Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please View my Ad-aware log


  • This topic is locked This topic is locked

#1
lunamoonrata

lunamoonrata

    New Member

  • Member
  • Pip
  • 4 posts
5-5-2005 11:01:38 AM - Scan started. (Custom mode)

Edited by Mannen, please read below

Edited by Mannen, 05 May 2005 - 04:25 PM.

  • 0

Advertisements


#2
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings!


5-5-2005 11:01:38 AM - Scan started. (Custom mode)


Please check "perform full system scan" and post the new log here

Also scan your computer with these two online scans and post the logs here
http://www.pandasoft...com/activescan/
http://support.f-sec.../home/ols.shtml

Cheers
Mannen
  • 0

#3
lunamoonrata

lunamoonrata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ADAWARE log
Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 06, 2005 12:22:59 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):4 total references
ClickSpring(TAC index:6):2 total references
EzuLa(TAC index:6):5 total references
MediaMotor(TAC index:8):3 total references
Tracking Cookie(TAC index:3):22 total references
WindUpdates(TAC index:8):9 total references
VX2(TAC index:10):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-6-2005 12:22:28 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


5-6-2005 12:22:37 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:57 %
Total physical memory:523760 kb
Available physical memory:297232 kb
Total page file size:1266356 kb
Available on page file:910812 kb
Total virtual memory:2097024 kb
Available virtual memory:2040448 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-6-2005 12:22:59 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 1076
ThreadCreationTime : 5-6-2005 3:59:16 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 1140
ThreadCreationTime : 5-6-2005 3:59:25 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 1164
ThreadCreationTime : 5-6-2005 3:59:27 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 1208
ThreadCreationTime : 5-6-2005 3:59:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 1220
ThreadCreationTime : 5-6-2005 3:59:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1388
ThreadCreationTime : 5-6-2005 3:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1444
ThreadCreationTime : 5-6-2005 3:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1740
ThreadCreationTime : 5-6-2005 3:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1788
ThreadCreationTime : 5-6-2005 3:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1868
ThreadCreationTime : 5-6-2005 3:59:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 368
ThreadCreationTime : 5-6-2005 3:59:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 544
ThreadCreationTime : 5-6-2005 3:59:38 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [sagent2.exe]
ModuleName : C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
Command Line : "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe"
ProcessID : 576
ThreadCreationTime : 5-6-2005 3:59:38 AM
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:14 [appservices.exe]
ModuleName : C:\PROGRA~1\Iomega\System32\AppServices.exe
Command Line : "C:\PROGRA~1\Iomega\System32\AppServices.exe"
ProcessID : 704
ThreadCreationTime : 5-6-2005 3:59:38 AM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT

#:15 [lxrjd31s.exe]
ModuleName : C:\WINDOWS\system32\LxrJD31s.exe
Command Line : LxrJD31s.exe
ProcessID : 768
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal


#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 792
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 952
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 1012
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:19 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1040
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal
FileVersion : 6.14.10.4403
ProductVersion : 6.14.10.4403
ProductName : NVIDIA Driver Helper Service, Version 44.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:20 [pctspk.exe]
ModuleName : C:\WINDOWS\system32\pctspk.exe
Command Line : C:\WINDOWS\system32\pctspk.exe
ProcessID : 1060
ThreadCreationTime : 5-6-2005 3:59:39 AM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright ©PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:21 [retrorun.exe]
ModuleName : C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
Command Line : C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
ProcessID : 1548
ThreadCreationTime : 5-6-2005 3:59:42 AM
BasePriority : Normal
FileVersion : 1.0.196
ProductVersion : 1.0
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2004
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : retrorun.exe

#:22 [scsiaccess.exe]
ModuleName : C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
Command Line : "C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe"
ProcessID : 1584
ThreadCreationTime : 5-6-2005 3:59:42 AM
BasePriority : Normal


#:23 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1624
ThreadCreationTime : 5-6-2005 3:59:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1684
ThreadCreationTime : 5-6-2005 3:59:42 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:25 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 1704
ThreadCreationTime : 5-6-2005 3:59:42 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:26 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1844
ThreadCreationTime : 5-6-2005 3:59:43 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:27 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2264
ThreadCreationTime : 5-6-2005 3:59:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 3164
ThreadCreationTime : 5-6-2005 4:00:18 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [fppdis1.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe"
ProcessID : 3256
ThreadCreationTime : 5-6-2005 4:00:23 AM
BasePriority : Normal
FileVersion : 1.61
ProductVersion : 1.61
ProductName : FinePrint pdfFactory
CompanyName : FinePrint Software, LLC
FileDescription : FinePrint pdfFactory
LegalCopyright : Copyright © 2001-2003 FinePrint Software, LLC

#:30 [mmhotkey.exe]
ModuleName : C:\PROGRA~1\KM9801U\MMHotKey.EXE
Command Line : "C:\PROGRA~1\KM9801U\MMHotKey.EXE"
ProcessID : 3264
ThreadCreationTime : 5-6-2005 4:00:23 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Dritek System Inc. MMHotKey 11.1.2000 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : MMHotKey
InternalName : MMHotKey
LegalCopyright : Copyright © 2000 Dritek System Inc.
OriginalFilename : MMHotKey.exe

#:31 [mmdiag.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 3272
ThreadCreationTime : 5-6-2005 4:00:24 AM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:32 [fpdisp5a.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe"
ProcessID : 3280
ThreadCreationTime : 5-6-2005 4:00:24 AM
BasePriority : Normal
FileVersion : 5.02
ProductVersion : 5.02
ProductName : FinePrint
CompanyName : FinePrint Software, LLC
FileDescription : FinePrint
LegalCopyright : Copyright © 1995-2003 FinePrint Software, LLC

#:33 [sunasdtserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe"
ProcessID : 3292
ThreadCreationTime : 5-6-2005 4:00:24 AM
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:34 [sunasserv.exe]
ModuleName : C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
Command Line : "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe"
ProcessID : 3300
ThreadCreationTime : 5-6-2005 4:00:24 AM
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:35 [mim.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe" -Embedding
ProcessID : 3328
ThreadCreationTime : 5-6-2005 4:00:24 AM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:36 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 3368
ThreadCreationTime : 5-6-2005 4:00:25 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:37 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 3408
ThreadCreationTime : 5-6-2005 4:00:26 AM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:38 [tbcpro.exe]
ModuleName : C:\Program Files\TitleBarClock Pro\Tbcpro.exe
Command Line : "C:\Program Files\TitleBarClock Pro\Tbcpro.exe"
ProcessID : 3416
ThreadCreationTime : 5-6-2005 4:00:26 AM
BasePriority : Normal


#:39 [cursorxp.exe]
ModuleName : C:\Program Files\CursorXP\CursorXP.exe
Command Line : "C:\Program Files\CursorXP\CursorXP.exe"
ProcessID : 3436
ThreadCreationTime : 5-6-2005 4:00:27 AM
BasePriority : High


#:40 [hokhidkc.exe]
ModuleName : C:\PROGRA~1\KM9801U\HokHIDKC.EXE
Command Line : "C:\PROGRA~1\KM9801U\HokHIDKC.EXE"
ProcessID : 3452
ThreadCreationTime : 5-6-2005 4:00:28 AM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 1.18.2000 ( VC40 )
ProductName : USBKCCnt
CompanyName : Dritek System Inc.
FileDescription : USB KeyCode Receiver Application
InternalName : USBKCCnt
LegalCopyright : Copyright

#:41 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3468
ThreadCreationTime : 5-6-2005 4:00:28 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:42 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3476
ThreadCreationTime : 5-6-2005 4:00:28 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:43 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3488
ThreadCreationTime : 5-6-2005 4:00:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:44 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
Command Line : "C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe"
ProcessID : 3564
ThreadCreationTime : 5-6-2005 4:00:31 AM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:45 [iexplore.exe]
ModuleName : c:\progra~1\intern~1\iexplore.exe
Command Line : "c:\progra~1\intern~1\iexplore.exe"
ProcessID : 3632
ThreadCreationTime : 5-6-2005 4:00:32 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:46 [bhodemon.exe]
ModuleName : C:\Program Files\BHODemon 2\BHODemon.exe
Command Line : "C:\Program Files\BHODemon 2\BHODemon.exe"
ProcessID : 3652
ThreadCreationTime : 5-6-2005 4:00:32 AM
BasePriority : Normal
FileVersion : 2.0.0.21
ProductVersion : 2.0.0.21
ProductName : BHODemon 2.0
CompanyName : Definitive Solutions, Inc.
FileDescription : BHODemon - Freeware BHO Detection Utility
InternalName : BHODemon.exe
LegalCopyright : Copyright © 2000-2004 Definitive Solutions, Inc. All rights reserved.
LegalTrademarks : www.DefinitiveSolutions.com
OriginalFilename : BHODemon.exe
Comments : BHODemon - Freeware BHO Detection Utility

#:47 [pow.exe]
ModuleName : C:\Program Files\AnalogX\POW\pow.exe
Command Line : "C:\Program Files\AnalogX\POW\pow.exe"
ProcessID : 3672
ThreadCreationTime : 5-6-2005 4:00:33 AM
BasePriority : Normal


#:48 [e_s10mt2.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
Command Line : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE /F "C:\DOCUME~1\Crosby\LOCALS~1\Temp\epi1.tmp"
ProcessID : 2472
ThreadCreationTime : 5-6-2005 6:07:24 AM
BasePriority : Normal
FileVersion : 3.02
ProductVersion : 3.02
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10MT2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S10MT2.EXE

#:49 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3860
ThreadCreationTime : 5-6-2005 7:22:12 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\atlbrowser.exe

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\atlbrowser.exe
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0818d423-6247-11d1-abee-00d049c10000}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0818d423-6247-11d1-abee-00d049c10000}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dlmaxdll.dlmaxdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dlmaxdll.dlmaxdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{230c3786-1c2c-45bd-9d2d-9d277fce6289}

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : param

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : track

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : LastUpdate

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : reqcount

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : DownloadPath

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : Language

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : SoftwareTable

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : Request

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-3-2010 4:53:24 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 4-26-2006 10:57:46 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/adrevolver/
Expires : 1-23-2008 4:15:36 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:47
Value : Cookie:[email protected]/
Expires : 5-6-2007 2:57:46 AM
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 5-3-2008 4:51:22 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:34
Value : Cookie:[email protected]/
Expires : 5-5-2010 2:57:46 AM
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/
Expires : 6-9-2022 10:05:42 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:105
Value : Cookie:[email protected]/
Expires : 5-3-2006 11:59:04 PM
LastSync : Hits:105
UseCount : 0
Hits : 105

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 6-5-2005 2:57:46 AM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-4-2006 5:12:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 6-21-2009 5:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-28-2035 10:22:36 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:33
Value : Cookie:[email protected]/
Expires : 5-2-2010 5:00:00 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2029 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-4-2010 12:56:16 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-3-2009 5:14:06 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/
Expires : 4-28-2030 2:23:40 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:38
Value : Cookie:[email protected]/
Expires : 5-6-2006 12:13:58 PM
LastSync : Hits:38
UseCount : 0
Hits : 38

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-1-2015 9:13:54 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-3-2010 4:53:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 42



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ClickSpring Object Recognized!
Type : File
Data : backup-20050320-012102-352.dll
Category : Malware
Comment :
Object : C:\My Documents\james\Spyware Removal\Software\hijackthis\backups\



MediaMotor Object Recognized!
Type : File
Data : unstall.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (I:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for I:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Deep scanning and examining files (J:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for J:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 44




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

VX2 Object Recognized!
Type : File
Data : farmmext.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



ClickSpring Object Recognized!
Type : File
Data : crash.txt
Category : Malware
Comment :
Object : c:\



MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm
Value : check

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 52

12:51:35 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:36.468
Objects scanned:291954
Objects identified:52
Objects ignored:0
New critical objects:52
  • 0

#4
lunamoonrata

lunamoonrata

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ACTIVE SCAN - log


Incident Status Location

Adware:Adware/Lop No disinfected c:\docume~1\crosby\locals~1\temp\xijpyztk.exe
Adware:Adware/Lop No disinfected C:\DOCUME~1\Crosby\APPLIC~1\FASTBO~1\MULTIC~1.EXE
Adware:Adware/eZula No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax
Adware:Adware/nCase No disinfected C:\Temp\salm.???
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/Apropos No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\system32\tvm_*bundle*.exe
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/DealHelper No disinfected C:\WINDOWS\system32\DealHelper
Adware:Adware/IEPlugin No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Lite Bin Warn For\Download Online.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Crosby\Application Data\FAST BOLD BONE\BOOK PROXY STOP.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Crosby\Application Data\FAST BOLD BONE\hvylljlp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Crosby\Application Data\FAST BOLD BONE\MultiChicObj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Crosby\Local Settings\Temp\xijpyztk.exe
Adware:Adware/nCase No disinfected C:\temp\salm.log
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\mm15201518.Stub.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\sskb5.exe
Virus:Bck/Webdor.G Disinfected C:\WINDOWS\svchst.exe
Virus:Trj/Downloader.ANG Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PU94CZ3C\dl[1].exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\hmhlo.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\psis80ex.ax[flash.exe]
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\RGSVR3~1.EXE
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\saie_gdf.dat
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\system32\TVM_B5_Bundle_14.EXE
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][disco_details.zip][disco_details.scr]
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Important.zip][Important.txt
Virus:W32/Mydoom.A.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][message.zip][message.doc .exe]
Virus:W32/Mydoom.A.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][[email protected]@][document.zip][document.txt .pif]
Virus:JS/Illwill.A Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][08_price.zip][price.html]
Virus:W32/Bagle.AM.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][08_price.zip][price.exe]
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][story_dinner.zip][story_dinner.htm.pif]
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][product.zip][product.htm.scr]
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][auction.zip][auction.pif]
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][nomoney_details.zip][nomoney_details.com]
Virus:W32/Netsky.P.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][word_doc.zip][data.rtf .scr]
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Textfile.zip][Textfile.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][inbox][Part-2.zip][Part-2.txt
Virus:Exploit/iFrame Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][~000007.txt]
Virus:W32/Bugbear.B.Dam Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][lucy copy.jpg.exe]
Virus:Exploit/iFrame Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][~000018.txt]
Virus:W32/Bugbear.B.Dam Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][lucy copy.jpg.scr]
Virus:W32/Netsky.C.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][mydate.zip][mydate.com]
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][Details.zip][Details.txt
Virus:W32/Netsky.Z.worm Disinfected H:\JETFUEL WEBSTUFF\2005-03-31-WEBSITE BACKUP\backup-ilovejetfuel.com-4-1-2005.tar.tar[backup-ilovejetfuel.com-4-1-2005.tar][INBOX.Trash][Bill.zip][Bill.txt
  • 0

#5
Guest_nommork_*

Guest_nommork_*
  • Guest
Reboot into Windows Safe Mode
Please launch Ad-Aware SE and click on the gear to access the Configuration Menu.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion" > Click Proceed.

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

You may want to use http://www.ccleaner.com

Important: check that your last scan was a "Full System Scan". If not, please select that option and start a scan, cancelling the scan after it starts. The object is to ensure that a full system scan will run in the following step.

Please run Ad-Aware SE just a bit differently, using the command line below:

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.

Note: The path above (between the quotes) is the default location of Ad-Aware SE, if this has been changed by the user, please adjust it to the location that they have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

ADS Scan
Choose the scan volume for ADS
Click the the Select and click on the C:\ so all folders are checked
Uncheck the Search for negligible entries
Scan
When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

You may need to run Ad-aware se several times to remove all teh targets.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply

Edited by nommork, 06 May 2005 - 02:19 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP