Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad-Aware log


  • This topic is locked This topic is locked

#1
LunarIncubus

LunarIncubus

    New Member

  • Member
  • Pip
  • 8 posts
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 10:09:42 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:39 %
Total physical memory:523248 kb
Available physical memory:203820 kb
Total page file size:1277580 kb
Available on page file:978808 kb
Total virtual memory:2097024 kb
Available virtual memory:2047268 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-27-2005 10:09:42 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 568
ThreadCreationTime : 4-27-2005 11:00:04 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 624
ThreadCreationTime : 4-27-2005 11:00:13 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 648
ThreadCreationTime : 4-27-2005 11:00:16 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 692
ThreadCreationTime : 4-27-2005 11:00:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 704
ThreadCreationTime : 4-27-2005 11:00:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 876
ThreadCreationTime : 4-27-2005 11:00:22 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 896
ThreadCreationTime : 4-27-2005 11:00:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1004
ThreadCreationTime : 4-27-2005 11:00:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1060
ThreadCreationTime : 4-27-2005 11:00:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1120
ThreadCreationTime : 4-27-2005 11:00:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1208
ThreadCreationTime : 4-27-2005 11:00:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1540
ThreadCreationTime : 4-27-2005 11:00:28 PM
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1592
ThreadCreationTime : 4-27-2005 11:00:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1860
ThreadCreationTime : 4-27-2005 11:00:30 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 1892
ThreadCreationTime : 4-27-2005 11:00:31 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:16 [ehsched.exe]
ModuleName : C:\WINDOWS\ehome\ehSched.exe
Command Line : C:\WINDOWS\ehome\ehSched.exe
ProcessID : 1916
ThreadCreationTime : 4-27-2005 11:00:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:17 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1980
ThreadCreationTime : 4-27-2005 11:00:31 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:18 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 2008
ThreadCreationTime : 4-27-2005 11:00:31 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 328
ThreadCreationTime : 4-27-2005 11:00:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 388
ThreadCreationTime : 4-27-2005 11:00:34 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:21 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 512
ThreadCreationTime : 4-27-2005 11:00:36 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:22 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1820
ThreadCreationTime : 4-27-2005 11:00:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 772
ThreadCreationTime : 4-27-2005 11:11:06 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe"
ProcessID : 1476
ThreadCreationTime : 4-27-2005 11:11:11 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:25 [ehtray.exe]
ModuleName : C:\WINDOWS\ehome\ehtray.exe
Command Line : "C:\WINDOWS\ehome\ehtray.exe"
ProcessID : 1716
ThreadCreationTime : 4-27-2005 11:11:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:26 [dlbabmgr.exe]
ModuleName : C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
Command Line : "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
ProcessID : 2420
ThreadCreationTime : 4-27-2005 11:11:11 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Manager
InternalName : dlbabmgr.exe
OriginalFilename : dlbabmgr.exe

#:27 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2212
ThreadCreationTime : 4-27-2005 11:11:12 PM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:28 [dlbabmon.exe]
ModuleName : C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
Command Line : "C:\Program Files\Dell AIO Printer A940\dlbabmon.exe"
ProcessID : 2416
ThreadCreationTime : 4-27-2005 11:11:12 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Monitor
InternalName : dlbabmon.exe
OriginalFilename : dlbabmon.exe

#:29 [bcmwltry.exe]
ModuleName : C:\WINDOWS\system32\bcmwltry.exe
Command Line : "C:\WINDOWS\system32\bcmwltry.exe"
ProcessID : 2688
ThreadCreationTime : 4-27-2005 11:11:12 PM
BasePriority : Normal
FileVersion : 3.30.15.0
ProductVersion : 3.30.15.0
ProductName : Wireless Network Tray Applet
CompanyName : Belkin Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Belkin Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:30 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2804
ThreadCreationTime : 4-27-2005 11:11:12 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:31 [ehmsas.exe]
ModuleName : C:\WINDOWS\ehome\ehmsas.exe
Command Line : C:\WINDOWS\ehome\ehmsas.exe -Embedding
ProcessID : 1340
ThreadCreationTime : 4-27-2005 11:11:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:32 [gnotify.exe]
ModuleName : C:\Program Files\Google\Gmail Notifier\gnotify.exe
Command Line : "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
ProcessID : 1136
ThreadCreationTime : 4-27-2005 11:11:13 PM
BasePriority : Normal
FileVersion : 1.0.24.0
ProductVersion : 1.0.24.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004
OriginalFilename : gnotify.exe

#:33 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 3580
ThreadCreationTime : 4-27-2005 11:11:13 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:34 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\lexpps.exe
Command Line : "C:\WINDOWS\system32\lexpps.exe"
ProcessID : 2108
ThreadCreationTime : 4-27-2005 11:11:14 PM
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:35 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2848
ThreadCreationTime : 4-27-2005 11:11:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:36 [wwdisp.exe]
ModuleName : C:\Program Files\Webroot\Washer\wwDisp.exe
Command Line : "C:\Program Files\Webroot\Washer\wwDisp.exe"
ProcessID : 1308
ThreadCreationTime : 4-27-2005 11:11:15 PM
BasePriority : Normal
FileVersion : 5.0.0.7
ProductVersion : 5.0
ProductName : Window Washer 5.0
CompanyName : Webroot Software
FileDescription : Window Washer hard disk cleaning utility
InternalName : wwDisp.exe
LegalCopyright : Copyright © 1999, 2003 All Rights Reserved
LegalTrademarks : Window Washer 5.0
OriginalFilename : wwDisp.exe
Comments : Window Washer hard disk cleaning utility

#:37 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3184
ThreadCreationTime : 4-27-2005 11:11:16 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:38 [diagent.exe]
ModuleName : C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
Command Line : diagent.exe systray
ProcessID : 3504
ThreadCreationTime : 4-27-2005 11:11:20 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:39 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe"
ProcessID : 3656
ThreadCreationTime : 4-27-2005 11:11:25 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:40 [kazaalite.kpp]
ModuleName : C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
Command Line : ""
ProcessID : 2792
ThreadCreationTime : 4-28-2005 12:06:31 AM
BasePriority : Normal


#:41 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 3472
ThreadCreationTime : 4-28-2005 2:18:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

#:42 [winpat~1.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE"
ProcessID : 2764
ThreadCreationTime : 4-28-2005 2:42:09 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:43 [spybotsd.exe]
ModuleName : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Command Line : "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
ProcessID : 4060
ThreadCreationTime : 4-28-2005 2:45:49 AM
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:44 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1192
ThreadCreationTime : 4-28-2005 3:01:58 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:45 [pcbugdoctorliveupdate.exe]
ModuleName : C:\Program Files\PCBugDoctor\PcBugDoctorLiveUpdate.exe
Command Line : "C:\Program Files\PCBugDoctor\PcBugDoctorLiveUpdate.exe"
ProcessID : 3988
ThreadCreationTime : 4-28-2005 3:05:32 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Live Update PC Bug Doctor
FileDescription : MFC Application
InternalName : InetDownload
LegalCopyright : Copyright © 2003
OriginalFilename : LiveUpdate.EXE

#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2292
ThreadCreationTime : 4-28-2005 3:06:19 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0012509.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{95F5E41D-F69E-4627-AB46-B4389DEB8B60}\RP100\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

10:27:13 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:30.750
Objects scanned:161243
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements


#2
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings!


The only item found by Adaware is in your system restore. Please read here how to disable and enable the system restore
http://service1.syma...src=sec_doc_nam

Do you have any other problems?

Cheers
Mannen
  • 0

#3
LunarIncubus

LunarIncubus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
As far as the ad-aware not that I know of, but I did have a fair bit of things show up today, such as the msole32, and popuper.exe. I read on the malware board, that I should post an ad-aware log here.
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#5
LunarIncubus

LunarIncubus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your time, I am confused with what that program is telling me though. When I scanned with that prog, it finds:

C:\WINDOWS\system32\drivers\ect\hosts.

When I double click to view, it desplays a dialog, however, I am confused if there is an issue or not. I do have my computer set up on a wireless network, but I am not sure if that is what this is.

here is what I get when I click to view:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
64.91.255.87 www.dcsresearch.com


sorry if I am just not picking up on what its saying, but thank you for your time again.
  • 0

#6
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hello again!


Please scan your computer with this online virusscan. Save and post the log here. Works only with Internet Explorer and requires ActiveX

http://www.pandasoft...com/activescan/

Edited by Mannen, 28 April 2005 - 07:06 AM.

  • 0

#7
LunarIncubus

LunarIncubus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Incident Status Location

Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\wexrpres.exe (couldnt delete)
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.dll (couldn't locate)
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\auto_update_uninstall.???
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/Zango No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.dll
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Wolfie\Favorites\online dating.url
Spyware:Spyware/YourSiteBar No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Wolfie\Favorites\Online Dating.url
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\nem220.dll (Manually Shredded with WWasher)
Adware:Adware/Envolo No disinfected C:\WINDOWS\system32\auto_update_uninstall.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\auto_update_uninstall.log
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\dun.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\system32\wexrpres.exe
Here is the Active Scan you asked for. Thank you for the time you have put into my problem.
  • 0

#8
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hi!


Did you delete all files except C:\WINDOWS\system32\wexrpres.exe and C:\WINDOWS\Downloaded Program Files\ClientAX.dll?

Cheers
MAnnen
  • 0

#9
LunarIncubus

LunarIncubus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I actually haven't removed much of it yet. I started to, but then thought it might be best to get advice incase I needed to do something specific. It was after that second file, well actually there is a third further down that stood out. I have only worked with the files that have notations behind them.

Edited by LunarIncubus, 28 April 2005 - 11:29 AM.

  • 0

#10
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hi again!


Please download killbox, save it where you want
http://www.atribune....ads/KillBox.exe

Disconnect from the internet and close all internet windows

Run Killbox

Select the Delete on Reboot option.
In the "Full Path of File to Delete" field copy/paste these files below. Copy one file at a time and click the red circle with the white X in it. First click yes, then when it asks you to reboot, click No. Then enter the other files and click yes to reboot when you are done with the last

C:\WINDOWS\system32\wexrpres.exe
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\WINDOWS\system32\auto_update_uninstall.???
C:\WINDOWS\system32\DealHelper
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\WINDOWS\Downloaded Program Files\clientax.dll
C:\WINDOWS\Downloaded Program Files\ClientAX.inf
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\auto_update_uninstall.exe
C:\WINDOWS\system32\auto_update_uninstall.log
C:\WINDOWS\system32\dun.exe
C:\WINDOWS\system32\wexrpres.exe

Reboot after and scan again with panda to be sure you got them all

Cheers
Mannen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP