[hithouse]

Need help removing malware;
this is my logfile:


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 05, 2005 12:23:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):1 total references
Tracking Cookie(TAC index:3):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:19 %
Total physical memory:490992 kb
Available physical memory:89356 kb
Total page file size:1151040 kb
Available on page file:886848 kb
Total virtual memory:2097024 kb
Available virtual memory:2035468 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-5-2005 12:23:45 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 412
ThreadCreationTime : 5-5-2005 2:55:20 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 460
ThreadCreationTime : 5-5-2005 2:55:21 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 484
ThreadCreationTime : 5-5-2005 2:55:23 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 528
ThreadCreationTime : 5-5-2005 2:55:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 540
ThreadCreationTime : 5-5-2005 2:55:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 688
ThreadCreationTime : 5-5-2005 2:55:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 748
ThreadCreationTime : 5-5-2005 2:55:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 812
ThreadCreationTime : 5-5-2005 2:55:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 868
ThreadCreationTime : 5-5-2005 2:55:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 920
ThreadCreationTime : 5-5-2005 2:55:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1144
ThreadCreationTime : 5-5-2005 2:55:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1276
ThreadCreationTime : 5-5-2005 2:55:33 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [g2svc.exe]
ModuleName : C:\Program Files\Citrix\GoToMyPC\g2svc.exe
Command Line : "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service
ProcessID : 1308
ThreadCreationTime : 5-5-2005 2:55:33 PM
BasePriority : Normal
FileVersion : 4.1 Build 314
ProductVersion : 4.1 Build 314
ProductName : GoToMyPC
CompanyName : Citrix Online
FileDescription : GoToMyPC Host Loader
InternalName : GoToMyPC Host Loader
LegalCopyright : Copyright © 1997-2004 Citrix Online LLC
OriginalFilename : g2svc.exe

#:14 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1416
ThreadCreationTime : 5-5-2005 2:55:34 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:15 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1600
ThreadCreationTime : 5-5-2005 2:55:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [g2comm.exe]
ModuleName : C:\Program Files\Citrix\GoToMyPC\g2comm.exe
Command Line : "C:\Program Files\Citrix\GoToMyPC\g2comm.exe" "Plugin=G2PreLaunch&Dir=C:\Program Files\Citrix\GoToMyPC&Path=g2pre.exe&ServiceName=GoToMyPC&ServiceFile=C:\Program Files\Citrix\GoToMyPC\g2svc.exe&IsService=true&Debug=Off&Stat=Off&PluginDebug=Off&PluginStat=Off&S
ProcessID : 1620
ThreadCreationTime : 5-5-2005 2:55:34 PM
BasePriority : Normal


#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1704
ThreadCreationTime : 5-5-2005 2:55:34 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1812
ThreadCreationTime : 5-5-2005 2:55:35 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:19 [g2pre.exe]
ModuleName : C:\Program Files\Citrix\GoToMyPC\g2pre.exe
Command Line : "C:\Program Files\Citrix\GoToMyPC\g2pre.exe" "StartID={CC79D7F8-2A04-4B81-AE23-8AB2993EC440}&Debug=Off&Stat=Off"
ProcessID : 1940
ThreadCreationTime : 5-5-2005 2:55:36 PM
BasePriority : Normal
FileVersion : 4.1 Build 314
ProductVersion : 4.1 Build 314
ProductName : GoToMyPC
CompanyName : Citrix Online
FileDescription : GoToMyPC Pre-Launcher plugin
InternalName : GoToMyPC Pre-Launcher plugin
LegalCopyright : Copyright © 1997-2004 Citrix Online LLC
OriginalFilename : g2pre.exe

#:20 [g2tray.exe]
ModuleName : C:\Program Files\Citrix\GoToMyPC\g2tray.exe
Command Line : "C:\Program Files\Citrix\GoToMyPC\g2tray.exe" "StartID={CC79D7F8-2A04-4B81-AE23-8AB2993EC440}&Debug=Off&Stat=Off"
ProcessID : 136
ThreadCreationTime : 5-5-2005 2:55:36 PM
BasePriority : Normal
FileVersion : 4.1 Build 314
ProductVersion : 4.1 Build 314
ProductName : GoToMyPC
CompanyName : Citrix Online
FileDescription : GoToMyPC Host Launcher
InternalName : GoToMyPC Host Launcher
LegalCopyright : Copyright © 1997-2004 Citrix Online LLC
OriginalFilename : g2tray.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 844
ThreadCreationTime : 5-5-2005 2:55:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 932
ThreadCreationTime : 5-5-2005 2:56:20 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 156
ThreadCreationTime : 5-5-2005 2:56:27 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:24 [imgicon.exe]
ModuleName : C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Command Line : "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
ProcessID : 180
ThreadCreationTime : 5-5-2005 2:56:27 PM
BasePriority : Normal
FileVersion : 6, 3, 0, 6
ProductVersion : 6, 3, 0, 6
ProductName : Iomega Corp. IMGICON 6.3
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
LegalCopyright : 6.3, Copyright © 2000 Iomega Corporation
OriginalFilename : IMGICON.exe

#:25 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1016
ThreadCreationTime : 5-5-2005 2:56:27 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [cfd.exe]
ModuleName : C:\Program Files\BroadJump\Client Foundation\CFD.exe
Command Line : "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
ProcessID : 1508
ThreadCreationTime : 5-5-2005 2:56:27 PM
BasePriority : Normal


#:27 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1520
ThreadCreationTime : 5-5-2005 2:56:27 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:28 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 1832
ThreadCreationTime : 5-5-2005 2:56:28 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:29 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 2076
ThreadCreationTime : 5-5-2005 2:56:28 PM
BasePriority : Normal
FileVersion : 9.78.034
ProductVersion : 9.78.034
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2104
ThreadCreationTime : 5-5-2005 2:56:28 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:31 [web-a-file_backup_agent.exe]
ModuleName : C:\Program Files\Web-a-file\Web-a-file_Backup_Agent.exe
Command Line : "C:\Program Files\Web-a-file\Web-a-file_Backup_Agent.exe"
ProcessID : 2112
ThreadCreationTime : 5-5-2005 2:56:29 PM
BasePriority : Normal
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
ProductName : Web-a-file Backup Agent
CompanyName : Abacus America Inc.
FileDescription : Web-a-file Backup Agent
InternalName : Web-a-file Backup Agent
LegalCopyright : Copyright © 2003 Abacus America Inc.
OriginalFilename : Web-a-file_Backup_Agent.EXE

#:32 [wpsched3.exe]
ModuleName : C:\Program Files\WebPosition 3\Wpsched3.exe
Command Line : "C:\Program Files\WebPosition 3\Wpsched3.exe" MINIMIZE
ProcessID : 2120
ThreadCreationTime : 5-5-2005 2:56:29 PM
BasePriority : Normal
FileVersion : 3.00.0417
ProductVersion : 3.00.0417
ProductName : WebPosition Scheduler
CompanyName : NetIQ Corporation
FileDescription : Task scheduler with extensions for automatically configuring WebPosition command line options.
InternalName : WPSched3
LegalCopyright : Copyright 2004 NetIQ Corporation
LegalTrademarks : WebPosition
OriginalFilename : WPSched3.exe
Comments : Task scheduler with extensions for automatically configuring WebPosition command line options.

#:33 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RunDLL32.exe
Command Line : "C:\WINDOWS\system32\RunDLL32.exe" C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
ProcessID : 2128
ThreadCreationTime : 5-5-2005 2:56:29 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:34 [r?ndll.exe]
ModuleName : C:\WINDOWS\system32\r?ndll.exe
Command Line : "C:\WINDOWS\system32\r?ndll.exe"
ProcessID : 2140
ThreadCreationTime : 5-5-2005 2:56:29 PM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : r?ndll.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\r?ndll.exe)

"C:\WINDOWS\system32\r?ndll.exe"Process terminated successfully
"C:\WINDOWS\system32\r?ndll.exe"Process terminated successfully

#:35 [fxkadb.exe]
ModuleName : c:\windows\system32\fxkadb.exe
Command Line : "c:\windows\system32\fxkadb.exe" rgdmdo
ProcessID : 2160
ThreadCreationTime : 5-5-2005 2:56:30 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:36 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 2316
ThreadCreationTime : 5-5-2005 2:56:32 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:37 [hottray.exe]
ModuleName : C:\Program Files\Common Files\efax\HotTray.exe
Command Line : "C:\Program Files\Common Files\efax\HotTray.exe"
ProcessID : 2484
ThreadCreationTime : 5-5-2005 2:56:33 PM
BasePriority : Normal
FileVersion : 2.0.12.0
ProductVersion : 2.0.0.0
ProductName : eFax Messenger Plus ™
CompanyName : eFax.com
FileDescription : eFax Messenger Plus - Tray
InternalName : HotTray
LegalCopyright : Copyright © 1996-2003, eFax.com
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
JetSuite®
OriginalFilename : HotTray.exe

#:38 [dllcmd32.exe]
ModuleName : C:\Program Files\Common Files\efax\Dllcmd32.exe
Command Line : "C:\Program Files\Common Files\efax\Dllcmd32.exe" /R /K
ProcessID : 2512
ThreadCreationTime : 5-5-2005 2:56:34 PM
BasePriority : Normal
FileVersion : 2.0.12.0
ProductVersion : 2.0.0.0
ProductName : eFax Messenger Plus ™
CompanyName : eFax.com
FileDescription : eFax Messenger Plus - DLL Command Utility
InternalName : DllCmd32
LegalCopyright : Copyright © 1996-2003, eFax.com
LegalTrademarks : eFax®
eFax.com ™
eFax Messenger ™
eFax Messenger Plus ™
JetSuite®
OriginalFilename : DllCmd32.exe

#:39 [outlook.exe]
ModuleName : C:\Documents and Settings\Sid Davis\Start Menu\Programs\Startup\OUTLOOK.EXE
Command Line : "C:\Documents and Settings\Sid Davis\Start Menu\Programs\Startup\OUTLOOK.EXE"
ProcessID : 2568
ThreadCreationTime : 5-5-2005 2:56:34 PM
BasePriority : Normal


#:40 [pfppop70.exe]
ModuleName : C:\COREL\Office7\Shared\PFit7\PFPPOP70.EXE
Command Line : "C:\COREL\Office7\Shared\PFit7\PFPPOP70.EXE" /l-US
ProcessID : 2588
ThreadCreationTime : 5-5-2005 2:56:35 PM
BasePriority : Normal
FileVersion : 7.0.2.1957
ProductVersion : 7.0.2.1957
ProductName : PerfectFit 32-Bit
CompanyName : Corel Corporation
FileDescription : Perfect Office Printing
InternalName : PFPPOP70
LegalCopyright : Copyright © 1996 Corel Corporation Limited. All Rights Reserved.
OriginalFilename : PFPPOP70.EXE

#:41 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
ProcessID : 3976
ThreadCreationTime : 5-5-2005 3:04:30 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3256
ThreadCreationTime : 5-5-2005 5:08:49 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@targetnet[1].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:sid [email protected]/
Expires : 5-17-2033 10:33:20 PM
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid [email protected][1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:sid [email protected]/
Expires : 5-8-2005 10:43:14 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@maxserving[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:sid [email protected]/
Expires : 5-2-2015 8:27:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:sid [email protected]/
Expires : 5-6-2005 10:18:48 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@fastclick[2].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:sid [email protected]/
Expires : 5-4-2007 8:24:08 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:sid [email protected]/
Expires : 5-3-2008 4:02:20 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@adrevolver[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:sid [email protected]/adrevolver/
Expires : 1-23-2008 5:28:48 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:sid [email protected]/
Expires : 5-2-2015 3:44:58 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@oinadserve[1].txt
Category : Data Miner
Comment : Hits:37
Value : Cookie:sid [email protected]/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:37
UseCount : 0
Hits : 37

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@realmedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:sid [email protected]/
Expires : 12-31-2010 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@revenue[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:sid [email protected]/
Expires : 6-10-2022 12:05:42 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@advertising[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:sid [email protected]/
Expires : 5-3-2010 8:24:10 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@casalemedia[2].txt
Category : Data Miner
Comment : Hits:30
Value : Cookie:sid [email protected]/
Expires : 4-25-2006 4:30:00 PM
LastSync : Hits:30
UseCount : 0
Hits : 30

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:sid [email protected]/
Expires : 6-3-2005 8:30:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:sid [email protected]/cgi-bin/
Expires : 9-3-2005 5:19:36 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@trafficmp[1].txt
Category : Data Miner
Comment : Hits:61
Value : Cookie:sid [email protected]/
Expires : 5-4-2006 8:33:04 PM
LastSync : Hits:61
UseCount : 0
Hits : 61

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:sid [email protected]/
Expires : 5-5-2005
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@atdmt[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:sid [email protected]/
Expires : 5-2-2010 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:sid [email protected]/HTM/447/0
Expires : 5-4-2006 8:16:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@valueclick[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:sid [email protected]/
Expires : 4-28-2030 8:21:14 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sid davis@zedo[2].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:sid [email protected]/
Expires : 5-2-2015 8:29:34 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 22



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

12:34:26 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:40.609
Objects scanned:139592
Objects identified:22
Objects ignored:0
New critical objects:22

[Advertisements]

An I doing this correctly?

[hithouse]

An I doing this correctly?