Sorry about that! I ran the scan with the parameters that they recommended in the hijack this forum...Here is the new log file. Thanks so much for your help!!!
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 28, 2005 12:28:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CrackSpider(TAC index:4):6 total references
PromulGate(TAC index:5):6 total references
Tracking Cookie(TAC index:3):19 total references
Win32.Holar.G(TAC index:8):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:47 %
Total physical memory:523784 kb
Available physical memory:245316 kb
Total page file size:1280320 kb
Available on page file:1016116 kb
Total virtual memory:2097024 kb
Available virtual memory:2046344 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-28-2005 12:28:50 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 596
ThreadCreationTime : 4-28-2005 5:25:58 PM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 4-28-2005 5:26:00 PM
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 712
ThreadCreationTime : 4-28-2005 5:26:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 724
ThreadCreationTime : 4-28-2005 5:26:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 880
ThreadCreationTime : 4-28-2005 5:26:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1080
ThreadCreationTime : 4-28-2005 5:26:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1500
ThreadCreationTime : 4-28-2005 5:26:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\dmgeng.dll",DllGetVersion
ProcessID : 1532
ThreadCreationTime : 4-28-2005 5:26:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:9 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1608
ThreadCreationTime : 4-28-2005 5:26:02 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:10 [nisum.exe]
ModuleName : C:\Program Files\Norton Internet Security\NISUM.EXE
Command Line : n/a
ProcessID : 1696
ThreadCreationTime : 4-28-2005 5:26:02 PM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe
#:11 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : n/a
ProcessID : 964
ThreadCreationTime : 4-28-2005 5:26:11 PM
BasePriority : Normal
FileVersion : 4.20.020
ProductVersion : 4.20.020 Windows NT 2002/12/10
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:12 [ccpxysvc.exe]
ModuleName : C:\Program Files\Norton Internet Security\ccPxySvc.exe
Command Line : n/a
ProcessID : 1028
ThreadCreationTime : 4-28-2005 5:26:11 PM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe
#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 1132
ThreadCreationTime : 4-28-2005 5:26:12 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:14 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1184
ThreadCreationTime : 4-28-2005 5:26:12 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:15 [winvnc.exe]
ModuleName : C:\Program Files\NetworkStreaming\Customer\winvnc.exe
Command Line : n/a
ProcessID : 1200
ThreadCreationTime : 4-28-2005 5:26:12 PM
BasePriority : Normal
FileVersion : 7, 3, 0, 1
ProductVersion : 7, 3, 0, 1
ProductName : NetworkStreaming Customer
CompanyName : NetworkStreaming
FileDescription : NetworkStreaming Customer
InternalName : WinVNC
LegalCopyright : Copyright © 2003-2004 NetworkStreaming et al.
LegalTrademarks : NetworkStreaming
OriginalFilename : WinVNC.exe
#:16 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : n/a
ProcessID : 1664
ThreadCreationTime : 4-28-2005 5:26:12 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1364
ThreadCreationTime : 4-28-2005 5:26:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 312
ThreadCreationTime : 4-28-2005 5:26:15 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:19 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 4-28-2005 5:26:16 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 2192
ThreadCreationTime : 4-28-2005 5:26:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:21 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2352
ThreadCreationTime : 4-28-2005 5:26:38 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:22 [smtray.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
ProcessID : 2516
ThreadCreationTime : 4-28-2005 5:26:39 PM
BasePriority : Normal
FileVersion : 3, 2, 13, 0
ProductVersion : 3, 2, 13, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2001 Analog Devices
OriginalFilename : SMTray.exe
#:23 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 2660
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe
#:24 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2668
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe
#:25 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 2680
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:26 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2688
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:27 [nsvsvc.exe]
ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe"
ProcessID : 2712
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0
#:28 [picsvr.exe]
ModuleName : C:\WINDOWS\system32\picsvr\picsvr.exe
Command Line : "C:\WINDOWS\system32\picsvr\picsvr.exe"
ProcessID : 2736
ThreadCreationTime : 4-28-2005 5:26:40 PM
BasePriority : Normal
#:29 [desktop.exe]
ModuleName : C:\WINDOWS\isrvs\desktop.exe
Command Line : "C:\WINDOWS\isrvs\desktop.exe"
ProcessID : 2748
ThreadCreationTime : 4-28-2005 5:26:41 PM
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
#:30 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2892
ThreadCreationTime : 4-28-2005 5:26:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2908
ThreadCreationTime : 4-28-2005 5:26:42 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:32 [kerwno.exe]
ModuleName : c:\windows\system32\kerwno.exe
Command Line : "c:\windows\system32\kerwno.exe" rlyrdz
ProcessID : 2928
ThreadCreationTime : 4-28-2005 5:26:43 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:33 [dvzmsgr.exe]
ModuleName : C:\WINDOWS\DvzCommon\DvzMsgr.exe
Command Line : "C:\WINDOWS\DvzCommon\DvzMsgr.exe"
ProcessID : 2940
ThreadCreationTime : 4-28-2005 5:26:43 PM
BasePriority : Normal
#:34 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2948
ThreadCreationTime : 4-28-2005 5:26:43 PM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:35 [fm3032.exe]
ModuleName : C:\WINDOWS\system32\fm3032.exe
Command Line : "C:\WINDOWS\system32\fm3032.exe" /H
ProcessID : 2996
ThreadCreationTime : 4-28-2005 5:26:43 PM
BasePriority : Normal
FileVersion : 3.53
ProductVersion : 3.53
ProductName : FaxMan Fax Programmable Engine
CompanyName : Data Techniques, Inc.
FileDescription : FaxMan 32 Bit Fax Server Engine
InternalName : fm3032.exe
LegalCopyright : Copyright © 1994-9 Data Techniques, Inc.
LegalTrademarks : FaxMan is a registered trademark of Data Techniques, Inc.
OriginalFilename : fm3032.exe
#:36 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 3012
ThreadCreationTime : 4-28-2005 5:26:43 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
#:37 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 3356
ThreadCreationTime : 4-28-2005 5:26:49 PM
BasePriority : Normal
#:38 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3592
ThreadCreationTime : 4-28-2005 5:26:53 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:39 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 3680
ThreadCreationTime : 4-28-2005 5:26:54 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 0
ProductVersion : 8, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader.1
CrackSpider Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader.1
Value :
CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader
CrackSpider Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :
CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\azesearchco
CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :
PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@apmebf[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:david
[email protected]/
Expires : 4-26-2010 3:58:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@qksrv[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:david
[email protected]/
Expires : 4-26-2010 3:58:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:david
[email protected]/
Expires : 4-29-2005 11:08:18 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@trafficmp[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:david
[email protected]/
Expires : 4-27-2006 4:13:10 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:david
[email protected]/
Expires : 6-17-2006 8:39:02 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:david
[email protected]/
Expires : 4-25-2015 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@overture[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:david
[email protected]/
Expires : 4-25-2015 11:34:28 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:david
[email protected]/
Expires : 4-27-2006 4:11:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 24
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david daniels@apmebf[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david daniels@overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david daniels@qksrv[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david daniels@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david daniels@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david daniels@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Daniels\Local Settings\Temp\Cookies\david
[email protected][1].txt
Win32.Holar.G Object Recognized!
Type : File
Data : ~DFD831.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\David Daniels\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Temp\Cookies\administrator@doubleclick[1].txt
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 38
12:39:48 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:57.391
Objects scanned:140188
Objects identified:38
Objects ignored:0
New critical objects:38