Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]messenger plus

Started by McFlop , May 02 2005 01:49 PM

  • Please log in to reply

#1
McFlop
Posted 02 May 2005 - 01:49 PM

McFlop

    New Member

  • Member
  • Pip
  • 5 posts
:tazz:
My son downloaded meddenger plus and now we have the full horror of lop.com on the family pc. [bleep] ads, gambling, persistent subversion of our browser. what a nasty program it is. so far, ad aware, spy sweeper and counterspy have all failed to remove it. help. please
  • 0

Advertisements

#2
GR@PH;<'S
Posted 02 May 2005 - 02:03 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
McFlop,
Please can you make sure that you are using
Ad-aware SE (Free/Personal)
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
(SE1R42.28.04.2005)
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file
then scan doing a ""Full Scan"" and post your logfile here by using the "Add-reply" feature.
If needed here how to post your Ad-aware Logfile :tazz:
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default
GR@PH;<'S

Edited by GR@PH;<'S, 02 May 2005 - 02:05 PM.

  • 0

#3
McFlop
Posted 02 May 2005 - 02:14 PM

McFlop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
HIJACKTHIS LOG REMOVED
as it was not requested

Edited by GR@PH;<'S, 02 May 2005 - 02:51 PM.

  • 0

#4
McFlop
Posted 02 May 2005 - 02:16 PM

McFlop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
HIJACKTHIS LOG REMOVED
Please do not post it till asked as it can cause confusion

Edited by GR@PH;<'S, 02 May 2005 - 02:53 PM.

  • 0

#5
McFlop
Posted 02 May 2005 - 02:22 PM

McFlop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
actuall that's not it. please ignore last post which is a duplication. this is the rest

4 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1772
ThreadCreationTime : 02-05-2005 15:44:30
BasePriority : Normal


#:25 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 644
ThreadCreationTime : 02-05-2005 15:44:30
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
ProcessID : 1976
ThreadCreationTime : 02-05-2005 15:44:31
BasePriority : Normal


#:27 [carpserv.exe]
ModuleName : C:\WINDOWS\System32\carpserv.exe
Command Line : "C:\WINDOWS\System32\carpserv.exe"
ProcessID : 660
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 5.03.00.00
ProductVersion : 5.03.00.00
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2001
OriginalFilename : carpserv.exe

#:28 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1604
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:29 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
ProcessID : 736
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1.3.8.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe

#:30 [ctdvddet.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
Command Line : "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
ProcessID : 816
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1.0.3.0
ProductVersion : 1.0.3.0
ProductName : CTDVDDET
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTDVDDET.EXE

#:31 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 820
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002-03
OriginalFilename : CtHelper.EXE

#:32 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 1100
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:33 [point32.exe]
ModuleName : C:\Program Files\Microsoft IntelliPoint\point32.exe
Command Line : "C:\Program Files\Microsoft IntelliPoint\point32.exe"
ProcessID : 1172
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal


#:34 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 444
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:35 [ghoststarttrayapp.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
ProcessID : 340
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:36 [acctmgr.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
Command Line : "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
ProcessID : 1404
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2004.1.406
ProductVersion : 2004.1.406
ProductName : Norton Password Manager
CompanyName : Symantec Corporation
FileDescription : Password Manager Controller
InternalName : AcctMgr
LegalCopyright : Copyright © 2003-2004 Symantec Corporation
OriginalFilename : AcctMgr.EXE

#:37 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1664
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:38 [lxbabmgr.exe]
ModuleName : C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
Command Line : "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
ProcessID : 1680
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X5100 Series Button Manager
InternalName : lxbabmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbabmgr.exe

#:39 [siservice.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
ProcessID : 2052
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 4.00.0218
ProductVersion : 4.00.0218
ProductName : siService by GIANT Company inc
CompanyName : GIANT Company Software, inc.
InternalName : siService
LegalCopyright : Copyright © 2001-2003, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : Spam Inspector is a Trademark of GIANT Company Inc.
OriginalFilename : siService.exe
Comments : Created by GIANT Company Software inc.

#:40 [sunasdtserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe"
ProcessID : 2128
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:41 [sunasserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe"
ProcessID : 2144
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:42 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2164
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:43 [sispamfilterengine.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe"
ProcessID : 2188
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 1.00.0228
ProductVersion : 1.00.0228
ProductName : siSpamFilterEngine
CompanyName : GIANT Company Software
InternalName : siSpamFilterEngine
OriginalFilename : siSpamFilterEngine.exe

#:44 [lxbabmon.exe]
ModuleName : C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
Command Line : "C:\Program Files\Lexmark X5100 Series\lxbabmon.exe"
ProcessID : 2192
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X5100 Series Button Monitor
InternalName : lxbabmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbabmon.exe

#:45 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2200
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:46 [pcletray.exe]
ModuleName : C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
Command Line : "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe"
ProcessID : 2368
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 1.0.0.23
ProductVersion : 1.0.0.0
CompanyName : Pinnacle Systems
FileDescription : Tray Starter
LegalCopyright : Copyright © 2003 Pinnacle Systems GmbH

#:47 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2476
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:48 [rcman.exe]
ModuleName : C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
Command Line : "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"
ProcessID : 2512
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 2.0.0.3
ProductVersion : 2.0.0.0
ProductName : Creative MediaSource 2 Remote Control System
CompanyName : Creative Technology Ltd
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © Creative Technology Ltd.,2003. All rights reserved.
OriginalFilename : RcMan.EXE

#:49 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 2580
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:50 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 2668
ThreadCreationTime : 02-05-2005 15:44:35
BasePriority : Normal
FileVersion : 3.2.0.146
ProductVersion : 3.2
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:51 [hotsync.exe]
ModuleName : C:\Program Files\Palm\Hotsync.exe
Command Line : "C:\Program Files\Palm\Hotsync.exe" -logon
ProcessID : 2724
ThreadCreationTime : 02-05-2005 15:44:36
BasePriority : Normal
FileVersion : 6.0.1
ProductVersion : 6.0.1
ProductName : HotSync® Manager
CompanyName : PalmSource, Inc
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2004 PalmSource Inc.
LegalTrademarks : HotSync® is a registered trademark of PalmSource Inc.
OriginalFilename : Hotsync.exe

#:52 [wlancfg5.exe]
ModuleName : C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
Command Line : "C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe" /HIDE
ProcessID : 2748
ThreadCreationTime : 02-05-2005 15:44:36
BasePriority : Normal
FileVersion : 2, 0, 0, 7
ProductVersion : 2, 0, 0, 7
ProductName : NetgearCUv2 Application
FileDescription : NetgearCUv2 MFC Application
InternalName : NETGEAR WG511v2 Smart Configuration
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearCUv2.EXE

#:53 [simailproxyserver.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe"
ProcessID : 3708
ThreadCreationTime : 02-05-2005 15:44:50
BasePriority : Normal
FileVersion : 4.00.0129
ProductVersion : 4.00.0129
ProductName : siMailProxyServer
CompanyName : GIANT Company Software inc.
InternalName : siMailProxyServer
OriginalFilename : siMailProxyServer.exe

#:54 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1936
ThreadCreationTime : 02-05-2005 16:10:16
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:55 [iexplore.exe]
ModuleName : c:\progra~1\intern~1\iexplore.exe
Command Line : "c:\progra~1\intern~1\iexplore.exe"
ProcessID : 1660
ThreadCreationTime : 02-05-2005 16:24:21
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Lop Object Recognized!
Type : Process
Data : ocougcnf.exe
Category : Malware
Comment : (CSI MATCH)
Object : c:\docume~1\keith\locals~1\temp\


Warning! Lop Object found in memory(c:\docume~1\keith\locals~1\temp\ocougcnf.exe)

"c:\docume~1\keith\locals~1\temp\ocougcnf.exe"Process terminated successfully
"c:\progra~1\intern~1\iexplore.exe"Process terminated successfully

#:56 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3864
ThreadCreationTime : 02-05-2005 16:29:29
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:57 [sunasservalert.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe" E78DA2F7-37AB-419E-8255-2AC340
ProcessID : 3492
ThreadCreationTime : 02-05-2005 16:34:07
BasePriority : Normal
FileVersion : 1.00.0064
ProductVersion : 1.00.0064
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Service Alert
InternalName : sunasServAlert
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServAlert.exe

#:58 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3852
ThreadCreationTime : 02-05-2005 16:39:49
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:59 [opscan.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe" -Embedding
ProcessID : 2464
ThreadCreationTime : 02-05-2005 16:46:47
BasePriority : Normal
FileVersion : 10.0.2.610
ProductVersion : 10.0.2.610
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Out of Process Scan Server
InternalName : OPScan
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : OPScan.exe

#:60 [lxbapswx.exe]
ModuleName : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAPSWX.EXE
Command Line : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAPSWX.EXE SPLPP /F=Lexmark X5100 Series
ProcessID : 432
ThreadCreationTime : 02-05-2005 16:46:50
BasePriority : Normal


#:61 [lxbajswx.exe]
ModuleName : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAJSWX.EXE
Command Line : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAJSWX.EXE SPLPP /F=Lexmark X5100 Series
ProcessID : 1688
ThreadCreationTime : 02-05-2005 16:46:50
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 43


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ben@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ben@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\[email protected][2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 46




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46

17:56:26 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:54.813
Objects scanned:179154
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#6
GR@PH;<'S
Posted 02 May 2005 - 02:59 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
McFlop,
PLease can you repost your Ad-aware SE log file
If needed here how to post your Ad-aware Logfile ;)
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default
GR@PH;<'S :tazz:
  • 0

#7
McFlop
Posted 02 May 2005 - 03:39 PM

McFlop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
tHINK THIS IS IT ALL IN ONE
Ad-Aware SE Build 1.05
Logfile Created on:02 May 2005 17:47:32
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Lop(TAC index:7):1 total references
MRU List(TAC index:0):42 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:44 %
Total physical memory:1047268 kb
Available physical memory:455044 kb
Total page file size:2518064 kb
Available on page file:1968144 kb
Total virtual memory:2097024 kb
Available virtual memory:2043572 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


02-05-2005 17:47:32 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Keith\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Keith\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\10.0\common\search\last query
Description : last query in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\10.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-718798403-640145091-3419161681-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 772
ThreadCreationTime : 02-05-2005 15:44:15
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 844
ThreadCreationTime : 02-05-2005 15:44:16
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 872
ThreadCreationTime : 02-05-2005 15:44:18
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 916
ThreadCreationTime : 02-05-2005 15:44:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 928
ThreadCreationTime : 02-05-2005 15:44:19
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1076
ThreadCreationTime : 02-05-2005 15:44:19
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1116
ThreadCreationTime : 02-05-2005 15:44:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1268
ThreadCreationTime : 02-05-2005 15:44:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1400
ThreadCreationTime : 02-05-2005 15:44:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1496
ThreadCreationTime : 02-05-2005 15:44:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1796
ThreadCreationTime : 02-05-2005 15:44:21
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1832
ThreadCreationTime : 02-05-2005 15:44:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1836
ThreadCreationTime : 02-05-2005 15:44:21
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1988
ThreadCreationTime : 02-05-2005 15:44:21
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 2004
ThreadCreationTime : 02-05-2005 15:44:22
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:16 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe"
ProcessID : 168
ThreadCreationTime : 02-05-2005 15:44:22
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:17 [nprotect.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
Command Line : C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
ProcessID : 188
ThreadCreationTime : 02-05-2005 15:44:22
BasePriority : Normal
FileVersion : 17.0.0.83
ProductVersion : 17.0.0.83
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:18 [savscan.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe"
ProcessID : 288
ThreadCreationTime : 02-05-2005 15:44:22
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:19 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
Command Line : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
ProcessID : 552
ThreadCreationTime : 02-05-2005 15:44:23
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll

#:20 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1208
ThreadCreationTime : 02-05-2005 15:44:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
ProcessID : 1248
ThreadCreationTime : 02-05-2005 15:44:23
BasePriority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:22 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1492
ThreadCreationTime : 02-05-2005 15:44:23
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:23 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1556
ThreadCreationTime : 02-05-2005 15:44:23
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:24 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1772
ThreadCreationTime : 02-05-2005 15:44:30
BasePriority : Normal


#:25 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 644
ThreadCreationTime : 02-05-2005 15:44:30
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
ProcessID : 1976
ThreadCreationTime : 02-05-2005 15:44:31
BasePriority : Normal


#:27 [carpserv.exe]
ModuleName : C:\WINDOWS\System32\carpserv.exe
Command Line : "C:\WINDOWS\System32\carpserv.exe"
ProcessID : 660
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 5.03.00.00
ProductVersion : 5.03.00.00
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2001
OriginalFilename : carpserv.exe

#:28 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1604
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:29 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
ProcessID : 736
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1.3.8.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe

#:30 [ctdvddet.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
Command Line : "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
ProcessID : 816
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1.0.3.0
ProductVersion : 1.0.3.0
ProductName : CTDVDDET
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTDVDDET.EXE

#:31 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 820
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002-03
OriginalFilename : CtHelper.EXE

#:32 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 1100
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:33 [point32.exe]
ModuleName : C:\Program Files\Microsoft IntelliPoint\point32.exe
Command Line : "C:\Program Files\Microsoft IntelliPoint\point32.exe"
ProcessID : 1172
ThreadCreationTime : 02-05-2005 15:44:32
BasePriority : Normal


#:34 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 444
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:35 [ghoststarttrayapp.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe"
ProcessID : 340
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:36 [acctmgr.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
Command Line : "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
ProcessID : 1404
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 2004.1.406
ProductVersion : 2004.1.406
ProductName : Norton Password Manager
CompanyName : Symantec Corporation
FileDescription : Password Manager Controller
InternalName : AcctMgr
LegalCopyright : Copyright © 2003-2004 Symantec Corporation
OriginalFilename : AcctMgr.EXE

#:37 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1664
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:38 [lxbabmgr.exe]
ModuleName : C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
Command Line : "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
ProcessID : 1680
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X5100 Series Button Manager
InternalName : lxbabmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbabmgr.exe

#:39 [siservice.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
ProcessID : 2052
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 4.00.0218
ProductVersion : 4.00.0218
ProductName : siService by GIANT Company inc
CompanyName : GIANT Company Software, inc.
InternalName : siService
LegalCopyright : Copyright © 2001-2003, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : Spam Inspector is a Trademark of GIANT Company Inc.
OriginalFilename : siService.exe
Comments : Created by GIANT Company Software inc.

#:40 [sunasdtserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe"
ProcessID : 2128
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:41 [sunasserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe"
ProcessID : 2144
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:42 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2164
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:43 [sispamfilterengine.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe"
ProcessID : 2188
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 1.00.0228
ProductVersion : 1.00.0228
ProductName : siSpamFilterEngine
CompanyName : GIANT Company Software
InternalName : siSpamFilterEngine
OriginalFilename : siSpamFilterEngine.exe

#:44 [lxbabmon.exe]
ModuleName : C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
Command Line : "C:\Program Files\Lexmark X5100 Series\lxbabmon.exe"
ProcessID : 2192
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X5100 Series Button Monitor
InternalName : lxbabmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbabmon.exe

#:45 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2200
ThreadCreationTime : 02-05-2005 15:44:33
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:46 [pcletray.exe]
ModuleName : C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
Command Line : "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe"
ProcessID : 2368
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 1.0.0.23
ProductVersion : 1.0.0.0
CompanyName : Pinnacle Systems
FileDescription : Tray Starter
LegalCopyright : Copyright © 2003 Pinnacle Systems GmbH

#:47 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2476
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:48 [rcman.exe]
ModuleName : C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
Command Line : "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"
ProcessID : 2512
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 2.0.0.3
ProductVersion : 2.0.0.0
ProductName : Creative MediaSource 2 Remote Control System
CompanyName : Creative Technology Ltd
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © Creative Technology Ltd.,2003. All rights reserved.
OriginalFilename : RcMan.EXE

#:49 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 2580
ThreadCreationTime : 02-05-2005 15:44:34
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:50 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 2668
ThreadCreationTime : 02-05-2005 15:44:35
BasePriority : Normal
FileVersion : 3.2.0.146
ProductVersion : 3.2
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:51 [hotsync.exe]
ModuleName : C:\Program Files\Palm\Hotsync.exe
Command Line : "C:\Program Files\Palm\Hotsync.exe" -logon
ProcessID : 2724
ThreadCreationTime : 02-05-2005 15:44:36
BasePriority : Normal
FileVersion : 6.0.1
ProductVersion : 6.0.1
ProductName : HotSync® Manager
CompanyName : PalmSource, Inc
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2004 PalmSource Inc.
LegalTrademarks : HotSync® is a registered trademark of PalmSource Inc.
OriginalFilename : Hotsync.exe

#:52 [wlancfg5.exe]
ModuleName : C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
Command Line : "C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe" /HIDE
ProcessID : 2748
ThreadCreationTime : 02-05-2005 15:44:36
BasePriority : Normal
FileVersion : 2, 0, 0, 7
ProductVersion : 2, 0, 0, 7
ProductName : NetgearCUv2 Application
FileDescription : NetgearCUv2 MFC Application
InternalName : NETGEAR WG511v2 Smart Configuration
LegalCopyright : Copyright © 2003
OriginalFilename : NetgearCUv2.EXE

#:53 [simailproxyserver.exe]
ModuleName : C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe
Command Line : "C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe"
ProcessID : 3708
ThreadCreationTime : 02-05-2005 15:44:50
BasePriority : Normal
FileVersion : 4.00.0129
ProductVersion : 4.00.0129
ProductName : siMailProxyServer
CompanyName : GIANT Company Software inc.
InternalName : siMailProxyServer
OriginalFilename : siMailProxyServer.exe

#:54 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1936
ThreadCreationTime : 02-05-2005 16:10:16
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:55 [iexplore.exe]
ModuleName : c:\progra~1\intern~1\iexplore.exe
Command Line : "c:\progra~1\intern~1\iexplore.exe"
ProcessID : 1660
ThreadCreationTime : 02-05-2005 16:24:21
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Lop Object Recognized!
Type : Process
Data : ocougcnf.exe
Category : Malware
Comment : (CSI MATCH)
Object : c:\docume~1\keith\locals~1\temp\


Warning! Lop Object found in memory(c:\docume~1\keith\locals~1\temp\ocougcnf.exe)

"c:\docume~1\keith\locals~1\temp\ocougcnf.exe"Process terminated successfully
"c:\progra~1\intern~1\iexplore.exe"Process terminated successfully

#:56 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3864
ThreadCreationTime : 02-05-2005 16:29:29
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:57 [sunasservalert.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe" E78DA2F7-37AB-419E-8255-2AC340
ProcessID : 3492
ThreadCreationTime : 02-05-2005 16:34:07
BasePriority : Normal
FileVersion : 1.00.0064
ProductVersion : 1.00.0064
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Service Alert
InternalName : sunasServAlert
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServAlert.exe

#:58 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3852
ThreadCreationTime : 02-05-2005 16:39:49
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:59 [opscan.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe" -Embedding
ProcessID : 2464
ThreadCreationTime : 02-05-2005 16:46:47
BasePriority : Normal
FileVersion : 10.0.2.610
ProductVersion : 10.0.2.610
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Out of Process Scan Server
InternalName : OPScan
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : OPScan.exe

#:60 [lxbapswx.exe]
ModuleName : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAPSWX.EXE
Command Line : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAPSWX.EXE SPLPP /F=Lexmark X5100 Series
ProcessID : 432
ThreadCreationTime : 02-05-2005 16:46:50
BasePriority : Normal


#:61 [lxbajswx.exe]
ModuleName : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAJSWX.EXE
Command Line : C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXBAJSWX.EXE SPLPP /F=Lexmark X5100 Series
ProcessID : 1688
ThreadCreationTime : 02-05-2005 16:46:50
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 43


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ben@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ben@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ben\Cookies\[email protected][2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 46




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46

17:56:26 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:54.813
Objects scanned:179154
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#8
GR@PH;<'S
Posted 02 May 2005 - 03:50 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like :tazz:
CCleaner also
please can you make sure that you still have “Ticks by these :
"Unload recognized processes during scanning",
"Let Windows remove files in use after reboot."
to do this Open Ad-aware SE
Click “settings” (the Gear)
then Click “Tweaks“,
then click “Scanning Engine”
Tick ."Unload recognized processes during scanning"
Then Click “Cleaning Engine”
And Tick
"Let Windows remove files in use after reboot."
then Click “proceed”.
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
After doing that can you post your HijackThis log file
GR@PH;<'S
  • 0

#9
GR@PH;<'S
Posted 02 May 2005 - 03:51 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP