Hi Rawe
Thanks for your help. I installed AA 1.5 and ran it. Unfortunately didn't get the log file, so I ran it again straight away. Interestingly it picked up another bunch! Anyhow, here's the log - hope I did it right.
Thanks again - I appreciate your help
Before I go - the remaining symptoms (that I know of) are that when I do a Google search, the "Preferences" seem to be disabled, and there's always some kind of result referring to "Starware" in the listing
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, 27 April 2005 4:38:12 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
CrackSpider(TAC index:4):1 total references
Lop(TAC index:7):4 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:391088 kb
Available physical memory:101376 kb
Total page file size:550196 kb
Available on page file:319500 kb
Total virtual memory:2097024 kb
Available virtual memory:2040032 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
27-04-2005 4:38:12 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 272
ThreadCreationTime : 27-04-2005 8:29:09 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 408
ThreadCreationTime : 27-04-2005 8:29:15 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 432
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 476
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 488
ThreadCreationTime : 27-04-2005 8:29:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 648
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 728
ThreadCreationTime : 27-04-2005 8:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 916
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 932
ThreadCreationTime : 27-04-2005 8:29:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1144
ThreadCreationTime : 27-04-2005 8:29:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 27-04-2005 8:29:26 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 1548
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:13 [mysqld.exe]
ModuleName : C:\mysql\bin\mysqld.exe
Command Line : C:\mysql\bin\mysqld MySQL
ProcessID : 1584
ThreadCreationTime : 27-04-2005 8:29:27 AM
BasePriority : Normal
#:14 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 1620
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.1564 (xpsp2_gdr.040517-1325)
ProductVersion : 5.1.2600.1564
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
#:15 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 1636
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1644
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3,0,0,1847
ProductVersion : 7,0,0,1847
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE
#:17 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 1652
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductVersion : 2.1.20 2.1.20 10/18/2002 10:07:17
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:18 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 1660
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1.63
ProductVersion : 1.63
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:19 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 1668
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright © 2001
OriginalFilename : LaunchAp.EXE
#:20 [powerkey.exe]
ModuleName : C:\Program Files\Launch Manager\PowerKey.exe
Command Line : "C:\Program Files\Launch Manager\PowerKey.exe"
ProcessID : 1676
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 4, 4, 0
ProductVersion : 1, 4, 4, 0
FileDescription : Powerkey
InternalName : Powerkey
LegalCopyright : Copyright © 2001
OriginalFilename : Powerkey.exe
#:21 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 1704
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 3
ProductVersion : 1, 0, 2, 3
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe
#:22 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 1712
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
#:23 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 1720
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE
#:24 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1728
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe
#:25 [pgpsdkserv.exe]
ModuleName : C:\WINDOWS\System32\PGPsdkServ.exe
Command Line : C:\WINDOWS\System32\PGPsdkServ.exe
ProcessID : 1736
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 3.0.3
ProductVersion : 3.0.3
ProductName : PGPsdk
CompanyName : PGP Corporation
FileDescription : PGP Software Development Kit Service
InternalName : PGPsdkService
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPsdkServ.exe
#:26 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1816
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 7.2.0 15Nov02
ProductVersion : 7.2.0 15Nov02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe
#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1824
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 6.1c
ProductVersion : QuickTime 6.1c
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:28 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1840
ThreadCreationTime : 27-04-2005 8:29:28 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1876
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
#:30 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1916
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:31 [iutil.exe]
ModuleName : C:\PROGRA~1\iMarkup\iUtil.exe
Command Line : "C:\PROGRA~1\iMarkup\iUtil.exe" ST
ProcessID : 1964
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : iUtil Application
CompanyName : iMarkup Solutions, Inc.
FileDescription : iUtil Application
InternalName : iUtil
LegalCopyright : Copyright © 1999
LegalTrademarks : iMarkup
OriginalFilename : iUtil.exe
#:32 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1984
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 2004
ThreadCreationTime : 27-04-2005 8:29:29 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 128
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:35 [toggler.exe]
ModuleName : C:\Documents and Settings\User\Desktop\Toggler\toggler.exe
Command Line : "C:\Documents and Settings\User\Desktop\Toggler\toggler.exe"
ProcessID : 164
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : Toggler
CompanyName : Aestas Software
FileDescription : Manage your Caps/Num Lock and Insert keys
InternalName : Toggler
LegalCopyright : Copyright © Aestas Software 2001
OriginalFilename : toggler.exe
Comments : Built 18 January, 2001
#:36 [googledesktop.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Command Line : "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ProcessID : 136
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
#:37 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 264
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:38 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 316
ThreadCreationTime : 27-04-2005 8:29:30 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:39 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 492
ThreadCreationTime : 27-04-2005 8:29:31 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:40 [ocrawr32.exe]
ModuleName : C:\OPLIMIT\ocrawr32.exe
Command Line : C:\OPLIMIT\ocrawr32.exe oplimit.ini
ProcessID : 836
ThreadCreationTime : 27-04-2005 8:29:32 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : OmniPage Limited Edition
CompanyName : Caere Corporation
FileDescription : Ocraware32
InternalName : Ocraware32
LegalCopyright : Copyright © 1995 Caere Corporation
OriginalFilename : Ocrawr32.exe
#:41 [airplus.exe]
ModuleName : C:\Program Files\D-Link AirPlus\AirPlus.exe
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 1340
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal
FileVersion : 3, 0, 5, 0
ProductVersion : 3, 0, 5, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © 2002
OriginalFilename : AIRPLUS.EXE
#:42 [ultramon.exe]
ModuleName : C:\Program Files\UltraMon\UltraMon.exe
Command Line : "C:\Program Files\UltraMon\UltraMon.exe"
ProcessID : 1388
ThreadCreationTime : 27-04-2005 8:29:35 AM
BasePriority : Normal
#:43 [pgptray.exe]
ModuleName : C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
Command Line : "C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe"
ProcessID : 1416
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 8.0.3
ProductVersion : 8.0.3
ProductName : PGP
CompanyName : PGP Corporation
FileDescription : PGP System Tray Application
InternalName : PGPtray
LegalCopyright : Copyright © 2003 PGP Corporation
LegalTrademarks : Pretty Good Privacy, PGP
OriginalFilename : PGPtray.exe
#:44 [ultramontaskbar.exe]
ModuleName : C:\Program Files\UltraMon\UltraMonTaskbar.exe
Command Line : "C:\Program Files\UltraMon\UltraMonTaskbar.exe"
ProcessID : 1796
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Idle
#:45 [vsaccess.exe]
ModuleName : C:\VSTASCAN\vsaccess.exe
Command Line : "C:\VSTASCAN\vsaccess.exe"
ProcessID : 952
ThreadCreationTime : 27-04-2005 8:29:36 AM
BasePriority : Normal
FileVersion : 1. 02
ProductVersion : 1. 02
ProductName : UMAX VistaAccess
CompanyName : UMAX
FileDescription : VsAccess
InternalName : VsAccess
LegalCopyright : Copyright © 1999
OriginalFilename : VsAccess.exe
Comments : Written by Chang Pei-Hwa, 1999
#:46 [winmysqladmin.exe]
ModuleName : C:\mysql\bin\winmysqladmin.exe
Command Line : "C:\mysql\bin\winmysqladmin.exe"
ProcessID : 1892
ThreadCreationTime : 27-04-2005 8:29:37 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : WinMySQLadmin
CompanyName : MySQL AB
FileDescription : Administrator Tool for Win32
InternalName : WinMySQLadmin
LegalCopyright : Read Public File
#:47 [msiexec.exe]
ModuleName : C:\WINDOWS\System32\msiexec.exe
Command Line : C:\WINDOWS\System32\msiexec.exe /V
ProcessID : 1248
ThreadCreationTime : 27-04-2005 8:29:43 AM
BasePriority : Normal
#:48 [googledesktopindex.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Command Line : "GoogleDesktopIndex.exe"
ProcessID : 2696
ThreadCreationTime : 27-04-2005 8:30:15 AM
BasePriority : Normal
#:49 [googledesktopcrawl.exe]
ModuleName : C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
Command Line : "GoogleDesktopCrawl.exe" /ie /favorites /recent
ProcessID : 2724
ThreadCreationTime : 27-04-2005 8:30:16 AM
BasePriority : Normal
#:50 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2240
ThreadCreationTime : 27-04-2005 8:36:41 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/cgi-bin
Expires : 25-04-2015 4:34:38 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : A0058615.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe
VX2 Object Recognized!
Type : File
Data : A0058616.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
Lop Object Recognized!
Type : File
Data : A0058617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
Lop Object Recognized!
Type : File
Data : A0058618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : File
Data : A0058619.dll
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
Lop Object Recognized!
Type : File
Data : A0058620.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
Lop Object Recognized!
Type : File
Data : A0058621.exe
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{56049C39-C5AF-47A1-B413-12CEB16DB63C}\RP288\
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
27 entries scanned.
New critical objects:0
Objects found so far: 10
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\lastknowngoodrecovery\lastgood
Value : INF/twtini.PNF
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 11
4:45:50 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:37.985
Objects scanned:257344
Objects identified:10
Objects ignored:0
New critical objects:10