[djktamb]

I'm new to this board... having some serious computer issues lately and yesterday something appeared to have been downloaded that caused an onslaught of popups. My computer has been freezing a few times a day for awhile now, so I'm wondering if maybe I had a problem before that as well.

Anyhow, this morning I've had Aurora popups all morning and I'm going through the steps listed in the other thread to fix that problem and do the hijackthis logfile. While I'm doing that and running virus scans and such, I'm hoping someone can take a look at my ad-aware log file I just created a few minutes ago..

I hope I'm posting this correctly! Thanks!




Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Thursday, April 28, 2005 1:12:51 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R339 26.08.2004
______________________________________________________

Edited to save confusion Please Update to Ad-aware SE Build 1.05 (Free/Personal)

Edited by GR@PH;<'S, 28 April 2005 - 03:45 PM.

[Advertisements]

djktamb,
You need to uninstall your old version of Ad-aware and install
Ad-aware SE build 1.05 (Free/Personal) from one of the mirror sites
once you have installed Then use the WebUpDate
to get the latest Definition file
(SE1R42.28.04.2005) then scan doing a ""Full Scan"" and post your logfile here by using the "Add-reply" feature.
If needed here how to post your Ad-aware Logfile
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by defualt
GR@PH;<'S

[GR@PH;<'S]

djktamb,
You need to uninstall your old version of Ad-aware and install
Ad-aware SE build 1.05 (Free/Personal) from one of the mirror sites
once you have installed Then use the WebUpDate
to get the latest Definition file
(SE1R42.28.04.2005) then scan doing a ""Full Scan"" and post your logfile here by using the "Add-reply" feature.
If needed here how to post your Ad-aware Logfile
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by defualt
GR@PH;<'S

[djktamb]

Ok, sorry about that!! Is this right?

4/28/2005 3:24:10 PM - Scan started. (Smart mode)

Incorrect logfile posted: Logfile removed

Please follow instructions below

Edited by Andy_veal, 28 April 2005 - 04:59 PM.

[djktamb]

Ok if I read this right, the change I needed to make was selecting full system scan. I think the other things were already done -- the updates and deselecting the negligble risks option. I hope I did this right. I will get it eventually! I'm sorry!!!

The thing is, the last Ad-Aware I did about 45 minutes ago, I went ahead and quarantined the 500 items that it found. Will that somehow affect the results here? Here is the new log:



Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 28, 2005 4:12:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):2 total references
Adintelligence.AproposToolbar(TAC index:5):1 total references
BargainBuddy(TAC index:8):15 total references
BlazeFind(TAC index:5):1 total references
Coulomb Dialer(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
ExactSearchBar(TAC index:5):1 total references
IBIS Toolbar(TAC index:5):12 total references
ImIServer IEPlugin(TAC index:5):1 total references
MediaMotor(TAC index:8):1 total references
PeopleOnPage(TAC index:9):2 total references
Prutect(TAC index:8):5 total references
Rads01.Quadrogram(TAC index:6):3 total references
SahAgent(TAC index:9):8 total references
Win32.Revop.Trojan(TAC index:6):1 total references
Winpup32(TAC index:6):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:523756 kb
Available physical memory:151660 kb
Total page file size:1277952 kb
Available on page file:981316 kb
Total virtual memory:2097024 kb
Available virtual memory:2004072 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4/28/2005 4:12:46 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 4/28/2005 10:12:47 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 540
ThreadCreationTime : 4/28/2005 10:12:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 564
ThreadCreationTime : 4/28/2005 10:12:51 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 608
ThreadCreationTime : 4/28/2005 10:12:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4/28/2005 10:12:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 772
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 832
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 900
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 944
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1092
ThreadCreationTime : 4/28/2005 10:12:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1348
ThreadCreationTime : 4/28/2005 10:12:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1608
ThreadCreationTime : 4/28/2005 10:13:02 PM
BasePriority : Normal


#:13 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1672
ThreadCreationTime : 4/28/2005 10:13:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:14 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1684
ThreadCreationTime : 4/28/2005 10:13:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1764
ThreadCreationTime : 4/28/2005 10:13:05 PM
BasePriority : Normal
FileVersion : 6.13.10.4253
ProductVersion : 6.13.10.4253
ProductName : NVIDIA Driver Helper Service, Version 42.53
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 42.53
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1872
ThreadCreationTime : 4/28/2005 10:13:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1988
ThreadCreationTime : 4/28/2005 10:13:06 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1884
ThreadCreationTime : 4/28/2005 10:13:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [ehtray.exe]
ModuleName : C:\WINDOWS\ehome\ehtray.exe
Command Line : "C:\WINDOWS\ehome\ehtray.exe"
ProcessID : 1032
ThreadCreationTime : 4/28/2005 10:23:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:20 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1864
ThreadCreationTime : 4/28/2005 10:23:04 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:21 [ehmsas.exe]
ModuleName : C:\WINDOWS\ehome\ehmsas.exe
Command Line : C:\WINDOWS\ehome\ehmsas.exe -Embedding
ProcessID : 500
ThreadCreationTime : 4/28/2005 10:23:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1220
ThreadCreationTime : 4/28/2005 10:23:08 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:23 [shwicon.exe]
ModuleName : C:\Program Files\USB Storage RW\shwicon.exe
Command Line : "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
ProcessID : 1540
ThreadCreationTime : 4/28/2005 10:23:08 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 2
ProductVersion : 2, 0, 2, 2
ProductName : shwicon
CompanyName : MyComp
FileDescription : shwicon
InternalName : shwicon
LegalCopyright : Copyright © 2002
OriginalFilename : shwicon.exe

#:24 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 404
ThreadCreationTime : 4/28/2005 10:23:09 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:25 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 1788
ThreadCreationTime : 4/28/2005 10:23:09 PM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:26 [hpgs2wnf.exe]
ModuleName : c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 1280
ThreadCreationTime : 4/28/2005 10:23:22 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:27 [ps2.exe]
ModuleName : C:\WINDOWS\system32\ps2.exe
Command Line : "C:\WINDOWS\system32\ps2.exe"
ProcessID : 876
ThreadCreationTime : 4/28/2005 10:23:27 PM
BasePriority : Normal


#:28 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 1100
ThreadCreationTime : 4/28/2005 10:23:27 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe

#:29 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1856
ThreadCreationTime : 4/28/2005 10:23:29 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:30 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 868
ThreadCreationTime : 4/28/2005 10:23:31 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1268
ThreadCreationTime : 4/28/2005 10:23:32 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:32 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 1068
ThreadCreationTime : 4/28/2005 10:23:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 78
ProductVersion : 1, 0, 0, 78
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:33 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 264
ThreadCreationTime : 4/28/2005 10:23:33 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:34 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RunDLL32.EXE
Command Line : "C:\WINDOWS\system32\RunDLL32.EXE" C:\WINDOWS\cfgmgr51.dll,DllRun
ProcessID : 1408
ThreadCreationTime : 4/28/2005 10:23:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:35 [9t8eybbr.exe]
ModuleName : C:\Program Files\9t8eybbr\9t8eybbr.exe
Command Line : "C:\Program Files\9t8eybbr\9t8eybbr.exe"
ProcessID : 720
ThreadCreationTime : 4/28/2005 10:23:39 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:36 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDLL32.exe
Command Line : "C:\WINDOWS\System32\RunDLL32.exe" C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
ProcessID : 2072
ThreadCreationTime : 4/28/2005 10:23:44 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:37 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 2100
ThreadCreationTime : 4/28/2005 10:23:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:38 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2120
ThreadCreationTime : 4/28/2005 10:23:48 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [32679542.exe]
ModuleName : C:\Program Files\9t8eybbr\32679542.exe
Command Line : a b
ProcessID : 2160
ThreadCreationTime : 4/28/2005 10:23:52 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:40 [aoltray.exe]
ModuleName : C:\Program Files\America Online 9.0a\aoltray.exe
Command Line : "C:\Program Files\America Online 9.0a\aoltray.exe" -check
ProcessID : 2164
ThreadCreationTime : 4/28/2005 10:23:52 PM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:41 [j2gdllcmd.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe" /R
ProcessID : 2244
ThreadCreationTime : 4/28/2005 10:23:53 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : DllCmd32.exe

#:42 [j2gtray.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GTray.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GTray.exe"
ProcessID : 2272
ThreadCreationTime : 4/28/2005 10:23:58 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - Tray
InternalName : HotTray
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : HotTray.exe

#:43 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 2328
ThreadCreationTime : 4/28/2005 10:24:02 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01<span style='font-size:8pt;line-height:100%'>
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:44 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2536
ThreadCreationTime : 4/28/2005 10:24:06 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:45 [hposol08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe"
ProcessID : 2576
ThreadCreationTime : 4/28/2005 10:24:07 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOSOL08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSOL08.EXE
Comments : HP OfficeJet <Solar> Series COM Device Objects

#:46 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2684
ThreadCreationTime : 4/28/2005 10:24:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:47 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 2936
ThreadCreationTime : 4/28/2005 10:24:55 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:48 [hpzipm12.exe]
ModuleName : C:\WINDOWS\System32\HPZipm12.exe
Command Line : C:\WINDOWS\System32\HPZipm12.exe
ProcessID : 3020
ThreadCreationTime : 4/28/2005 10:25:02 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:49 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp officejet 6100 series#1058990390" /Startup
ProcessID : 3132
ThreadCreationTime : 4/28/2005 10:25:27 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:50 [dr10.exe]
ModuleName : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bs51C.tmpbsx32\dr10.exe
Command Line : dr10.exe
ProcessID : 3916
ThreadCreationTime : 4/28/2005 10:40:01 PM
BasePriority : Normal


#:51 [dr10.exe]
ModuleName : C:\WINDOWS\DR10.exe
Command Line : "C:\WINDOWS\DR10.exe"
ProcessID : 3924
ThreadCreationTime : 4/28/2005 10:40:02 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.

#:52 [ulcgtkk.exe]
ModuleName : c:\windows\system32\ulcgtkk.exe
Command Line : c:\windows\system32\ulcgtkk.exe
ProcessID : 1188
ThreadCreationTime : 4/28/2005 10:40:38 PM
BasePriority : Realtime
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:53 [rpezqzl.exe]
ModuleName : c:\windows\system32\rpezqzl.exe
Command Line : "c:\windows\system32\rpezqzl.exe" ksuwonp
ProcessID : 224
ThreadCreationTime : 4/28/2005 10:40:38 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:54 [9t8eybbr.exe]
ModuleName : C:\Program Files\9t8eybbr\9t8eybbr.exe
Command Line : a b
ProcessID : 2436
ThreadCreationTime : 4/28/2005 10:44:57 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:55 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 2736
ThreadCreationTime : 4/28/2005 10:50:36 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:56 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2920
ThreadCreationTime : 4/28/2005 10:51:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Object "alchem.exe" found in this archive.

VX2 Object Recognized!
Type : File
Data : alchem.cab
Category : Malware
Comment : Object "alchem.exe" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\


Object "WToolsD.cfg" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WToolsD[1].cab
Category : Data Miner
Comment : Object "WToolsD.cfg" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTA7OTQ7\


Object "WToolsS.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WinTS[1].cab
Category : Data Miner
Comment : Object "WToolsS.exe" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SPIZ8LAB\



180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\Program Files\nCase\FLEOK\
FileVersion : 5, 4, 0, 1
ProductVersion : 5, 4, 0, 1
ProductName : Search Assistant
CompanyName : 180Solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180Solutions Inc.


180Solutions Object Recognized!
Type : File
Data : ncmyb.dll
Category : Data Miner
Comment :
Object : C:\Program Files\nCase\



IBIS Toolbar Object Recognized!
Type : File
Data : A0166369.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0166398.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0166399.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0166403.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : A0166404.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



Rads01.Quadrogram Object Recognized!
Type : File
Data : A0166405.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


BargainBuddy Object Recognized!
Type : File
Data : A0166406.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


IBIS Toolbar Object Recognized!
Type : File
Data : A0167379.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0167397.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


IBIS Toolbar Object Recognized!
Type : File
Data : A0168380.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168466.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168469.cfg
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0168488.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168489.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168675.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 2, 0, 0, 19
ProductVersion : 2, 0, 0, 19
ProductName : nls.dll Module
CompanyName : eXact Advertising
FileDescription : nls.dll Module
InternalName : nls.dll
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.dll


BargainBuddy Object Recognized!
Type : File
Data : A0168678.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168679.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168681.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


Rads01.Quadrogram Object Recognized!
Type : File
Data : A0168682.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


BargainBuddy Object Recognized!
Type : File
Data : A0168683.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


ExactSearchBar Object Recognized!
Type : File
Data : A0168684.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : NAVISearch Module
CompanyName : eXact Advertising
FileDescription : NLS Module
InternalName : NLS
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.exe


PeopleOnPage Object Recognized!
Type : File
Data : A0168747.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP181\



SahAgent Object Recognized!
Type : File
Data : A0168754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP181\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll


MediaMotor Object Recognized!
Type : File
Data : A0168758.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP182\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


Prutect Object Recognized!
Type : File
Data : A0168759.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : e2g plugin
CompanyName : e2give, LLC
FileDescription : http://e2give.com/license.html
InternalName : IeBHOs.dll
LegalCopyright : Copyright © 2003 e2give, LLC
OriginalFilename : IeBHOs.dll
Comments : e2g plugin


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0168761.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Elite SideBar
FileDescription : Elite SideBar
InternalName : Elite SideBar
LegalCopyright : Copyright 2004
OriginalFilename : EliteSideBar.DLL


SahAgent Object Recognized!
Type : File
Data : A0168827.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : ShopAtHomeSelect SahAgent
CompanyName : ShopAtHomeSelect
FileDescription : SahAgent
InternalName : SahAgent
LegalCopyright : Copyright © 2004
OriginalFilename : SahAgent.exe
Comments : Rules, pop-up. without serach and incremental update


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0168828.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168829.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\



BargainBuddy Object Recognized!
Type : File
Data : A0168841.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



IBIS Toolbar Object Recognized!
Type : File
Data : A0169372.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



SahAgent Object Recognized!
Type : File
Data : A0169374.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


IBIS Toolbar Object Recognized!
Type : File
Data : A0169377.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0169379.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Elite SideBar
FileDescription : Elite SideBar
InternalName : Elite SideBar
LegalCopyright : Copyright 2004
OriginalFi

Edited by djktamb, 28 April 2005 - 10:39 PM.

[Rawe]

Hi there.
Your logfile is incomplete.
Please keep copying it until you reach a point where reads "Scan summary".

- Rawe

[djktamb]

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 28, 2005 4:12:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):2 total references
Adintelligence.AproposToolbar(TAC index:5):1 total references
BargainBuddy(TAC index:8):15 total references
BlazeFind(TAC index:5):1 total references
Coulomb Dialer(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
ExactSearchBar(TAC index:5):1 total references
IBIS Toolbar(TAC index:5):12 total references
ImIServer IEPlugin(TAC index:5):1 total references
MediaMotor(TAC index:8):1 total references
PeopleOnPage(TAC index:9):2 total references
Prutect(TAC index:8):5 total references
Rads01.Quadrogram(TAC index:6):3 total references
SahAgent(TAC index:9):8 total references
Win32.Revop.Trojan(TAC index:6):1 total references
Winpup32(TAC index:6):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:523756 kb
Available physical memory:151660 kb
Total page file size:1277952 kb
Available on page file:981316 kb
Total virtual memory:2097024 kb
Available virtual memory:2004072 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4/28/2005 4:12:46 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 4/28/2005 10:12:47 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 540
ThreadCreationTime : 4/28/2005 10:12:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 564
ThreadCreationTime : 4/28/2005 10:12:51 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 608
ThreadCreationTime : 4/28/2005 10:12:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4/28/2005 10:12:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 772
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 832
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 900
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 944
ThreadCreationTime : 4/28/2005 10:12:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1092
ThreadCreationTime : 4/28/2005 10:12:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1348
ThreadCreationTime : 4/28/2005 10:12:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1608
ThreadCreationTime : 4/28/2005 10:13:02 PM
BasePriority : Normal


#:13 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1672
ThreadCreationTime : 4/28/2005 10:13:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:14 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1684
ThreadCreationTime : 4/28/2005 10:13:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1764
ThreadCreationTime : 4/28/2005 10:13:05 PM
BasePriority : Normal
FileVersion : 6.13.10.4253
ProductVersion : 6.13.10.4253
ProductName : NVIDIA Driver Helper Service, Version 42.53
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 42.53
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1872
ThreadCreationTime : 4/28/2005 10:13:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1988
ThreadCreationTime : 4/28/2005 10:13:06 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1884
ThreadCreationTime : 4/28/2005 10:13:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [ehtray.exe]
ModuleName : C:\WINDOWS\ehome\ehtray.exe
Command Line : "C:\WINDOWS\ehome\ehtray.exe"
ProcessID : 1032
ThreadCreationTime : 4/28/2005 10:23:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:20 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1864
ThreadCreationTime : 4/28/2005 10:23:04 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:21 [ehmsas.exe]
ModuleName : C:\WINDOWS\ehome\ehmsas.exe
Command Line : C:\WINDOWS\ehome\ehmsas.exe -Embedding
ProcessID : 500
ThreadCreationTime : 4/28/2005 10:23:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1220
ThreadCreationTime : 4/28/2005 10:23:08 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:23 [shwicon.exe]
ModuleName : C:\Program Files\USB Storage RW\shwicon.exe
Command Line : "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
ProcessID : 1540
ThreadCreationTime : 4/28/2005 10:23:08 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 2
ProductVersion : 2, 0, 2, 2
ProductName : shwicon
CompanyName : MyComp
FileDescription : shwicon
InternalName : shwicon
LegalCopyright : Copyright © 2002
OriginalFilename : shwicon.exe

#:24 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 404
ThreadCreationTime : 4/28/2005 10:23:09 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:25 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 1788
ThreadCreationTime : 4/28/2005 10:23:09 PM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:26 [hpgs2wnf.exe]
ModuleName : c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 1280
ThreadCreationTime : 4/28/2005 10:23:22 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:27 [ps2.exe]
ModuleName : C:\WINDOWS\system32\ps2.exe
Command Line : "C:\WINDOWS\system32\ps2.exe"
ProcessID : 876
ThreadCreationTime : 4/28/2005 10:23:27 PM
BasePriority : Normal


#:28 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 1100
ThreadCreationTime : 4/28/2005 10:23:27 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe

#:29 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1856
ThreadCreationTime : 4/28/2005 10:23:29 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:30 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 868
ThreadCreationTime : 4/28/2005 10:23:31 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1268
ThreadCreationTime : 4/28/2005 10:23:32 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:32 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 1068
ThreadCreationTime : 4/28/2005 10:23:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 78
ProductVersion : 1, 0, 0, 78
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:33 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 264
ThreadCreationTime : 4/28/2005 10:23:33 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:34 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RunDLL32.EXE
Command Line : "C:\WINDOWS\system32\RunDLL32.EXE" C:\WINDOWS\cfgmgr51.dll,DllRun
ProcessID : 1408
ThreadCreationTime : 4/28/2005 10:23:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:35 [9t8eybbr.exe]
ModuleName : C:\Program Files\9t8eybbr\9t8eybbr.exe
Command Line : "C:\Program Files\9t8eybbr\9t8eybbr.exe"
ProcessID : 720
ThreadCreationTime : 4/28/2005 10:23:39 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:36 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDLL32.exe
Command Line : "C:\WINDOWS\System32\RunDLL32.exe" C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
ProcessID : 2072
ThreadCreationTime : 4/28/2005 10:23:44 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:37 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 2100
ThreadCreationTime : 4/28/2005 10:23:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:38 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2120
ThreadCreationTime : 4/28/2005 10:23:48 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [32679542.exe]
ModuleName : C:\Program Files\9t8eybbr\32679542.exe
Command Line : a b
ProcessID : 2160
ThreadCreationTime : 4/28/2005 10:23:52 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:40 [aoltray.exe]
ModuleName : C:\Program Files\America Online 9.0a\aoltray.exe
Command Line : "C:\Program Files\America Online 9.0a\aoltray.exe" -check
ProcessID : 2164
ThreadCreationTime : 4/28/2005 10:23:52 PM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:41 [j2gdllcmd.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe" /R
ProcessID : 2244
ThreadCreationTime : 4/28/2005 10:23:53 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : DllCmd32.exe

#:42 [j2gtray.exe]
ModuleName : C:\Program Files\eFax Messenger 3.5\J2GTray.exe
Command Line : "C:\Program Files\eFax Messenger 3.5\J2GTray.exe"
ProcessID : 2272
ThreadCreationTime : 4/28/2005 10:23:58 PM
BasePriority : Normal
FileVersion : 3.5.231.0
ProductVersion : 3.5.231.0
ProductName : eFax Messenger ™
CompanyName : j2 Global Communications, Inc.
FileDescription : eFax Messenger - Tray
InternalName : HotTray
LegalCopyright : Copyright © 2005 j2 Global Communications, Inc.
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
j2 Messenger ™
eVoice ™
JetSuite®
PaperMaster Pro ™
OriginalFilename : HotTray.exe

#:43 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 2328
ThreadCreationTime : 4/28/2005 10:24:02 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:44 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2536
ThreadCreationTime : 4/28/2005 10:24:06 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:45 [hposol08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe"
ProcessID : 2576
ThreadCreationTime : 4/28/2005 10:24:07 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOSOL08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSOL08.EXE
Comments : HP OfficeJet <Solar> Series COM Device Objects

#:46 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2684
ThreadCreationTime : 4/28/2005 10:24:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:47 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 2936
ThreadCreationTime : 4/28/2005 10:24:55 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:48 [hpzipm12.exe]
ModuleName : C:\WINDOWS\System32\HPZipm12.exe
Command Line : C:\WINDOWS\System32\HPZipm12.exe
ProcessID : 3020
ThreadCreationTime : 4/28/2005 10:25:02 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:49 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp officejet 6100 series#1058990390" /Startup
ProcessID : 3132
ThreadCreationTime : 4/28/2005 10:25:27 PM
BasePriority : Normal
FileVersion : 4.2.0.021
ProductVersion : 2.4.1.021
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:50 [dr10.exe]
ModuleName : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bs51C.tmpbsx32\dr10.exe
Command Line : dr10.exe
ProcessID : 3916
ThreadCreationTime : 4/28/2005 10:40:01 PM
BasePriority : Normal


#:51 [dr10.exe]
ModuleName : C:\WINDOWS\DR10.exe
Command Line : "C:\WINDOWS\DR10.exe"
ProcessID : 3924
ThreadCreationTime : 4/28/2005 10:40:02 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.

#:52 [ulcgtkk.exe]
ModuleName : c:\windows\system32\ulcgtkk.exe
Command Line : c:\windows\system32\ulcgtkk.exe
ProcessID : 1188
ThreadCreationTime : 4/28/2005 10:40:38 PM
BasePriority : Realtime
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:53 [rpezqzl.exe]
ModuleName : c:\windows\system32\rpezqzl.exe
Command Line : "c:\windows\system32\rpezqzl.exe" ksuwonp
ProcessID : 224
ThreadCreationTime : 4/28/2005 10:40:38 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:54 [9t8eybbr.exe]
ModuleName : C:\Program Files\9t8eybbr\9t8eybbr.exe
Command Line : a b
ProcessID : 2436
ThreadCreationTime : 4/28/2005 10:44:57 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:55 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 2736
ThreadCreationTime : 4/28/2005 10:50:36 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:56 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2920
ThreadCreationTime : 4/28/2005 10:51:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Object "alchem.exe" found in this archive.

VX2 Object Recognized!
Type : File
Data : alchem.cab
Category : Malware
Comment : Object "alchem.exe" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\


Object "WToolsD.cfg" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WToolsD[1].cab
Category : Data Miner
Comment : Object "WToolsD.cfg" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTA7OTQ7\


Object "WToolsS.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WinTS[1].cab
Category : Data Miner
Comment : Object "WToolsS.exe" found in this archive.
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SPIZ8LAB\



180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\Program Files\nCase\FLEOK\
FileVersion : 5, 4, 0, 1
ProductVersion : 5, 4, 0, 1
ProductName : Search Assistant
CompanyName : 180Solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180Solutions Inc.


180Solutions Object Recognized!
Type : File
Data : ncmyb.dll
Category : Data Miner
Comment :
Object : C:\Program Files\nCase\



IBIS Toolbar Object Recognized!
Type : File
Data : A0166369.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0166398.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0166399.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0166403.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : A0166404.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



Rads01.Quadrogram Object Recognized!
Type : File
Data : A0166405.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


BargainBuddy Object Recognized!
Type : File
Data : A0166406.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


IBIS Toolbar Object Recognized!
Type : File
Data : A0167379.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0167397.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


IBIS Toolbar Object Recognized!
Type : File
Data : A0168380.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168466.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168469.cfg
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\



BargainBuddy Object Recognized!
Type : File
Data : A0168488.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168489.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168675.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 2, 0, 0, 19
ProductVersion : 2, 0, 0, 19
ProductName : nls.dll Module
CompanyName : eXact Advertising
FileDescription : nls.dll Module
InternalName : nls.dll
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.dll


BargainBuddy Object Recognized!
Type : File
Data : A0168678.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168679.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0168681.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


Rads01.Quadrogram Object Recognized!
Type : File
Data : A0168682.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


BargainBuddy Object Recognized!
Type : File
Data : A0168683.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


ExactSearchBar Object Recognized!
Type : File
Data : A0168684.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP180\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : NAVISearch Module
CompanyName : eXact Advertising
FileDescription : NLS Module
InternalName : NLS
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.exe


PeopleOnPage Object Recognized!
Type : File
Data : A0168747.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP181\



SahAgent Object Recognized!
Type : File
Data : A0168754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP181\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll


MediaMotor Object Recognized!
Type : File
Data : A0168758.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP182\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


Prutect Object Recognized!
Type : File
Data : A0168759.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : e2g plugin
CompanyName : e2give, LLC
FileDescription : http://e2give.com/license.html
InternalName : IeBHOs.dll
LegalCopyright : Copyright © 2003 e2give, LLC
OriginalFilename : IeBHOs.dll
Comments : e2g plugin


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0168761.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Elite SideBar
FileDescription : Elite SideBar
InternalName : Elite SideBar
LegalCopyright : Copyright 2004
OriginalFilename : EliteSideBar.DLL


SahAgent Object Recognized!
Type : File
Data : A0168827.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : ShopAtHomeSelect SahAgent
CompanyName : ShopAtHomeSelect
FileDescription : SahAgent
InternalName : SahAgent
LegalCopyright : Copyright © 2004
OriginalFilename : SahAgent.exe
Comments : Rules, pop-up. without serach and incremental update


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0168828.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\



IBIS Toolbar Object Recognized!
Type : File
Data : A0168829.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP183\



BargainBuddy Object Recognized!
Type : File
Data : A0168841.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



IBIS Toolbar Object Recognized!
Type : File
Data : A0169372.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



SahAgent Object Recognized!
Type : File
Data : A0169374.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


IBIS Toolbar Object Recognized!
Type : File
Data : A0169377.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\



Elitum.ElitebarBHO Object Recognized!
Type : File
Data : A0169379.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Elite SideBar
FileDescription : Elite SideBar
InternalName : Elite SideBar
LegalCopyright : Copyright 2004
OriginalFilename : EliteSideBar.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0169409.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE

[djktamb]

FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Win32.Revop.Trojan Object Recognized!
Type : File
Data : A0169415.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 5.00.0002
ProductVersion : 5.00.0002
ProductName : mplayer
CompanyName : thunderdome
InternalName : actulice
OriginalFilename : actulice.exe


Winpup32 Object Recognized!
Type : File
Data : A0169416.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1.00.0005
ProductVersion : 1.00.0005
ProductName : werule
CompanyName : totempole
InternalName : pup
OriginalFilename : pup.exe


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0169417.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


BlazeFind Object Recognized!
Type : File
Data : A0169418.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


SahAgent Object Recognized!
Type : File
Data : A0169419.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 2, 0, 0, 3
ProductVersion : 2, 0, 0, 3
ProductName : Popup Application
FileDescription : Popup MFC Application
InternalName : Popup
LegalCopyright : Copyright © 2004
OriginalFilename : Popup.EXE
Comments : Search engine


Prutect Object Recognized!
Type : File
Data : A0169420.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1.00.0290
ProductVersion : 1.00.0290
CompanyName : PTech
InternalName : skytown
OriginalFilename : skytown.exe


Prutect Object Recognized!
Type : File
Data : A0169421.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6E1A2F0E-07CA-49C6-80E2-E91BA00FF7E3}\RP184\
FileVersion : 1.00.0290
ProductVersion : 1.00.0290
CompanyName : PTech
InternalName : skytown
OriginalFilename : skytown.exe


SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


SahAgent Object Recognized!
Type : File
Data : SAHAgent_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : ShopAtHomeSelect SahAgent
CompanyName : ShopAtHomeSelect
FileDescription : SahAgent
InternalName : SahAgent
LegalCopyright : Copyright © 2004
OriginalFilename : SahAgent.exe
Comments : Rules, pop-up. without serach and incremental update


SahAgent Object Recognized!
Type : File
Data : SahHtml_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 3
ProductVersion : 2, 0, 0, 3
ProductName : Popup Application
FileDescription : Popup MFC Application
InternalName : Popup
LegalCopyright : Copyright © 2004
OriginalFilename : Popup.EXE
Comments : Search engine


SahAgent Object Recognized!
Type : File
Data : SAHUninstall_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll


Prutect Object Recognized!
Type : File
Data : pi1_51.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\Cache\



Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\
FileVersion : 1, 8, 0, 0
ProductVersion : 1, 8, 0, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32


IBIS Toolbar Object Recognized!
Type : File
Data : WTuninst.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\docume~1\admini~1\locals~1\temp\DrTemp

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Rads01.Quadrogram Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

Prutect Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\E2G

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 60

4:43:16 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:30:30.468
Objects scanned:283058
Objects identified:60
Objects ignored:0
New critical objects:60

[Rawe]

Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to SahAgent ONLY. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe