Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]CouponAge spyware


  • Please log in to reply

#1
jweart

jweart

    New Member

  • Member
  • Pip
  • 5 posts
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 9:52:30 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid(TAC index:6):2 total references
IBIS Toolbar(TAC index:5):15 total references
Tracking Cookie(TAC index:3):52 total references
VX2(TAC index:10):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R26 25.01.2005
Internal build : 31
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 413418 Bytes
Total size : 1303446 Bytes
Signature data size : 1273751 Bytes
Reference data size : 29183 Bytes
Signatures total : 36254
Fingerprints total : 607
Fingerprints size : 22890 Bytes
Target categories : 15
Target families : 632

5-4-2005 9:48:18 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


5-4-2005 9:48:23 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:45 %
Total physical memory:523808 kb
Available physical memory:233968 kb
Total page file size:1279172 kb
Available on page file:1005968 kb
Total virtual memory:2097024 kb
Available virtual memory:2041784 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-4-2005 9:52:30 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-4-2005 1:30:49 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 748
ThreadCreationTime : 5-4-2005 1:30:52 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 772
ThreadCreationTime : 5-4-2005 1:30:53 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 816
ThreadCreationTime : 5-4-2005 1:30:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 828
ThreadCreationTime : 5-4-2005 1:30:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 972
ThreadCreationTime : 5-4-2005 1:30:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1084
ThreadCreationTime : 5-4-2005 1:30:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1184
ThreadCreationTime : 5-4-2005 1:30:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1236
ThreadCreationTime : 5-4-2005 1:30:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1396
ThreadCreationTime : 5-4-2005 1:30:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1596
ThreadCreationTime : 5-4-2005 1:30:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1736
ThreadCreationTime : 5-4-2005 1:31:02 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1776
ThreadCreationTime : 5-4-2005 1:31:02 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Mcshield.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
ProcessID : 1840
ThreadCreationTime : 5-4-2005 1:31:02 PM
BasePriority : High


#:15 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 1888
ThreadCreationTime : 5-4-2005 1:31:03 PM
BasePriority : Normal


#:16 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
ProcessID : 1896
ThreadCreationTime : 5-4-2005 1:31:03 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1960
ThreadCreationTime : 5-4-2005 1:31:03 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 2024
ThreadCreationTime : 5-4-2005 1:31:03 PM
BasePriority : Normal


#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 164
ThreadCreationTime : 5-4-2005 1:31:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 272
ThreadCreationTime : 5-4-2005 1:31:04 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 124
ThreadCreationTime : 5-4-2005 1:31:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 980
ThreadCreationTime : 5-4-2005 1:31:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 620
ThreadCreationTime : 5-4-2005 1:31:44 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 584
ThreadCreationTime : 5-4-2005 1:31:44 PM
BasePriority : Normal


#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 2052
ThreadCreationTime : 5-4-2005 1:31:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2068
ThreadCreationTime : 5-4-2005 1:31:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:27 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 2096
ThreadCreationTime : 5-4-2005 1:31:44 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:28 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 2188
ThreadCreationTime : 5-4-2005 1:31:45 PM
BasePriority : Normal
FileVersion : 9.41.33
ProductVersion : 9.41.1
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:29 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 2224
ThreadCreationTime : 5-4-2005 1:31:45 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:30 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 2288
ThreadCreationTime : 5-4-2005 1:31:45 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:31 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2316
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:32 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 2328
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:33 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 2340
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:34 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2364
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:35 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2392
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Normal


#:36 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 2416
ThreadCreationTime : 5-4-2005 1:31:46 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2432
ThreadCreationTime : 5-4-2005 1:31:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:38 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 2464
ThreadCreationTime : 5-4-2005 1:31:47 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:39 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2512
ThreadCreationTime : 5-4-2005 1:31:48 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:40 [rockettime.exe]
ModuleName : C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
Command Line : "C:\Program Files\Rocket Software\RocketTime\RocketTime.exe"
ProcessID : 2556
ThreadCreationTime : 5-4-2005 1:31:48 PM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : RocketTime Application
FileDescription : RocketTime Application
InternalName : RocketTime
LegalCopyright : Copyright © 2001 Rocket Software, Inc.
OriginalFilename : RocketTime.EXE

#:41 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2572
ThreadCreationTime : 5-4-2005 1:31:49 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:42 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2912
ThreadCreationTime : 5-4-2005 1:31:51 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:43 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2488
ThreadCreationTime : 5-4-2005 1:40:38 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 916
ThreadCreationTime : 5-4-2005 1:48:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : uid2

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a93b84c6-5278-473a-8027-f6304a291a7a}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a93b84c6-5278-473a-8027-f6304a291a7a}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{f0f4c299-735e-4eac-b2f9-f97324d5cc1d}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zservdll.zservdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zservdll.zservdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zservdll.zservdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zservdll.zservdllobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@statcounter[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@statcounter.com/
Expires : 2-15-2010 10:36:18 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@hitbox[1].txt
Category : Data Miner
Comment : Hits:1214
Value : Cookie:jim@hitbox.com/
Expires : 5-4-2006 9:41:16 AM
LastSync : Hits:1214
UseCount : 0
Hits : 1214

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@zedo[1].txt
Category : Data Miner
Comment : Hits:60
Value : Cookie:jim@zedo.com/
Expires : 3-21-2015 10:53:16 PM
LastSync : Hits:60
UseCount : 0
Hits : 60

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@tribalfusion.com/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@apmebf.com/
Expires : 2-19-2010 8:48:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@overture[2].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:jim@overture.com/
Expires : 3-25-2015 11:37:40 AM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@bfast[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim@bfast.com/
Expires : 3-6-2025 2:05:58 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@as-us.falkag[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:jim@as-us.falkag.net/
Expires : 4-5-2005 12:55:54 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@server.iad.liveperson[1].txt
Category : Data Miner
Comment : Hits:254
Value : Cookie:jim@server.iad.liveperson.net/
Expires : 2-16-2006 11:01:10 PM
LastSync : Hits:254
UseCount : 0
Hits : 254

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@2o7[2].txt
Category : Data Miner
Comment : Hits:452
Value : Cookie:jim@2o7.net/
Expires : 4-24-2010 4:54:56 PM
LastSync : Hits:452
UseCount : 0
Hits : 452

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@doubleclick[1].txt
Category : Data Miner
Comment : Hits:120
Value : Cookie:jim@doubleclick.net/
Expires : 2-8-2008 10:57:54 PM
LastSync : Hits:120
UseCount : 0
Hits : 120

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@linksynergy[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:jim@linksynergy.com/
Expires : 2-3-2025 9:59:08 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@casinotropez[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim@casinotropez.com/
Expires : 2-12-2005 11:02:40 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@qksrv[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim@qksrv.net/
Expires : 2-19-2010 8:48:04 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@tickle[1].txt
Category : Data Miner
Comment : Hits:87
Value : Cookie:jim@tickle.com/
Expires : 4-3-2007 11:48:04 AM
LastSync : Hits:87
UseCount : 0
Hits : 87

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@advertising[1].txt
Category : Data Miner
Comment : Hits:120
Value : Cookie:jim@advertising.com/
Expires : 4-18-2010 7:27:50 PM
LastSync : Hits:120
UseCount : 0
Hits : 120

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:24
Value : Cookie:jim@z1.adserver.com/
Expires : 4-3-2006 12:53:32 PM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment : Hits:113
Value : Cookie:jim@ehg-dig.hitbox.com/
Expires : 3-6-2006 12:02:00 PM
LastSync : Hits:113
UseCount : 0
Hits : 113

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@serving-sys[2].txt
Category : Data Miner
Comment : Hits:27
Value : Cookie:jim@serving-sys.com/
Expires : 1-1-2038 1:00:00 AM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@centrport[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:jim@centrport.net/
Expires : 12-31-2029 8:00:00 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@fastclick[1].txt
Category : Data Miner
Comment : Hits:209
Value : Cookie:jim@fastclick.net/
Expires : 4-7-2007 8:07:16 PM
LastSync : Hits:209
UseCount : 0
Hits : 209

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@stats1.clicktracks[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:jim@stats1.clicktracks.com/
Expires : 3-9-2015 5:24:42 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@atdmt[2].txt
Category : Data Miner
Comment : Hits:79
Value : Cookie:jim@atdmt.com/
Expires : 2-12-2010 8:00:00 PM
LastSync : Hits:79
UseCount : 0
Hits : 79

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@realmedia[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@realmedia.com/
Expires : 12-31-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@casalemedia[2].txt
Category : Data Miner
Comment : Hits:191
Value : Cookie:jim@casalemedia.com/
Expires : 3-18-2006 1:25:06 PM
LastSync : Hits:191
UseCount : 0
Hits : 191

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@data.coremetrics[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@data.coremetrics.com/
Expires : 2-12-2020 12:27:32 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:166
Value : Cookie:jim@servedby.advertising.com/
Expires : 5-19-2005 7:27:50 PM
LastSync : Hits:166
UseCount : 0
Hits : 166

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@fortunecity[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@fortunecity.com/
Expires : 12-31-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@as-eu.falkag[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:jim@as-eu.falkag.net/
Expires : 4-3-2006 12:34:32 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-rr.hitbox[2].txt
Category : Data Miner
Comment : Hits:911
Value : Cookie:jim@ehg-rr.hitbox.com/
Expires : 5-4-2006 9:41:16 AM
LastSync : Hits:911
UseCount : 0
Hits : 911

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-movielink.hitbox[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@ehg-movielink.hitbox.com/
Expires : 2-8-2006 10:38:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@www.casinotropez[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@www.casinotropez.com/
Expires : 2-9-2010 6:51:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:jim@bs.serving-sys.com/
Expires : 1-1-2038 1:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@twci.coremetrics[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim@twci.coremetrics.com/
Expires : 3-26-2020 11:45:56 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-airtran.hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@ehg-airtran.hitbox.com/
Expires : 3-12-2006 5:42:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@edge.ru4[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:jim@edge.ru4.com/
Expires : 3-5-2035 5:23:48 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@bluestreak[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:jim@bluestreak.com/
Expires : 4-1-2015 7:52:56 AM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@imrworldwide.com/cgi-bin
Expires : 1-18-2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@sel.as-us.falkag[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@sel.as-us.falkag.net/
Expires : 3-23-2005 8:57:46 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@trafficmp[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:jim@trafficmp.com/
Expires : 3-6-2006 1:17:12 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@phg.hitbox[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:jim@phg.hitbox.com/
Expires : 2-18-2006 9:35:12 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@adserving.autotrader[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:jim@adserving.autotrader.com/
Expires : 12-30-2037 12:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@perf.overture[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jim@perf.overture.com/
Expires : 2-19-2009 8:47:54 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@mediaplex[1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:jim@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@questionmarket.com/
Expires : 5-5-2006 8:57:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@jgen60.cjt1.net/HTM/763/0
Expires : 4-3-2006 12:07:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@targetnet[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim@targetnet.com/
Expires : 5-17-2033 11:33:20 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-iams.hitbox[2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:jim@ehg-iams.hitbox.com/
Expires : 4-1-2006 7:19:28 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ehg-kodak.hitbox[2].txt
Category : Data Miner
Comment : Hits:168
Value : Cookie:jim@ehg-kodak.hitbox.com/
Expires : 4-30-2006 1:29:30 PM
LastSync : Hits:168
UseCount : 0
Hits : 168

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@www5.addfreestats.com/cgi-bin
Expires : 2-27-2015 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:jim@ads.pointroll.com/
Expires : 12-31-2009 8:00:00 PM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@180solutions[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jim@180solutions.com/
Expires : 3-8-2006 7:56:56 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 52
Objects found so far: 65



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65

Disk Scan Result for C:\DOCUME~1\Jim\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : Reg
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:

Edited by Rawe, 04 May 2005 - 08:13 AM.

  • 0

#3
jweart

jweart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for your response!
After following your instructions above, I've attached the lates log file.


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 05, 2005 8:55:00 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid(TAC index:6):2 total references
CoolWebSearch(TAC index:10):4 total references
Tracking Cookie(TAC index:3):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:48 %
Total physical memory:523808 kb
Available physical memory:247892 kb
Total page file size:1279340 kb
Available on page file:1021536 kb
Total virtual memory:2097024 kb
Available virtual memory:2040264 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-5-2005 8:55:00 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-5-2005 12:49:55 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 748
ThreadCreationTime : 5-5-2005 12:49:59 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 772
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 816
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 828
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 980
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1080
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1184
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1288
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1616
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1764
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1788
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Mcshield.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
ProcessID : 1884
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : High


#:15 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
ProcessID : 1908
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:16 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 1924
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : Normal


#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1980
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 2040
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal


#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 216
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 312
ThreadCreationTime : 5-5-2005 12:50:07 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1204
ThreadCreationTime : 5-5-2005 12:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4a0]SUSDS947c721e7a38814586e26a555a243514
ProcessID : 1732
ThreadCreationTime : 5-5-2005 12:50:52 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:23 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1032
ThreadCreationTime : 5-5-2005 12:53:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1160
ThreadCreationTime : 5-5-2005 12:53:47 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 1168
ThreadCreationTime : 5-5-2005 12:53:47 PM
BasePriority : Normal


#:26 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 628
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:27 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 1248
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:28 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1392
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 9.41.33
ProductVersion : 9.41.1
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:29 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 428
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:30 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 1224
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:31 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1480
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:32 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 492
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:33 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 1712
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:34 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2076
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:35 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2084
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal


#:36 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 2092
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2100
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:38 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 2132
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:39 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2148
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:40 [rockettime.exe]
ModuleName : C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
Command Line : "C:\Program Files\Rocket Software\RocketTime\RocketTime.exe"
ProcessID : 2188
ThreadCreationTime : 5-5-2005 12:53:51 PM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : RocketTime Application
FileDescription : RocketTime Application
InternalName : RocketTime
LegalCopyright : Copyright © 2001 Rocket Software, Inc.
OriginalFilename : RocketTime.EXE

#:41 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2204
ThreadCreationTime : 5-5-2005 12:53:51 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:42 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2216
ThreadCreationTime : 5-5-2005 12:53:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:43 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2508
ThreadCreationTime : 5-5-2005 12:53:55 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3404
ThreadCreationTime : 5-5-2005 12:54:25 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@ehg-rr.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@ehg-rr.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@server.iad.liveperson[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@ehg-dig.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@servedby.advertising[1].txt

CoolWebSearch Object Recognized!
Type : File
Data : 7A375CC5-1217-4422-AF94-18175E
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\C87B72AC-1F59-4112-8A5C-9FCC06\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 20

9:07:38 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:37.781
Objects scanned:147166
Objects identified:20
Objects ignored:0
New critical objects:20
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Could you please follow the same removal instructions as earlier, but this time remove CoolWebSearch ONLY.

- Rawe :tazz:
  • 0

#5
jweart

jweart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the new logfile, after removing CoolWebSearch:

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 05, 2005 9:21:39 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid(TAC index:6):4 total references
Tracking Cookie(TAC index:3):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:29 %
Total physical memory:523808 kb
Available physical memory:147624 kb
Total page file size:1279340 kb
Available on page file:1016924 kb
Total virtual memory:2097024 kb
Available virtual memory:1969888 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-5-2005 9:21:39 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-5-2005 12:49:55 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 748
ThreadCreationTime : 5-5-2005 12:49:59 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 772
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 816
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 828
ThreadCreationTime : 5-5-2005 12:50:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 980
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1080
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1184
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1288
ThreadCreationTime : 5-5-2005 12:50:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1616
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1764
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1788
ThreadCreationTime : 5-5-2005 12:50:04 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Mcshield.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
ProcessID : 1884
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : High


#:15 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
ProcessID : 1908
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:16 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 1924
ThreadCreationTime : 5-5-2005 12:50:05 PM
BasePriority : Normal


#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1980
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 2040
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal


#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 216
ThreadCreationTime : 5-5-2005 12:50:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 312
ThreadCreationTime : 5-5-2005 12:50:07 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1204
ThreadCreationTime : 5-5-2005 12:50:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1032
ThreadCreationTime : 5-5-2005 12:53:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1160
ThreadCreationTime : 5-5-2005 12:53:47 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 1168
ThreadCreationTime : 5-5-2005 12:53:47 PM
BasePriority : Normal


#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 628
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 1248
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:27 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1392
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 9.41.33
ProductVersion : 9.41.1
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:28 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 428
ThreadCreationTime : 5-5-2005 12:53:48 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:29 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 1224
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:30 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1480
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 492
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 1712
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:33 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2076
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:34 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2084
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal


#:35 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 2092
ThreadCreationTime : 5-5-2005 12:53:49 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:36 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2100
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:37 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 2132
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:38 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2148
ThreadCreationTime : 5-5-2005 12:53:50 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:39 [rockettime.exe]
ModuleName : C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
Command Line : "C:\Program Files\Rocket Software\RocketTime\RocketTime.exe"
ProcessID : 2188
ThreadCreationTime : 5-5-2005 12:53:51 PM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : RocketTime Application
FileDescription : RocketTime Application
InternalName : RocketTime
LegalCopyright : Copyright © 2001 Rocket Software, Inc.
OriginalFilename : RocketTime.EXE

#:40 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2204
ThreadCreationTime : 5-5-2005 12:53:51 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:41 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2216
ThreadCreationTime : 5-5-2005 12:53:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:42 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2508
ThreadCreationTime : 5-5-2005 12:53:55 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3404
ThreadCreationTime : 5-5-2005 12:54:25 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:44 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1564
ThreadCreationTime : 5-5-2005 1:21:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : uid2

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : uid2

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@ehg-rr.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@ehg-rr.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : betsy@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Betsy\Cookies\betsy@server.iad.liveperson[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@ehg-dig.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dallas@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dallas\Cookies\dallas@servedby.advertising[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

9:31:01 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:21.563
Objects scanned:138765
Objects identified:18
Objects ignored:0
New critical objects:18
  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R42 28.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#7
jweart

jweart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for your help, so far. Sorry this took so long to get back to you. Here's the latest logfile:

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 4:50:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:51 %
Total physical memory:523808 kb
Available physical memory:266536 kb
Total page file size:1279340 kb
Available on page file:1044276 kb
Total virtual memory:2097024 kb
Available virtual memory:2040260 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 4:50:01 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 664
ThreadCreationTime : 5-7-2005 8:37:08 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 744
ThreadCreationTime : 5-7-2005 8:37:10 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 768
ThreadCreationTime : 5-7-2005 8:37:11 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 812
ThreadCreationTime : 5-7-2005 8:37:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 824
ThreadCreationTime : 5-7-2005 8:37:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 976
ThreadCreationTime : 5-7-2005 8:37:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1072
ThreadCreationTime : 5-7-2005 8:37:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1172
ThreadCreationTime : 5-7-2005 8:37:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1228
ThreadCreationTime : 5-7-2005 8:37:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1280
ThreadCreationTime : 5-7-2005 8:37:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1608
ThreadCreationTime : 5-7-2005 8:37:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1724
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1756
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Mcshield.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
ProcessID : 1792
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : High


#:15 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 1860
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : Normal


#:16 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
ProcessID : 1872
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1928
ThreadCreationTime : 5-7-2005 8:37:15 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 128
ThreadCreationTime : 5-7-2005 8:37:16 PM
BasePriority : Normal


#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 256
ThreadCreationTime : 5-7-2005 8:37:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 428
ThreadCreationTime : 5-7-2005 8:37:17 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1348
ThreadCreationTime : 5-7-2005 8:37:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1740
ThreadCreationTime : 5-7-2005 8:49:14 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1128
ThreadCreationTime : 5-7-2005 8:49:15 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 788
ThreadCreationTime : 5-7-2005 8:49:15 PM
BasePriority : Normal


#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 732
ThreadCreationTime : 5-7-2005 8:49:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 1236
ThreadCreationTime : 5-7-2005 8:49:15 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:27 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 1288
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 9.41.33
ProductVersion : 9.41.1
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:28 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 1296
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:29 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 1344
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:30 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1448
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 1244
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 1036
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:33 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1020
ThreadCreationTime : 5-7-2005 8:49:16 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:34 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 648
ThreadCreationTime : 5-7-2005 8:49:17 PM
BasePriority : Normal


#:35 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 492
ThreadCreationTime : 5-7-2005 8:49:17 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:36 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1216
ThreadCreationTime : 5-7-2005 8:49:17 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:37 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 936
ThreadCreationTime : 5-7-2005 8:49:17 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:38 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 860
ThreadCreationTime : 5-7-2005 8:49:18 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:39 [rockettime.exe]
ModuleName : C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
Command Line : "C:\Program Files\Rocket Software\RocketTime\RocketTime.exe"
ProcessID : 2072
ThreadCreationTime : 5-7-2005 8:49:19 PM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : RocketTime Application
FileDescription : RocketTime Application
InternalName : RocketTime
LegalCopyright : Copyright © 2001 Rocket Software, Inc.
OriginalFilename : RocketTime.EXE

#:40 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2080
ThreadCreationTime : 5-7-2005 8:49:19 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:41 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2108
ThreadCreationTime : 5-7-2005 8:49:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:42 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe casync.dll,Main app=CouponAge
ProcessID : 2336
ThreadCreationTime : 5-7-2005 8:49:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:43 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2492
ThreadCreationTime : 5-7-2005 8:49:22 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3276
ThreadCreationTime : 5-7-2005 8:49:50 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

5:00:58 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:57.484
Objects scanned:125128
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello.
You'll need to follow the same instructions, yet again.
There's a new definitions file update, so could you perform webupdate, then follow the instructions at Andy's post.

- Rawe :tazz:

We'll give you further advice then, if that doesn't do the trick.)
  • 0

#9
jweart

jweart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I've updated, as advised, and gone through the same process, again. Here's the resulting logfile:

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 5:36:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid(TAC index:6):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:47 %
Total physical memory:523808 kb
Available physical memory:243752 kb
Total page file size:1279340 kb
Available on page file:1016720 kb
Total virtual memory:2097024 kb
Available virtual memory:2040264 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 5:36:57 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-7-2005 9:34:25 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 744
ThreadCreationTime : 5-7-2005 9:34:27 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 768
ThreadCreationTime : 5-7-2005 9:34:28 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 812
ThreadCreationTime : 5-7-2005 9:34:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 824
ThreadCreationTime : 5-7-2005 9:34:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 980
ThreadCreationTime : 5-7-2005 9:34:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1076
ThreadCreationTime : 5-7-2005 9:34:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1176
ThreadCreationTime : 5-7-2005 9:34:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1220
ThreadCreationTime : 5-7-2005 9:34:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1276
ThreadCreationTime : 5-7-2005 9:34:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1608
ThreadCreationTime : 5-7-2005 9:34:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1728
ThreadCreationTime : 5-7-2005 9:34:31 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:13 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1752
ThreadCreationTime : 5-7-2005 9:34:31 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:14 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Mcshield.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
ProcessID : 1820
ThreadCreationTime : 5-7-2005 9:34:32 PM
BasePriority : High


#:15 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 1860
ThreadCreationTime : 5-7-2005 9:34:32 PM
BasePriority : Normal


#:16 [naprdmgr.exe]
ModuleName : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
Command Line : C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
ProcessID : 1892
ThreadCreationTime : 5-7-2005 9:34:32 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:17 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1952
ThreadCreationTime : 5-7-2005 9:34:32 PM
BasePriority : Normal
FileVersion : 6.14.10.5655
ProductVersion : 6.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 2024
ThreadCreationTime : 5-7-2005 9:34:33 PM
BasePriority : Normal


#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 244
ThreadCreationTime : 5-7-2005 9:34:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 316
ThreadCreationTime : 5-7-2005 9:34:34 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1296
ThreadCreationTime : 5-7-2005 9:34:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[498]SUSDSd0ff59dbe9a0fa4386c6362c9498d9c7
ProcessID : 128
ThreadCreationTime : 5-7-2005 9:35:20 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:23 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 356
ThreadCreationTime : 5-7-2005 9:35:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:24 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1788
ThreadCreationTime : 5-7-2005 9:36:12 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2100
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 2108
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal


#:27 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 2124
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:28 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 2148
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:29 [em_exec.exe]
ModuleName : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 2256
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 9.41.33
ProductVersion : 9.41.1
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:30 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 2264
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:31 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 2284
ThreadCreationTime : 5-7-2005 9:36:13 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:32 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2292
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:33 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 2344
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:34 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 2352
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:35 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 2360
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:36 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2376
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal


#:37 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 2384
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:38 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2408
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [desktopweather.exe]
ModuleName : C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
Command Line : "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
ProcessID : 2416
ThreadCreationTime : 5-7-2005 9:36:14 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:40 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2480
ThreadCreationTime : 5-7-2005 9:36:15 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:41 [rockettime.exe]
ModuleName : C:\Program Files\Rocket Software\RocketTime\RocketTime.exe
Command Line : "C:\Program Files\Rocket Software\RocketTime\RocketTime.exe"
ProcessID : 2528
ThreadCreationTime : 5-7-2005 9:36:16 PM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : RocketTime Application
FileDescription : RocketTime Application
InternalName : RocketTime
LegalCopyright : Copyright © 2001 Rocket Software, Inc.
OriginalFilename : RocketTime.EXE

#:42 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2536
ThreadCreationTime : 5-7-2005 9:36:16 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:43 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2604
ThreadCreationTime : 5-7-2005 9:36:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:44 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2952
ThreadCreationTime : 5-7-2005 9:36:20 PM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:45 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3648
ThreadCreationTime : 5-7-2005 9:36:46 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

5:47:50 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:53.281
Objects scanned:125245
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok..
Run these online virus scans;
- F-secure
- Trend Micro

Post the results here.

- Rawe :tazz:
  • 0

#11
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP