Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Adaware is version 6, not 1.5

Started by phoenixworld , Apr 27 2005 12:08 AM

  • This topic is locked This topic is locked

#1
phoenixworld
Posted 27 April 2005 - 12:08 AM

phoenixworld

    Member

  • Member
  • PipPip
  • 23 posts
Hi

I have this damned Azesearch thing screwing with my Google results :tazz:

I read the initial instructions, but I have Lavasoft's Adaware and it's version 6! Not 1.6. but 6. The instructions talk about version 1.5 I think, and lots of things are different! I don't want to go through a whole lot of stuff and find I have to start again ;)

Any advice please?

many thanks

philip
  • 0

Advertisements

#2
Rawe
Posted 27 April 2005 - 12:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there..
Do you have Ad-aware SE personal?
If so, you need to follow these instructions;
First, uninstall your current version of Ad-aware.
Then, go in this link and install latest version here;
Ad-aware SE install
After installed, open it up and read Logfile Posting Instructions
again, and post a fresh Ad-aware log here, if you wish assistance.

- Rawe :tazz:
  • 0

#3
phoenixworld
Posted 27 April 2005 - 02:55 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Rawe

Thanks for your help. I installed AA 1.5 and ran it. Unfortunately didn't get the log file, so I ran it again straight away. Interestingly it picked up another bunch! Anyhow, here's the log - hope I did it right.

Thanks again - I appreciate your help :tazz:

Before I go - the remaining symptoms (that I know of) are that when I do a Google search, the "Preferences" seem to be disabled, and there's always some kind of result referring to "Starware" in the listing


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, 27 April 2005 4:38:12 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
CrackSpider(TAC index:4):1 total references
Lop(TAC index:7):4 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:391088 kb
Available physical memory:101376 kb
Total page file size:550196 kb
Available on page file:319500 kb
Total virtual memory:2097024 kb
Available virtual memory:2040032 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 4:38:12 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 272
ThreadCreationTime : 27-04-2005 8:29:09 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 27-04-2005 8:29:15 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 476
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 488
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 648
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 728
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 916
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 932
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1144
ThreadCreationTime : 27-04-2005 8:29:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 27-04-2005 8:29:26 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 1548
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:13 [mysqld.exe]
ModuleName : C:\mysql\bin\mysqld.exe
Command Line : C:\mysql\bin\mysqld MySQL
ProcessID : 1584
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal


#:14 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 1620
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.1564 (xpsp2_gdr.040517-1325)
ProductVersion : 5.1.2600.1564
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

#:15 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 1636
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1644
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:17 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 1652
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:18 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 1660
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1.63
ProductVersion : 1.63
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE

#:19 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 1668
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright © 2001
OriginalFilename : LaunchAp.EXE

#:20 [powerkey.exe]
ModuleName : C:\Program Files\Launch Manager\PowerKey.exe
Command Line : "C:\Program Files\Launch Manager\PowerKey.exe"
ProcessID : 1676
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
FileDescription : Powerkey
InternalName : Powerkey
LegalCopyright : Copyright © 2001
OriginalFilename : Powerkey.exe

#:21 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 1704
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 3
ProductVersion : 1, 0, 2, 3
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe

#:22 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 1712
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal


#:23 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 1720
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE

#:24 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1728
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:25 [pgpsdkserv.exe]
ModuleName : C:\WINDOWS\System32\PGPsdkServ.exe
Command Line : C:\WINDOWS\System32\PGPsdkServ.exe
ProcessID : 1736
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3.0.3
ProductVersion : 3.0.3
ProductName : PGPsdk
CompanyName : PGP Corporation
FileDescription : PGP Software Development Kit Service
InternalName : PGPsdkService
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPsdkServ.exe

#:26 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1816
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1824
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:28 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1840
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1876
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal


#:30 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1916
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [iutil.exe]
ModuleName : C:\PROGRA~1\iMarkup\iUtil.exe
Command Line : "C:\PROGRA~1\iMarkup\iUtil.exe" ST
ProcessID : 1964
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : iUtil Application
CompanyName : iMarkup Solutions, Inc.
FileDescription : iUtil Application
InternalName : iUtil
LegalCopyright : Copyright © 1999
LegalTrademarks : iMarkup
OriginalFilename : iUtil.exe

#:32 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1984
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 2004
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 128
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [toggler.exe]
ModuleName : C:\Documents and Settings\User\Desktop\Toggler\toggler.exe
Command Line : "C:\Documents and Settings\User\Desktop\Toggler\toggler.exe"
ProcessID : 164
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : Toggler
CompanyName : Aestas Software
FileDescription : Manage your Caps/Num Lock and Insert keys
InternalName : Toggler
LegalCopyright : Copyright © Aestas Software 2001
OriginalFilename : toggler.exe
Comments : Built 18 January, 2001

#:36 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 136
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal


#:37 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 264
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 316
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:39 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 492
ThreadCreationTime : 27-04-2005 8:29:31 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:40 [ocrawr32.exe]
ModuleName : C:\OPLIMIT\ocrawr32.exe
Command Line : C:\OPLIMIT\ocrawr32.exe oplimit.ini
ProcessID : 836
ThreadCreationTime : 27-04-2005 8:29:32 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : OmniPage Limited Edition
CompanyName : Caere Corporation
FileDescription : Ocraware32
InternalName : Ocraware32
LegalCopyright : Copyright © 1995 Caere Corporation
OriginalFilename : Ocrawr32.exe

#:41 [airplus.exe]
ModuleName : C:\Program Files\D-Link AirPlus\AirPlus.exe
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 1340
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal
FileVersion : 3, 0, 5, 0
ProductVersion : 3, 0, 5, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © 2002
OriginalFilename : AIRPLUS.EXE

#:42 [ultramon.exe]
ModuleName : C:\Program Files\UltraMon\UltraMon.exe
Command Line : "C:\Program Files\UltraMon\UltraMon.exe"
ProcessID : 1388
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal


#:43 [pgptray.exe]
ModuleName : C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
Command Line : "C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe"
ProcessID : 1416
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 8.0.3
ProductVersion : 8.0.3
ProductName : PGP
CompanyName : PGP Corporation
FileDescription : PGP System Tray Application
InternalName : PGPtray
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPtray.exe

#:44 [ultramontaskbar.exe]
ModuleName : C:\Program Files\UltraMon\UltraMonTaskbar.exe
Command Line : "C:\Program Files\UltraMon\UltraMonTaskbar.exe"
ProcessID : 1796
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Idle


#:45 [vsaccess.exe]
ModuleName : C:\VSTASCAN\vsaccess.exe
Command Line : "C:\VSTASCAN\vsaccess.exe"
ProcessID : 952
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 1. 02
ProductVersion : 1. 02
ProductName : UMAX VistaAccess
CompanyName : UMAX
FileDescription : VsAccess
InternalName : VsAccess
LegalCopyright : Copyright © 1999
OriginalFilename : VsAccess.exe
Comments : Written by Chang Pei-Hwa, 1999

#:46 [winmysqladmin.exe]
ModuleName : C:\mysql\bin\winmysqladmin.exe
Command Line : "C:\mysql\bin\winmysqladmin.exe"
ProcessID : 1892
ThreadCreationTime : 27-04-2005 8:29:37 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : WinMySQLadmin
CompanyName : MySQL AB
FileDescription : Administrator Tool for Win32
InternalName : WinMySQLadmin
LegalCopyright : Read Public File

#:47 [msiexec.exe]
ModuleName : C:\WINDOWS\System32\msiexec.exe
Command Line : C:\WINDOWS\System32\msiexec.exe /V
ProcessID : 1248
ThreadCreationTime : 27-04-2005 8:29:43 AM
BasePriority : Normal


#:48 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 2696
ThreadCreationTime : 27-04-2005 8:30:15 AM
BasePriority : Normal


#:49 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 2724
ThreadCreationTime : 27-04-2005 8:30:16 AM
BasePriority : Normal


#:50 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2240
ThreadCreationTime : 27-04-2005 8:36:41 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/cgi-bin
Expires : 25-04-2015 4:34:38 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0058615.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : A0058616.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


Lop Object Recognized!
Type : File
Data : A0058617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : File
Data : A0058619.dll
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058620.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058621.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
27 entries scanned.
New critical objects:0
Objects found so far: 10




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/twtini.PNF

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 11

4:45:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:37.985
Objects scanned:257344
Objects identified:10
Objects ignored:0
New critical objects:10
  • 0

#4
Rawe
Posted 27 April 2005 - 02:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Wait a sec..
We need to see scanlog from "Full system scan", not from "Custom mode".
Please, run a "Full system scan", and post that log here for review.
I will then tell you what to do.

- Rawe :tazz:
  • 0

#5
phoenixworld
Posted 27 April 2005 - 03:02 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry - doing it now...........
  • 0

#6
phoenixworld
Posted 27 April 2005 - 03:19 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here you go:-)


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, 27 April 2005 5:10:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
CrackSpider(TAC index:4):1 total references
Lop(TAC index:7):4 total references
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:27 %
Total physical memory:391088 kb
Available physical memory:101764 kb
Total page file size:550196 kb
Available on page file:301968 kb
Total virtual memory:2097024 kb
Available virtual memory:2005112 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 5:10:47 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 272
ThreadCreationTime : 27-04-2005 8:29:09 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 27-04-2005 8:29:15 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 476
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 488
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 648
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 728
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 916
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 932
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1144
ThreadCreationTime : 27-04-2005 8:29:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 27-04-2005 8:29:26 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 1548
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:13 [mysqld.exe]
ModuleName : C:\mysql\bin\mysqld.exe
Command Line : C:\mysql\bin\mysqld MySQL
ProcessID : 1584
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal


#:14 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 1620
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.1564 (xpsp2_gdr.040517-1325)
ProductVersion : 5.1.2600.1564
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

#:15 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 1636
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1644
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:17 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 1652
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:18 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 1660
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1.63
ProductVersion : 1.63
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE

#:19 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 1668
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright © 2001
OriginalFilename : LaunchAp.EXE

#:20 [powerkey.exe]
ModuleName : C:\Program Files\Launch Manager\PowerKey.exe
Command Line : "C:\Program Files\Launch Manager\PowerKey.exe"
ProcessID : 1676
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
FileDescription : Powerkey
InternalName : Powerkey
LegalCopyright : Copyright © 2001
OriginalFilename : Powerkey.exe

#:21 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 1704
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 3
ProductVersion : 1, 0, 2, 3
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe

#:22 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 1712
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal


#:23 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 1720
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE

#:24 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1728
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:25 [pgpsdkserv.exe]
ModuleName : C:\WINDOWS\System32\PGPsdkServ.exe
Command Line : C:\WINDOWS\System32\PGPsdkServ.exe
ProcessID : 1736
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3.0.3
ProductVersion : 3.0.3
ProductName : PGPsdk
CompanyName : PGP Corporation
FileDescription : PGP Software Development Kit Service
InternalName : PGPsdkService
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPsdkServ.exe

#:26 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1816
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1824
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:28 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1840
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1876
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal


#:30 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1916
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [iutil.exe]
ModuleName : C:\PROGRA~1\iMarkup\iUtil.exe
Command Line : "C:\PROGRA~1\iMarkup\iUtil.exe" ST
ProcessID : 1964
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : iUtil Application
CompanyName : iMarkup Solutions, Inc.
FileDescription : iUtil Application
InternalName : iUtil
LegalCopyright : Copyright © 1999
LegalTrademarks : iMarkup
OriginalFilename : iUtil.exe

#:32 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1984
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 2004
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 128
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [toggler.exe]
ModuleName : C:\Documents and Settings\User\Desktop\Toggler\toggler.exe
Command Line : "C:\Documents and Settings\User\Desktop\Toggler\toggler.exe"
ProcessID : 164
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : Toggler
CompanyName : Aestas Software
FileDescription : Manage your Caps/Num Lock and Insert keys
InternalName : Toggler
LegalCopyright : Copyright © Aestas Software 2001
OriginalFilename : toggler.exe
Comments : Built 18 January, 2001

#:36 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 136
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal


#:37 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 264
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:38 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 316
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:39 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 492
ThreadCreationTime : 27-04-2005 8:29:31 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:40 [ocrawr32.exe]
ModuleName : C:\OPLIMIT\ocrawr32.exe
Command Line : C:\OPLIMIT\ocrawr32.exe oplimit.ini
ProcessID : 836
ThreadCreationTime : 27-04-2005 8:29:32 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : OmniPage Limited Edition
CompanyName : Caere Corporation
FileDescription : Ocraware32
InternalName : Ocraware32
LegalCopyright : Copyright © 1995 Caere Corporation
OriginalFilename : Ocrawr32.exe

#:41 [airplus.exe]
ModuleName : C:\Program Files\D-Link AirPlus\AirPlus.exe
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 1340
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal
FileVersion : 3, 0, 5, 0
ProductVersion : 3, 0, 5, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © 2002
OriginalFilename : AIRPLUS.EXE

#:42 [ultramon.exe]
ModuleName : C:\Program Files\UltraMon\UltraMon.exe
Command Line : "C:\Program Files\UltraMon\UltraMon.exe"
ProcessID : 1388
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal


#:43 [pgptray.exe]
ModuleName : C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
Command Line : "C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe"
ProcessID : 1416
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 8.0.3
ProductVersion : 8.0.3
ProductName : PGP
CompanyName : PGP Corporation
FileDescription : PGP System Tray Application
InternalName : PGPtray
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPtray.exe

#:44 [ultramontaskbar.exe]
ModuleName : C:\Program Files\UltraMon\UltraMonTaskbar.exe
Command Line : "C:\Program Files\UltraMon\UltraMonTaskbar.exe"
ProcessID : 1796
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Idle


#:45 [vsaccess.exe]
ModuleName : C:\VSTASCAN\vsaccess.exe
Command Line : "C:\VSTASCAN\vsaccess.exe"
ProcessID : 952
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 1. 02
ProductVersion : 1. 02
ProductName : UMAX VistaAccess
CompanyName : UMAX
FileDescription : VsAccess
InternalName : VsAccess
LegalCopyright : Copyright © 1999
OriginalFilename : VsAccess.exe
Comments : Written by Chang Pei-Hwa, 1999

#:46 [winmysqladmin.exe]
ModuleName : C:\mysql\bin\winmysqladmin.exe
Command Line : "C:\mysql\bin\winmysqladmin.exe"
ProcessID : 1892
ThreadCreationTime : 27-04-2005 8:29:37 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : WinMySQLadmin
CompanyName : MySQL AB
FileDescription : Administrator Tool for Win32
InternalName : WinMySQLadmin
LegalCopyright : Read Public File

#:47 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 2696
ThreadCreationTime : 27-04-2005 8:30:15 AM
BasePriority : Normal


#:48 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 2724
ThreadCreationTime : 27-04-2005 8:30:16 AM
BasePriority : Normal


#:49 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2240
ThreadCreationTime : 27-04-2005 8:36:41 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:50 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3420
ThreadCreationTime : 27-04-2005 8:46:50 AM
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/cgi-bin
Expires : 25-04-2015 4:34:38 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0058615.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : A0058616.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


Lop Object Recognized!
Type : File
Data : A0058617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : File
Data : A0058619.dll
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058620.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058621.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
27 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/twtini.PNF

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 10

5:17:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:03.0
Objects scanned:257413
Objects identified:10
Objects ignored:0
New critical objects:10
  • 0

#7
Rawe
Posted 27 April 2005 - 03:21 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to VX2 objects ONLY. Click next, Click OK.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#8
phoenixworld
Posted 27 April 2005 - 04:44 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK - all done, here's the log:

Thanks:-)


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, 27 April 2005 6:08:03 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
CrackSpider(TAC index:4):1 total references
Lop(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:68 %
Total physical memory:391088 kb
Available physical memory:264364 kb
Total page file size:550196 kb
Available on page file:490988 kb
Total virtual memory:2097024 kb
Available virtual memory:2048196 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


27-04-2005 6:08:03 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 132
ThreadCreationTime : 27-04-2005 10:03:59 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 184
ThreadCreationTime : 27-04-2005 10:04:16 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 208
ThreadCreationTime : 27-04-2005 10:04:18 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 252
ThreadCreationTime : 27-04-2005 10:04:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 264
ThreadCreationTime : 27-04-2005 10:04:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 428
ThreadCreationTime : 27-04-2005 10:04:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 452
ThreadCreationTime : 27-04-2005 10:04:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 712
ThreadCreationTime : 27-04-2005 10:05:36 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\User\Desktop\instructions.txt
ProcessID : 888
ThreadCreationTime : 27-04-2005 10:06:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:10 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 916
ThreadCreationTime : 27-04-2005 10:07:16 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lop Object Recognized!
Type : File
Data : A0058617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : File
Data : A0058619.dll
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058620.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058621.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
27 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

6:19:45 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:41.750
Objects scanned:239091
Objects identified:6
Objects ignored:0
New critical objects:6
  • 0

#9
Rawe
Posted 27 April 2005 - 04:46 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
27 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#10
Rawe
Posted 27 April 2005 - 04:49 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
After you have setted your hosts file to default,
please go through these instructions..

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

Advertisements

#11
phoenixworld
Posted 27 April 2005 - 04:55 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hiya

"If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further."

I have no idea! How do I find out?

Cheers

philip
  • 0

#12
Rawe
Posted 27 April 2005 - 05:42 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, if you have no idea, download the "host file viewer" from link above.
Select to restore to default settings,
and follow guidelines in my post #10.

- Rawe :tazz:

After those, run a new scan and post the log here.
  • 0

#13
phoenixworld
Posted 27 April 2005 - 11:17 PM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi again

Done all that and new logfile below. Incidentally, there was no VX2 box to click.

Thanks:-)

Philip


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, 28 April 2005 12:43:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
CrackSpider(TAC index:4):1 total references
Lop(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:69 %
Total physical memory:391088 kb
Available physical memory:266020 kb
Total page file size:550196 kb
Available on page file:491476 kb
Total virtual memory:2097024 kb
Available virtual memory:2048192 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


28-04-2005 12:43:35 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 132
ThreadCreationTime : 28-04-2005 4:40:10 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 184
ThreadCreationTime : 28-04-2005 4:40:38 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 208
ThreadCreationTime : 28-04-2005 4:40:41 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 252
ThreadCreationTime : 28-04-2005 4:40:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 264
ThreadCreationTime : 28-04-2005 4:40:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 428
ThreadCreationTime : 28-04-2005 4:40:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 452
ThreadCreationTime : 28-04-2005 4:40:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 692
ThreadCreationTime : 28-04-2005 4:41:27 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 896
ThreadCreationTime : 28-04-2005 4:43:17 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lop Object Recognized!
Type : File
Data : A0058617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : File
Data : A0058619.dll
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058620.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Lop Object Recognized!
Type : File
Data : A0058621.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\



Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

1:05:40 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:05.94
Objects scanned:239111
Objects identified:6
Objects ignored:0
New critical objects:6
  • 0

#14
Rawe
Posted 27 April 2005 - 11:24 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
ok!
Let's go this through once more ;)

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#15
phoenixworld
Posted 28 April 2005 - 01:57 AM

phoenixworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Rawe

I'm getting the distinct feeling that there's something I'm not doing properly! Is it intented that this has to be done over and over again, or am I not following the instructions properly?

BTW, Google seems to be working properly now.

Thanks

Philip
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP