSTA.EXE" START
ProcessID : 2044
ThreadCreationTime : 27-04-2005 18:43:44
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : [email protected]
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>
#:22 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~2\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~2\navapw32.exe"
ProcessID : 1580
ThreadCreationTime : 27-04-2005 18:43:44
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
#:23 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 216
ThreadCreationTime : 27-04-2005 18:43:46
BasePriority : Normal
#:24 [gear511.exe]
ModuleName : C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
Command Line : "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
ProcessID : 448
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Normal
FileVersion : 1, 28, 10, 4
ProductVersion : 1, 28, 10, 4
ProductName : NetgearRev Application
FileDescription : NetgearRev MFC Application
InternalName : NetgearRev
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearRev.EXE
#:25 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 468
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 492
ThreadCreationTime : 27-04-2005 18:43:47
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:27 [thguard.exe]
ModuleName : C:\Program Files\TrojanHunter 4.2\THGuard.exe
Command Line : "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
ProcessID : 560
ThreadCreationTime : 27-04-2005 18:43:48
BasePriority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe
#:28 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 1044
ThreadCreationTime : 27-04-2005 18:43:49
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0
#:29 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1128
ThreadCreationTime : 27-04-2005 18:43:49
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:30 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2168
ThreadCreationTime : 27-04-2005 18:43:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2796
ThreadCreationTime : 27-04-2005 18:43:58
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:32 [histkill.exe]
ModuleName : C:\Program Files\HistoryKill\histkill.exe
Command Line : "C:\Program Files\HistoryKill\histkill.exe" /startup
ProcessID : 3000
ThreadCreationTime : 27-04-2005 18:44:00
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HistoryKill
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HistoryKill privacy utility
InternalName : histkill
LegalCopyright : © Copyright SwankSoft Technologies, Inc. 1998-2003
OriginalFilename : histkill.exe
Comments : http://www.historykill.com
#:33 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 3888
ThreadCreationTime : 27-04-2005 18:44:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:34 [hkpopupkiller.exe]
ModuleName : C:\Program Files\HistoryKill\hkPopupKiller.exe
Command Line : "C:\Program Files\HistoryKill\hkPopupKiller.exe" /STARTUP
ProcessID : 2412
ThreadCreationTime : 27-04-2005 18:44:18
BasePriority : Normal
FileVersion : 2003.01.0003
ProductVersion : 2003.01.0003
ProductName : HK PopUp Killer
CompanyName : SwankSoft Technologies, Inc.
FileDescription : HK PopUp Killer
InternalName : hkPopupKiller
LegalCopyright : SwankSoft Technologies, Inc.
LegalTrademarks : HistoryKill
OriginalFilename : hkPopupKiller.exe
#:35 [audevicemgr.exe]
ModuleName : C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
Command Line : "C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe"
ProcessID : 2624
ThreadCreationTime : 27-04-2005 18:44:41
BasePriority : Normal
FileVersion : 1, 2, 6, 0
ProductVersion : 1, 2, 6, 0
ProductName : Phone Connection Monitor
CompanyName : Teleca Software Solutions AB
FileDescription : Phone Connection Monitor application
InternalName : Device Manager
LegalCopyright : Copyright © 2002 Teleca Software Solutions AB
OriginalFilename : audevicemgr.exe
#:36 [pcfmgr.exe]
ModuleName : C:\Program Files\PowerPanel\Program\PcfMgr.exe
Command Line : "C:\Program Files\PowerPanel\Program\PcfMgr.exe" /launch
ProcessID : 1972
ThreadCreationTime : 27-04-2005 18:44:47
BasePriority : Normal
FileVersion : 5.0.0.1
ProductVersion : 5.0.0-S001
ProductName : PowerPanel 3.0
CompanyName : Phoenix Technologies Ltd.
FileDescription : PCF Manager Local Server
InternalName : PCFMgr
LegalCopyright : Copyright © 1998, Phoenix Technologies Ltd.
LegalTrademarks : PowerPanel 3.0
OriginalFilename : PCFMgr.exe
#:37 [connmn~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE -Embedding
ProcessID : 3608
ThreadCreationTime : 27-04-2005 18:45:12
BasePriority : Normal
FileVersion : 1, 0, 0, 28
ProductVersion : 1, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : ConnMngmntBox Module
InternalName : ConnMngmntBox
LegalCopyright : Copyright © Symbian Ltd. 2001
OriginalFilename : ConnMngmntBox.EXE
#:38 [mrouterruntime.exe]
ModuleName : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
Command Line : C:\PROGRA~1\Intuwave\Shared\MROUTE~1\mRouterRuntime.exe
ProcessID : 4044
ThreadCreationTime : 27-04-2005 18:45:16
BasePriority : Normal
FileVersion : 2, 0, 0, 356
ProductVersion : 2, 0, 0, 1
ProductName : Symbian Connect
CompanyName : Symbian Ltd.
FileDescription : mRouterRuntime MFC Application
InternalName : mRouterRuntime
LegalCopyright : Copyright © Symbian Ltd. 2001
LegalTrademarks : EPOC
OriginalFilename : mRouterRuntime.EXE
#:39 [epmwor~1.exe]
ModuleName : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
Command Line : C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE -Embedding
ProcessID : 2744
ThreadCreationTime : 27-04-2005 18:45:25
BasePriority : Normal
FileVersion : 1, 2, 0,873
ProductVersion : 1,2,0,209
ProductName : CAPI_Worker Module
CompanyName : Teleca Software Solutions AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 1999-2002 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : EPMWorker.EXE
#:40 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : n/a
ProcessID : 3024
ThreadCreationTime : 27-04-2005 18:47:57
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:41 [tmjgqvi.exe]
ModuleName : c:\windows\system32\tmjgqvi.exe
Command Line : "c:\windows\system32\tmjgqvi.exe" qkcsux
ProcessID : 2924
ThreadCreationTime : 27-04-2005 18:48:39
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:42 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\adaware.txt
ProcessID : 4060
ThreadCreationTime : 27-04-2005 18:51:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3236
ThreadCreationTime : 27-04-2005 18:52:02
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 12
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
13 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
20:21:57 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:36.835
Objects scanned:168920
Objects identified:12
Objects ignored:0
New critical objects:12