Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]hijacked![RESOLVED]

Started by Denise , May 04 2005 12:02 PM

  • This topic is locked This topic is locked

#1
Denise
Posted 04 May 2005 - 12:02 PM

Denise

    Member

  • Member
  • PipPip
  • 24 posts
My computer appears to have been hijacked.
I followed all instruction except that I can't download windows upates.
i am attaching me adaware scan.

Thanks Denise
Ad-Aware SE Build 1.05
Logfile Created on:May 4, 2005 1:22:03 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
FlashenhancerBHO(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:19 %
Total physical memory:261668 kb
Available physical memory:48860 kb
Total page file size:631380 kb
Available on page file:333880 kb
Total virtual memory:2097024 kb
Available virtual memory:2040180 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04-05-2005 1:22:03 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 04-05-2005 5:14:52 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 04-05-2005 5:14:58 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 04-05-2005 5:15:00 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 04-05-2005 5:15:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 04-05-2005 5:15:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 04-05-2005 5:15:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 912
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1048
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1228
ThreadCreationTime : 04-05-2005 5:15:06 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1272
ThreadCreationTime : 04-05-2005 5:15:07 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1268
ThreadCreationTime : 04-05-2005 5:15:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1432
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1468
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 1544
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1608
ThreadCreationTime : 04-05-2005 5:15:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 1628
ThreadCreationTime : 04-05-2005 5:15:09 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:18 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 1712
ThreadCreationTime : 04-05-2005 5:15:10 PM
BasePriority : Normal
FileVersion : 1.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1832
ThreadCreationTime : 04-05-2005 5:15:14 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 1908
ThreadCreationTime : 04-05-2005 5:15:14 PM
BasePriority : Normal
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 212
ThreadCreationTime : 04-05-2005 5:15:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 480
ThreadCreationTime : 04-05-2005 5:15:22 PM
BasePriority : Normal
FileVersion : 2.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 496
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 520
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [camtray.exe]
ModuleName : C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 660
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 3.2.1.0
ProductVersion : 2.20
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 600
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal


#:27 [lxbrksk.exe]
ModuleName : C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
Command Line : "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
ProcessID : 872
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 3.37
ProductVersion : 3.37
LegalCopyright : Copyright © 1999-2003 OnSpec Electronic Inc.

#:28 [lxbrbmgr.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
ProcessID : 964
ThreadCreationTime : 04-05-2005 5:15:25 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Manager
InternalName : lxbrbmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmgr.exe

#:29 [incd.exe]
ModuleName : C:\Program Files\ahead\InCD\InCD.exe
Command Line : "C:\Program Files\ahead\InCD\InCD.exe"
ProcessID : 1156
ThreadCreationTime : 04-05-2005 5:15:27 PM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:30 [lxbrbmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe"
ProcessID : 1160
ThreadCreationTime : 04-05-2005 5:15:27 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Monitor
InternalName : lxbrbmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmon.exe

#:31 [lxbrcmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe"
ProcessID : 1124
ThreadCreationTime : 04-05-2005 5:15:29 PM
BasePriority : Normal


#:32 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 1720
ThreadCreationTime : 04-05-2005 5:15:37 PM
BasePriority : Normal
FileVersion : 12.10.0.1014
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:33 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
ProcessID : 648
ThreadCreationTime : 04-05-2005 5:15:38 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1904
ThreadCreationTime : 04-05-2005 5:15:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1876
ThreadCreationTime : 04-05-2005 5:15:41 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2064
ThreadCreationTime : 04-05-2005 5:15:53 PM
BasePriority : Normal
FileVersion : 3.5.0.12007
ProductVersion : 3.5.12007
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2001 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:37 [shs.exe]
ModuleName : C:\Program Files\Rogers\SelfHealing\SHS.exe
Command Line : "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
ProcessID : 2084
ThreadCreationTime : 04-05-2005 5:15:56 PM
BasePriority : Normal
FileVersion : 0.06.0004
ProductVersion : 0.06.0004
ProductName : Self Healing Software (SHS)
CompanyName : Rogers Cable
FileDescription : Rogers Hi-Speed Internet Self Healing Software
InternalName : SHS
LegalCopyright : Copyright 2002 Rogers Cable Inc. All Rights Reserved
OriginalFilename : SHS.exe
Comments : Written and Designed by Robert French

#:38 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2460
ThreadCreationTime : 04-05-2005 5:16:12 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:39 [wfxctl32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
Command Line : "c:\program files\symantec\winfax\wfxctl32.exe"
ProcessID : 2504
ThreadCreationTime : 04-05-2005 5:16:16 PM
BasePriority : Normal


#:40 [newsflsh.exe]
ModuleName : C:\Program Files\Common Files\MySoftware\Newsflsh.exe
Command Line : "C:\Program Files\Common Files\MySoftware\Newsflsh.exe"
ProcessID : 2760
ThreadCreationTime : 04-05-2005 5:16:31 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 2
ProductName : MySoftware InterCom WebSniffer Utility
CompanyName : MySoftware, Inc.
FileDescription : WebSniffer
InternalName : WEBSNIFFER
LegalCopyright : Copyright © 1997-8 MySoftware, Inc.
OriginalFilename : WEBSNIFFER.EXE
Comments : [DEBUG BUILD]

#:41 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 3428
ThreadCreationTime : 04-05-2005 5:17:15 PM
BasePriority : High
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver.
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:42 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3760
ThreadCreationTime : 04-05-2005 5:19:06 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:43 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3768
ThreadCreationTime : 04-05-2005 5:19:06 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2308
ThreadCreationTime : 04-05-2005 5:21:41 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj
Value :

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

1:35:05 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:01.594
Objects scanned:121164
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

Advertisements

#2
Rawe
Posted 04 May 2005 - 12:05 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
There is certainly couple things we need to do.
But first of all..
Don't post a log from "Custom mode", please post a scanlog from "Full system scan".
Could you please rescan with "Full system scan", then post your logfile.
I would give you instructions..

- Rawe :tazz:
  • 0

#3
Denise
Posted 04 May 2005 - 12:27 PM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Do I have to make a new post or just reply to this one?
D
  • 0

#4
Denise
Posted 04 May 2005 - 12:33 PM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's the full system scan.
D
Ad-Aware SE Build 1.05
Logfile Created on:May 4, 2005 2:15:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
FlashenhancerBHO(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:14 %
Total physical memory:261668 kb
Available physical memory:36232 kb
Total page file size:631380 kb
Available on page file:285668 kb
Total virtual memory:2097024 kb
Available virtual memory:2040180 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04-05-2005 2:15:22 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 04-05-2005 5:14:52 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 04-05-2005 5:14:58 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 04-05-2005 5:15:00 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 04-05-2005 5:15:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 04-05-2005 5:15:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 04-05-2005 5:15:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 912
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1048
ThreadCreationTime : 04-05-2005 5:15:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1228
ThreadCreationTime : 04-05-2005 5:15:06 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1272
ThreadCreationTime : 04-05-2005 5:15:07 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1268
ThreadCreationTime : 04-05-2005 5:15:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1432
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1468
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 1544
ThreadCreationTime : 04-05-2005 5:15:08 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1608
ThreadCreationTime : 04-05-2005 5:15:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 1628
ThreadCreationTime : 04-05-2005 5:15:09 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:18 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 1712
ThreadCreationTime : 04-05-2005 5:15:10 PM
BasePriority : Normal
FileVersion : 1.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1832
ThreadCreationTime : 04-05-2005 5:15:14 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 1908
ThreadCreationTime : 04-05-2005 5:15:14 PM
BasePriority : Normal
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 212
ThreadCreationTime : 04-05-2005 5:15:16 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 480
ThreadCreationTime : 04-05-2005 5:15:22 PM
BasePriority : Normal
FileVersion : 2.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 496
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 520
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [camtray.exe]
ModuleName : C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 660
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 3.2.1.0
ProductVersion : 2.20
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 600
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal


#:27 [lxbrksk.exe]
ModuleName : C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
Command Line : "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
ProcessID : 872
ThreadCreationTime : 04-05-2005 5:15:24 PM
BasePriority : Normal
FileVersion : 3.37
ProductVersion : 3.37
LegalCopyright : Copyright © 1999-2003 OnSpec Electronic Inc.

#:28 [lxbrbmgr.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
ProcessID : 964
ThreadCreationTime : 04-05-2005 5:15:25 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Manager
InternalName : lxbrbmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmgr.exe

#:29 [incd.exe]
ModuleName : C:\Program Files\ahead\InCD\InCD.exe
Command Line : "C:\Program Files\ahead\InCD\InCD.exe"
ProcessID : 1156
ThreadCreationTime : 04-05-2005 5:15:27 PM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:30 [lxbrbmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe"
ProcessID : 1160
ThreadCreationTime : 04-05-2005 5:15:27 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Monitor
InternalName : lxbrbmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmon.exe

#:31 [lxbrcmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe"
ProcessID : 1124
ThreadCreationTime : 04-05-2005 5:15:29 PM
BasePriority : Normal


#:32 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 1720
ThreadCreationTime : 04-05-2005 5:15:37 PM
BasePriority : Normal
FileVersion : 12.10.0.1014
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:33 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
ProcessID : 648
ThreadCreationTime : 04-05-2005 5:15:38 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1904
ThreadCreationTime : 04-05-2005 5:15:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1876
ThreadCreationTime : 04-05-2005 5:15:41 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2064
ThreadCreationTime : 04-05-2005 5:15:53 PM
BasePriority : Normal
FileVersion : 3.5.0.12007
ProductVersion : 3.5.12007
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2001 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:37 [shs.exe]
ModuleName : C:\Program Files\Rogers\SelfHealing\SHS.exe
Command Line : "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
ProcessID : 2084
ThreadCreationTime : 04-05-2005 5:15:56 PM
BasePriority : Normal
FileVersion : 0.06.0004
ProductVersion : 0.06.0004
ProductName : Self Healing Software (SHS)
CompanyName : Rogers Cable
FileDescription : Rogers Hi-Speed Internet Self Healing Software
InternalName : SHS
LegalCopyright : Copyright 2002 Rogers Cable Inc. All Rights Reserved
OriginalFilename : SHS.exe
Comments : Written and Designed by Robert French

#:38 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2460
ThreadCreationTime : 04-05-2005 5:16:12 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:39 [wfxctl32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
Command Line : "c:\program files\symantec\winfax\wfxctl32.exe"
ProcessID : 2504
ThreadCreationTime : 04-05-2005 5:16:16 PM
BasePriority : Normal


#:40 [newsflsh.exe]
ModuleName : C:\Program Files\Common Files\MySoftware\Newsflsh.exe
Command Line : "C:\Program Files\Common Files\MySoftware\Newsflsh.exe"
ProcessID : 2760
ThreadCreationTime : 04-05-2005 5:16:31 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 2
ProductName : MySoftware InterCom WebSniffer Utility
CompanyName : MySoftware, Inc.
FileDescription : WebSniffer
InternalName : WEBSNIFFER
LegalCopyright : Copyright © 1997-8 MySoftware, Inc.
OriginalFilename : WEBSNIFFER.EXE
Comments : [DEBUG BUILD]

#:41 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 3428
ThreadCreationTime : 04-05-2005 5:17:15 PM
BasePriority : High
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver.
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:42 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3760
ThreadCreationTime : 04-05-2005 5:19:06 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:43 [lxbrpswx.exe]
ModuleName : C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBRPSWX.EXE
Command Line : C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBRPSWX.EXE SPLPP /F=Lexmark 3100 Series
ProcessID : 3092
ThreadCreationTime : 04-05-2005 5:27:14 PM
BasePriority : Normal


#:44 [hijackthis.exe]
ModuleName : C:\Documents and Settings\Denise\Desktop\HijackThis.exe
Command Line : "C:\Documents and Settings\Denise\Desktop\HijackThis.exe"
ProcessID : 948
ThreadCreationTime : 04-05-2005 6:04:07 PM
BasePriority : Normal
FileVersion : 1.99
ProductVersion : 1.99
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:45 [msimn.exe]
ModuleName : C:\Program Files\Outlook Express\MSIMN.EXE
Command Line : "C:\Program Files\Outlook Express\MSIMN.EXE"
ProcessID : 2888
ThreadCreationTime : 04-05-2005 6:08:12 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © 2004 Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE

#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2648
ThreadCreationTime : 04-05-2005 6:15:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj
Value :

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

2:26:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:58.594
Objects scanned:121661
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#5
Rawe
Posted 04 May 2005 - 01:02 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#6
Denise
Posted 04 May 2005 - 08:37 PM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ad-Aware SE Build 1.05
Logfile Created on:May 4, 2005 10:20:28 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
FlashenhancerBHO(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:12 %
Total physical memory:261668 kb
Available physical memory:29524 kb
Total page file size:631380 kb
Available on page file:338556 kb
Total virtual memory:2097024 kb
Available virtual memory:2040164 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04-05-2005 10:20:28 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 05-05-2005 2:16:44 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 05-05-2005 2:16:50 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 05-05-2005 2:16:52 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 05-05-2005 2:16:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 05-05-2005 2:16:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 05-05-2005 2:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 912
ThreadCreationTime : 05-05-2005 2:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 05-05-2005 2:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1052
ThreadCreationTime : 05-05-2005 2:16:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1232
ThreadCreationTime : 05-05-2005 2:16:58 AM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1276
ThreadCreationTime : 05-05-2005 2:16:58 AM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1272
ThreadCreationTime : 05-05-2005 2:16:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1436
ThreadCreationTime : 05-05-2005 2:16:59 AM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1484
ThreadCreationTime : 05-05-2005 2:17:00 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 1536
ThreadCreationTime : 05-05-2005 2:17:00 AM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1612
ThreadCreationTime : 05-05-2005 2:17:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 1632
ThreadCreationTime : 05-05-2005 2:17:01 AM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:18 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 1700
ThreadCreationTime : 05-05-2005 2:17:01 AM
BasePriority : Normal
FileVersion : 1.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1808
ThreadCreationTime : 05-05-2005 2:17:05 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 1856
ThreadCreationTime : 05-05-2005 2:17:05 AM
BasePriority : Normal
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 260
ThreadCreationTime : 05-05-2005 2:17:11 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 472
ThreadCreationTime : 05-05-2005 2:17:14 AM
BasePriority : Normal
FileVersion : 2.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 968
ThreadCreationTime : 05-05-2005 2:17:18 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1004
ThreadCreationTime : 05-05-2005 2:17:18 AM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [camtray.exe]
ModuleName : C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 1016
ThreadCreationTime : 05-05-2005 2:17:18 AM
BasePriority : Normal
FileVersion : 3.2.1.0
ProductVersion : 2.20
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 1160
ThreadCreationTime : 05-05-2005 2:17:21 AM
BasePriority : Normal


#:27 [lxbrksk.exe]
ModuleName : C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
Command Line : "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
ProcessID : 1124
ThreadCreationTime : 05-05-2005 2:17:22 AM
BasePriority : Normal
FileVersion : 3.37
ProductVersion : 3.37
LegalCopyright : Copyright © 1999-2003 OnSpec Electronic Inc.

#:28 [lxbrbmgr.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
ProcessID : 1224
ThreadCreationTime : 05-05-2005 2:17:22 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Manager
InternalName : lxbrbmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmgr.exe

#:29 [incd.exe]
ModuleName : C:\Program Files\ahead\InCD\InCD.exe
Command Line : "C:\Program Files\ahead\InCD\InCD.exe"
ProcessID : 1132
ThreadCreationTime : 05-05-2005 2:17:24 AM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:30 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 1108
ThreadCreationTime : 05-05-2005 2:17:27 AM
BasePriority : Normal
FileVersion : 12.10.0.1014
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:31 [lxbrbmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe"
ProcessID : 1432
ThreadCreationTime : 05-05-2005 2:17:28 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Monitor
InternalName : lxbrbmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmon.exe

#:32 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
ProcessID : 1816
ThreadCreationTime : 05-05-2005 2:17:32 AM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:33 [lxbrcmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe"
ProcessID : 1804
ThreadCreationTime : 05-05-2005 2:17:32 AM
BasePriority : Normal


#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1852
ThreadCreationTime : 05-05-2005 2:17:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1828
ThreadCreationTime : 05-05-2005 2:17:34 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2024
ThreadCreationTime : 05-05-2005 2:17:38 AM
BasePriority : Normal
FileVersion : 3.5.0.12007
ProductVersion : 3.5.12007
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2001 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:37 [shs.exe]
ModuleName : C:\Program Files\Rogers\SelfHealing\SHS.exe
Command Line : "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
ProcessID : 2172
ThreadCreationTime : 05-05-2005 2:17:40 AM
BasePriority : Normal
FileVersion : 0.06.0004
ProductVersion : 0.06.0004
ProductName : Self Healing Software (SHS)
CompanyName : Rogers Cable
FileDescription : Rogers Hi-Speed Internet Self Healing Software
InternalName : SHS
LegalCopyright : Copyright 2002 Rogers Cable Inc. All Rights Reserved
OriginalFilename : SHS.exe
Comments : Written and Designed by Robert French

#:38 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2400
ThreadCreationTime : 05-05-2005 2:18:18 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:39 [wfxctl32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
Command Line : "c:\program files\symantec\winfax\wfxctl32.exe"
ProcessID : 2676
ThreadCreationTime : 05-05-2005 2:18:30 AM
BasePriority : Normal


#:40 [newsflsh.exe]
ModuleName : C:\Program Files\Common Files\MySoftware\Newsflsh.exe
Command Line : "C:\Program Files\Common Files\MySoftware\Newsflsh.exe"
ProcessID : 2800
ThreadCreationTime : 05-05-2005 2:18:44 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 2
ProductName : MySoftware InterCom WebSniffer Utility
CompanyName : MySoftware, Inc.
FileDescription : WebSniffer
InternalName : WEBSNIFFER
LegalCopyright : Copyright © 1997-8 MySoftware, Inc.
OriginalFilename : WEBSNIFFER.EXE
Comments : [DEBUG BUILD]

#:41 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 3180
ThreadCreationTime : 05-05-2005 2:19:21 AM
BasePriority : High
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver.
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3336
ThreadCreationTime : 05-05-2005 2:19:31 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj
Value :

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

10:30:49 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:20.625
Objects scanned:113928
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#7
Rawe
Posted 05 May 2005 - 03:03 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:

(When restored, post a fresh Ad-aware log.)
  • 0

#8
Denise
Posted 05 May 2005 - 05:46 AM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Whaaaattttt?
I totally did not understand that.
I still have the problem.
Denise
  • 0

#9
Rawe
Posted 05 May 2005 - 05:53 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry for the misunderstanding..
When you have downloaded the program which I recommended, you should select the option to "Restore to default settings".
After you have restored, reboot, rescan with Ad-aware SE, and post the latest logfile.

- Rawe :tazz:
  • 0

#10
Denise
Posted 05 May 2005 - 08:40 AM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks for explaining that.
It looks loke my problem has multiplied!
Also whenever I reboot the win fax program says it is running nad trying to install?? It is already installed and it never used to do that.

Thanks D


Ad-Aware SE Build 1.05
Logfile Created on:May 5, 2005 10:23:26 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
FlashenhancerBHO(TAC index:7):4 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:25 %
Total physical memory:261668 kb
Available physical memory:64468 kb
Total page file size:631380 kb
Available on page file:357136 kb
Total virtual memory:2097024 kb
Available virtual memory:2040180 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05-05-2005 10:23:26 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 05-05-2005 2:17:20 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 516
ThreadCreationTime : 05-05-2005 2:17:26 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 05-05-2005 2:17:29 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 05-05-2005 2:17:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 05-05-2005 2:17:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 864
ThreadCreationTime : 05-05-2005 2:17:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 912
ThreadCreationTime : 05-05-2005 2:17:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 05-05-2005 2:17:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1052
ThreadCreationTime : 05-05-2005 2:17:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1236
ThreadCreationTime : 05-05-2005 2:17:35 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1276
ThreadCreationTime : 05-05-2005 2:17:35 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1272
ThreadCreationTime : 05-05-2005 2:17:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1436
ThreadCreationTime : 05-05-2005 2:17:36 PM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1472
ThreadCreationTime : 05-05-2005 2:17:37 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 1556
ThreadCreationTime : 05-05-2005 2:17:37 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1612
ThreadCreationTime : 05-05-2005 2:17:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 1632
ThreadCreationTime : 05-05-2005 2:17:37 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:18 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 1704
ThreadCreationTime : 05-05-2005 2:17:38 PM
BasePriority : Normal
FileVersion : 1.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1820
ThreadCreationTime : 05-05-2005 2:17:42 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 1848
ThreadCreationTime : 05-05-2005 2:17:42 PM
BasePriority : Normal
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:21 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 196
ThreadCreationTime : 05-05-2005 2:17:48 PM
BasePriority : Normal
FileVersion : 2.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2112
ThreadCreationTime : 05-05-2005 2:18:36 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2200
ThreadCreationTime : 05-05-2005 2:18:39 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2220
ThreadCreationTime : 05-05-2005 2:18:40 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [camtray.exe]
ModuleName : C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 2276
ThreadCreationTime : 05-05-2005 2:18:41 PM
BasePriority : Normal
FileVersion : 3.2.1.0
ProductVersion : 2.20
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 2300
ThreadCreationTime : 05-05-2005 2:18:42 PM
BasePriority : Normal


#:27 [lxbrksk.exe]
ModuleName : C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
Command Line : "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
ProcessID : 2344
ThreadCreationTime : 05-05-2005 2:18:43 PM
BasePriority : Normal
FileVersion : 3.37
ProductVersion : 3.37
LegalCopyright : Copyright © 1999-2003 OnSpec Electronic Inc.

#:28 [lxbrbmgr.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
ProcessID : 2384
ThreadCreationTime : 05-05-2005 2:18:46 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Manager
InternalName : lxbrbmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmgr.exe

#:29 [lxbrbmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe"
ProcessID : 2432
ThreadCreationTime : 05-05-2005 2:18:48 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Monitor
InternalName : lxbrbmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmon.exe

#:30 [lxbrcmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe"
ProcessID : 2472
ThreadCreationTime : 05-05-2005 2:18:49 PM
BasePriority : Normal


#:31 [incd.exe]
ModuleName : C:\Program Files\ahead\InCD\InCD.exe
Command Line : "C:\Program Files\ahead\InCD\InCD.exe"
ProcessID : 2484
ThreadCreationTime : 05-05-2005 2:18:49 PM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:32 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 2660
ThreadCreationTime : 05-05-2005 2:18:58 PM
BasePriority : Normal
FileVersion : 12.10.0.1014
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:33 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
ProcessID : 2672
ThreadCreationTime : 05-05-2005 2:18:59 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:34 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2688
ThreadCreationTime : 05-05-2005 2:19:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2772
ThreadCreationTime : 05-05-2005 2:19:04 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:36 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2896
ThreadCreationTime : 05-05-2005 2:19:09 PM
BasePriority : Normal
FileVersion : 3.5.0.12007
ProductVersion : 3.5.12007
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2001 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:37 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 3168
ThreadCreationTime : 05-05-2005 2:19:24 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:38 [wfxctl32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
Command Line : "c:\program files\symantec\winfax\wfxctl32.exe"
ProcessID : 3208
ThreadCreationTime : 05-05-2005 2:19:26 PM
BasePriority : Normal


#:39 [newsflsh.exe]
ModuleName : C:\Program Files\Common Files\MySoftware\Newsflsh.exe
Command Line : "C:\Program Files\Common Files\MySoftware\Newsflsh.exe"
ProcessID : 3316
ThreadCreationTime : 05-05-2005 2:19:33 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 2
ProductName : MySoftware InterCom WebSniffer Utility
CompanyName : MySoftware, Inc.
FileDescription : WebSniffer
InternalName : WEBSNIFFER
LegalCopyright : Copyright © 1997-8 MySoftware, Inc.
OriginalFilename : WEBSNIFFER.EXE
Comments : [DEBUG BUILD]

#:40 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 3980
ThreadCreationTime : 05-05-2005 2:20:16 PM
BasePriority : High
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver.
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2872
ThreadCreationTime : 05-05-2005 2:23:15 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj
Value :

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@2o7[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 04-05-2010 12:47:06 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@pro-market[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 31-05-2030 8:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 03-05-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@overture[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 02-05-2015 10:46:16 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 02-05-2015 11:00:28 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

10:33:48 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:21.437
Objects scanned:115197
Objects identified:9
Objects ignored:0
New critical objects:9
  • 0

Advertisements

#11
Denise
Posted 05 May 2005 - 11:27 AM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
by the way, I still can't do a windows update.
this is the message I get:

[Error number: 0x80070424]
Windows Update has encountered an error and cannot display the requested page. You may find the following resources helpful in resolving the problem:
For self-help options:


Any ideas?

D
  • 0

#12
Guest_Andy_veal_*
Posted 05 May 2005 - 12:11 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R42 28.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#13
Denise
Posted 05 May 2005 - 12:18 PM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Andy,

Didn't I just do all of that as per Rawe's instructions?
  • 0

#14
Guest_Andy_veal_*
Posted 05 May 2005 - 12:20 PM

Guest_Andy_veal_*
  • Guest
I noticed that you were not scanning using the full system scan option,

Please scan using that and try the instructions above.

Thanks :tazz:
  • 0

#15
Denise
Posted 05 May 2005 - 12:53 PM

Denise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ad-Aware SE Build 1.05
Logfile Created on:May 5, 2005 2:41:15 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
FlashenhancerBHO(TAC index:7):4 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:56 %
Total physical memory:261668 kb
Available physical memory:144116 kb
Total page file size:631380 kb
Available on page file:324448 kb
Total virtual memory:2097024 kb
Available virtual memory:2040096 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05-05-2005 2:41:15 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 05-05-2005 4:22:31 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 512
ThreadCreationTime : 05-05-2005 4:22:33 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 536
ThreadCreationTime : 05-05-2005 4:22:36 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 580
ThreadCreationTime : 05-05-2005 4:22:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 592
ThreadCreationTime : 05-05-2005 4:22:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 856
ThreadCreationTime : 05-05-2005 4:22:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 904
ThreadCreationTime : 05-05-2005 4:22:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 944
ThreadCreationTime : 05-05-2005 4:22:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1016
ThreadCreationTime : 05-05-2005 4:22:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1152
ThreadCreationTime : 05-05-2005 4:22:42 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1192
ThreadCreationTime : 05-05-2005 4:22:42 PM
BasePriority : Normal
FileVersion : 9.30
ProductVersion : 9.30
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1188
ThreadCreationTime : 05-05-2005 4:22:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 1352
ThreadCreationTime : 05-05-2005 4:22:43 PM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1400
ThreadCreationTime : 05-05-2005 4:22:44 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 1440
ThreadCreationTime : 05-05-2005 4:22:44 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE

#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1492
ThreadCreationTime : 05-05-2005 4:22:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 1512
ThreadCreationTime : 05-05-2005 4:22:45 PM
BasePriority : Normal
FileVersion : 12.10.0.1034
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:18 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 1560
ThreadCreationTime : 05-05-2005 4:22:45 PM
BasePriority : Normal
FileVersion : 1.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1672
ThreadCreationTime : 05-05-2005 4:22:48 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 1696
ThreadCreationTime : 05-05-2005 4:22:48 PM
BasePriority : Normal
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:21 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 1924
ThreadCreationTime : 05-05-2005 4:22:55 PM
BasePriority : Normal
FileVersion : 2.0.0.1125
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2056
ThreadCreationTime : 05-05-2005 4:24:28 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2144
ThreadCreationTime : 05-05-2005 4:24:32 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2160
ThreadCreationTime : 05-05-2005 4:24:33 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [camtray.exe]
ModuleName : C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Command Line : "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
ProcessID : 2192
ThreadCreationTime : 05-05-2005 4:24:34 PM
BasePriority : Normal
FileVersion : 3.2.1.0
ProductVersion : 2.20
ProductName : PC-CAM Center
CompanyName : Creative Technology Ltd
FileDescription : PC-CAM Center Launcher Application
InternalName : PC-CAM Center Launcher Application
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CamTray.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 2220
ThreadCreationTime : 05-05-2005 4:24:35 PM
BasePriority : Normal


#:27 [lxbrksk.exe]
ModuleName : C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
Command Line : "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
ProcessID : 2244
ThreadCreationTime : 05-05-2005 4:24:36 PM
BasePriority : Normal
FileVersion : 3.37
ProductVersion : 3.37
LegalCopyright : Copyright © 1999-2003 OnSpec Electronic Inc.

#:28 [lxbrbmgr.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
ProcessID : 2256
ThreadCreationTime : 05-05-2005 4:24:36 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Manager
InternalName : lxbrbmgr.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmgr.exe

#:29 [lxbrbmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe"
ProcessID : 2316
ThreadCreationTime : 05-05-2005 4:24:41 PM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 3100 Series Button Monitor
InternalName : lxbrbmon.exe
LegalCopyright : © 2003 Lexmark International, Inc.
OriginalFilename : lxbrbmon.exe

#:30 [incd.exe]
ModuleName : C:\Program Files\ahead\InCD\InCD.exe
Command Line : "C:\Program Files\ahead\InCD\InCD.exe"
ProcessID : 2340
ThreadCreationTime : 05-05-2005 4:24:42 PM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:31 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 2544
ThreadCreationTime : 05-05-2005 4:24:55 PM
BasePriority : Normal
FileVersion : 12.10.0.1014
ProductVersion : 12.10.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:32 [mwsoemon.exe]
ModuleName : C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
Command Line : "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"
ProcessID : 2552
ThreadCreationTime : 05-05-2005 4:24:56 PM
BasePriority : Normal
FileVersion : 1,2,2,2
ProductVersion : 2,0,1,0
ProductName : My Web Search Bar for Internet Explorer, email clients, and messenger clients
CompanyName : MyWebSearch.com
FileDescription : My Web Search Email Plugin
InternalName : mwsoemon
LegalCopyright : Copyright © 2003-2004 MyWebSearch.com
OriginalFilename : mwsoemon.exe

#:33 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2572
ThreadCreationTime : 05-05-2005 4:24:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2608
ThreadCreationTime : 05-05-2005 4:24:59 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:35 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2652
ThreadCreationTime : 05-05-2005 4:25:02 PM
BasePriority : Normal
FileVersion : 3.5.0.12007
ProductVersion : 3.5.12007
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2001 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:36 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2816
ThreadCreationTime : 05-05-2005 4:25:13 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:37 [wfxctl32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
Command Line : "c:\program files\symantec\winfax\wfxctl32.exe"
ProcessID : 2832
ThreadCreationTime : 05-05-2005 4:25:16 PM
BasePriority : Normal


#:38 [newsflsh.exe]
ModuleName : C:\Program Files\Common Files\MySoftware\Newsflsh.exe
Command Line : "C:\Program Files\Common Files\MySoftware\Newsflsh.exe"
ProcessID : 2860
ThreadCreationTime : 05-05-2005 4:25:21 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 2
ProductName : MySoftware InterCom WebSniffer Utility
CompanyName : MySoftware, Inc.
FileDescription : WebSniffer
InternalName : WEBSNIFFER
LegalCopyright : Copyright © 1997-8 MySoftware, Inc.
OriginalFilename : WEBSNIFFER.EXE
Comments : [DEBUG BUILD]

#:39 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 3048
ThreadCreationTime : 05-05-2005 4:25:50 PM
BasePriority : High
FileVersion : 9.00.98.0727
ProductVersion : 9.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver.
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-1998
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:40 [hijackthis.exe]
ModuleName : C:\Documents and Settings\Denise\Desktop\HijackThis.exe
Command Line : "C:\Documents and Settings\Denise\Desktop\HijackThis.exe"
ProcessID : 2416
ThreadCreationTime : 05-05-2005 5:21:07 PM
BasePriority : Normal
FileVersion : 1.99
ProductVersion : 1.99
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:41 [sndvol32.exe]
ModuleName : C:\WINDOWS\system32\SNDVOL32.EXE
Command Line : "C:\WINDOWS\system32\SNDVOL32.EXE"
ProcessID : 3420
ThreadCreationTime : 05-05-2005 5:22:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Volume Control
InternalName : sndvol32.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sndvol32.exe

#:42 [lxbrcmon.exe]
ModuleName : C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
Command Line : "C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe"
ProcessID : 2868
ThreadCreationTime : 05-05-2005 5:44:12 PM
BasePriority : Normal


#:43 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
ProcessID : 2068
ThreadCreationTime : 05-05-2005 6:38:36 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3920
ThreadCreationTime : 05-05-2005 6:40:26 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj
Value :

FlashenhancerBHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1

FlashenhancerBHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : unawareobj.unawareobj.1
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@fastclick[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 25-04-2007 1:06:20 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 04-05-2008 1:21:42 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : denise@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 26-04-2006 9:06:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 05-05-2006 2:30:02 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 8



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
11 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

2:51:30 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:14.641
Objects scanned:114483
Objects identified:8
Objects ignored:0
New critical objects:8
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP