Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Shanaluv's log..[RESOLVED]


  • This topic is locked This topic is locked

#1
shanaluv

shanaluv

    New Member

  • Member
  • Pip
  • 8 posts
Here is my summary..
Thanks!
Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 06, 2005 9:55:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):3 total references
EzuLa(TAC index:6):6 total references
IBIS Toolbar(TAC index:5):4 total references
Instafinder(TAC index:4):10 total references
MediaMotor(TAC index:8):10 total references
StatBlaster(TAC index:8):1 total references
VX2(TAC index:10):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-6-2005 9:53:11 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


5-6-2005 9:53:20 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:9 %
Total physical memory:130544 kb
Available physical memory:10788 kb
Total page file size:309884 kb
Available on page file:74240 kb
Total virtual memory:2097024 kb
Available virtual memory:2043864 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-6-2005 9:55:35 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 156
ThreadCreationTime : 5-7-2005 3:35:15 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 180
ThreadCreationTime : 5-7-2005 3:35:25 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 200
ThreadCreationTime : 5-7-2005 3:35:27 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 228
ThreadCreationTime : 5-7-2005 3:35:30 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 240
ThreadCreationTime : 5-7-2005 3:35:30 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 424
ThreadCreationTime : 5-7-2005 3:35:35 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 452
ThreadCreationTime : 5-7-2005 3:35:36 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 480
ThreadCreationTime : 5-7-2005 3:35:36 AM
BasePriority : Normal


#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\ati2evxx.exe
Command Line : C:\WINNT\System32\ati2evxx.exe
ProcessID : 524
ThreadCreationTime : 5-7-2005 3:35:42 AM
BasePriority : Normal


#:10 [avgserv.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Command Line : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 556
ThreadCreationTime : 5-7-2005 3:35:50 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright © GRISOFT 1998-2004
OriginalFilename : AvgServ

#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 568
ThreadCreationTime : 5-7-2005 3:35:51 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe

#:12 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 620
ThreadCreationTime : 5-7-2005 3:35:56 AM
BasePriority : Normal
FileVersion : 9.0.504.0
ProductVersion : 9.0.504.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 640
ThreadCreationTime : 5-7-2005 3:36:02 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 696
ThreadCreationTime : 5-7-2005 3:36:09 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 400
ThreadCreationTime : 5-7-2005 3:36:11 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 788
ThreadCreationTime : 5-7-2005 3:36:14 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 868
ThreadCreationTime : 5-7-2005 3:36:17 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 880
ThreadCreationTime : 5-7-2005 3:36:21 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [wzcbdls.exe]
ModuleName : C:\Program Files\WZCBDL Service\WZCBDLS.exe
Command Line : "C:\Program Files\WZCBDL Service\WZCBDLS.exe"
ProcessID : 900
ThreadCreationTime : 5-7-2005 3:36:21 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe

#:20 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 1484
ThreadCreationTime : 5-7-2005 3:37:30 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:21 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 1492
ThreadCreationTime : 5-7-2005 3:39:04 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe

#:22 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 1372
ThreadCreationTime : 5-7-2005 3:39:36 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:23 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 1592
ThreadCreationTime : 5-7-2005 3:40:01 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2000 Gateway, Inc.
Comments : http://www.billp.com

#:24 [aircfg.exe]
ModuleName : C:\Program Files\D-Link\Air Utility\AirCFG.exe
Command Line : "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
ProcessID : 1612
ThreadCreationTime : 5-7-2005 3:40:08 AM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:25 [avgcc32.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1620
ThreadCreationTime : 5-7-2005 3:40:10 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:26 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1648
ThreadCreationTime : 5-7-2005 3:40:18 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:27 [incmail.exe]
ModuleName : C:\Program Files\IncrediMail\bin\IncMail.exe
Command Line : "C:\Program Files\IncrediMail\bin\IncMail.exe"
ProcessID : 1664
ThreadCreationTime : 5-7-2005 3:40:39 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediMail
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : INCMAIL.EXE

#:28 [imapp.exe]
ModuleName : C:\PROGRA~1\INCRED~1\bin\IMApp.exe
Command Line : C:\PROGRA~1\INCRED~1\bin\IMApp.exe -Embedding
ProcessID : 1676
ThreadCreationTime : 5-7-2005 3:40:52 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE

#:29 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 680
ThreadCreationTime : 5-7-2005 3:43:58 AM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:30 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe"
ProcessID : 1696
ThreadCreationTime : 5-7-2005 3:47:56 AM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:31 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1560
ThreadCreationTime : 5-7-2005 3:49:39 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1700
ThreadCreationTime : 5-7-2005 3:52:22 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : File
Data : ceres.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\



MediaMotor Object Recognized!
Type : File
Data : farmmext.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI3EFC.tmp\



MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\



MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : File
Data : spike.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\



MediaMotor Object Recognized!
Type : File
Data : ceres[1].cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\67W3EPG9\



180Solutions Object Recognized!
Type : File
Data : ppq12F.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


180Solutions Object Recognized!
Type : File
Data : ppq137.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


180Solutions Object Recognized!
Type : File
Data : ppq139.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


EzuLa Object Recognized!
Type : File
Data : ppq143.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


EzuLa Object Recognized!
Type : File
Data : ppq145.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


EzuLa Object Recognized!
Type : File
Data : ppq147.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


MediaMotor Object Recognized!
Type : File
Data : ppq149.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 6.03
ProductVersion : 6.03
ProductName : DemoCtla
CompanyName : df
InternalName : mm63
OriginalFilename : mm63.ocx


StatBlaster Object Recognized!
Type : File
Data : ppq14B.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


MediaMotor Object Recognized!
Type : File
Data : ppq151.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


MediaMotor Object Recognized!
Type : File
Data : ppq153.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : ppq15B.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


VX2 Object Recognized!
Type : File
Data : ppq15D.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


IBIS Toolbar Object Recognized!
Type : File
Data : ppq27F.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\



Instafinder Object Recognized!
Type : File
Data : instafin.dll
Category : Malware
Comment :
Object : C:\WINNT\Downloaded Program Files\
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0


MediaMotor Object Recognized!
Type : File
Data : sixtypopsix.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 6.04
ProductVersion : 6.04
ProductName : pop64
CompanyName : Network1
InternalName : sixtypopsix
OriginalFilename : sixtypopsix.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINNT\iLookup

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINNT\iNetPal

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drp1.tmp

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrTemp

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer
Value : ServerProc

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : CfgID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : ConfigCode

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : ClientID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : BarID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : InstallTime

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : LastConfigDown

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : SetupInit

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : InstallReport

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 42

10:20:01 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:26.178
Objects scanned:83926
Objects identified:42
Objects ignored:0
New critical objects:42
  • 0

Advertisements


#2
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I thought I would add that seeve.exe is also there..that's what started this. I can't seem to rid myself of it.
  • 0

#3
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R43 06.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#4
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
If I am not supposed to connect to the internet, how will I post my scan results here after I have done everything? Sorry..just a little confused.
  • 0

#5
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
When you are scanning your latest scan, don't connect to the internet.
After scan has finished, connect to the internet and post the log.

- Rawe :tazz:
  • 0

#6
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ahhh..gotcha.
  • 0

#7
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post the log when you have followed Andy's instructions.
I'll take a look then. ;)

- Rawe :tazz:
  • 0

#8
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 08, 2005 9:27:32 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:11 %
Total physical memory:130544 kb
Available physical memory:13700 kb
Total page file size:309864 kb
Available on page file:169972 kb
Total virtual memory:2097024 kb
Available virtual memory:2047576 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-8-2005 9:27:32 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 156
ThreadCreationTime : 5-9-2005 3:20:48 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 180
ThreadCreationTime : 5-9-2005 3:21:00 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 200
ThreadCreationTime : 5-9-2005 3:21:03 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 228
ThreadCreationTime : 5-9-2005 3:21:05 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 240
ThreadCreationTime : 5-9-2005 3:21:05 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 420
ThreadCreationTime : 5-9-2005 3:21:10 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 448
ThreadCreationTime : 5-9-2005 3:21:10 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 476
ThreadCreationTime : 5-9-2005 3:21:11 AM
BasePriority : Normal


#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\ati2evxx.exe
Command Line : C:\WINNT\System32\ati2evxx.exe
ProcessID : 516
ThreadCreationTime : 5-9-2005 3:21:11 AM
BasePriority : Normal


#:10 [avgserv.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Command Line : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 536
ThreadCreationTime : 5-9-2005 3:21:13 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright © GRISOFT 1998-2004
OriginalFilename : AvgServ

#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 552
ThreadCreationTime : 5-9-2005 3:21:18 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe

#:12 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 612
ThreadCreationTime : 5-9-2005 3:21:21 AM
BasePriority : Normal
FileVersion : 9.0.504.0
ProductVersion : 9.0.504.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 636
ThreadCreationTime : 5-9-2005 3:21:25 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 352
ThreadCreationTime : 5-9-2005 3:21:30 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 712
ThreadCreationTime : 5-9-2005 3:21:32 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 768
ThreadCreationTime : 5-9-2005 3:21:34 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 832
ThreadCreationTime : 5-9-2005 3:21:36 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 844
ThreadCreationTime : 5-9-2005 3:21:37 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [wzcbdls.exe]
ModuleName : C:\Program Files\WZCBDL Service\WZCBDLS.exe
Command Line : "C:\Program Files\WZCBDL Service\WZCBDLS.exe"
ProcessID : 868
ThreadCreationTime : 5-9-2005 3:21:38 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe

#:20 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 940
ThreadCreationTime : 5-9-2005 3:22:04 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe

#:21 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 1168
ThreadCreationTime : 5-9-2005 3:22:46 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 1040
ThreadCreationTime : 5-9-2005 3:23:18 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2000 Gateway, Inc.
Comments : http://www.billp.com

#:23 [aircfg.exe]
ModuleName : C:\Program Files\D-Link\Air Utility\AirCFG.exe
Command Line : "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
ProcessID : 952
ThreadCreationTime : 5-9-2005 3:23:27 AM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:24 [avgcc32.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1188
ThreadCreationTime : 5-9-2005 3:23:31 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:25 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1132
ThreadCreationTime : 5-9-2005 3:23:58 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 928
ThreadCreationTime : 5-9-2005 3:24:27 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


9:38:16 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:43.866
Objects scanned:77062
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#9
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Have you tried scanning with the latest definition file? Released today?
  • 0

#10
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I updated it, and here is tonight's scan..

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 8:03:21 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):8 total references
Zango(TAC index:6):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663

5-10-2005 8:02:41 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


5-10-2005 8:02:52 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:8 %
Total physical memory:130544 kb
Available physical memory:9964 kb
Total page file size:309896 kb
Available on page file:109492 kb
Total virtual memory:2097024 kb
Available virtual memory:2042608 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2005 8:03:21 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 156
ThreadCreationTime : 5-11-2005 12:14:51 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 180
ThreadCreationTime : 5-11-2005 12:15:03 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 176
ThreadCreationTime : 5-11-2005 12:15:06 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 228
ThreadCreationTime : 5-11-2005 12:15:08 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 240
ThreadCreationTime : 5-11-2005 12:15:09 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 424
ThreadCreationTime : 5-11-2005 12:15:15 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 456
ThreadCreationTime : 5-11-2005 12:15:15 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 500
ThreadCreationTime : 5-11-2005 12:15:20 AM
BasePriority : Normal


#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\ati2evxx.exe
Command Line : C:\WINNT\System32\ati2evxx.exe
ProcessID : 544
ThreadCreationTime : 5-11-2005 12:15:22 AM
BasePriority : Normal


#:10 [avgserv.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Command Line : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 572
ThreadCreationTime : 5-11-2005 12:15:24 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright © GRISOFT 1998-2004
OriginalFilename : AvgServ

#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 584
ThreadCreationTime : 5-11-2005 12:15:25 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe

#:12 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 632
ThreadCreationTime : 5-11-2005 12:15:34 AM
BasePriority : Normal
FileVersion : 9.0.504.0
ProductVersion : 9.0.504.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 652
ThreadCreationTime : 5-11-2005 12:15:39 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 688
ThreadCreationTime : 5-11-2005 12:15:43 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 716
ThreadCreationTime : 5-11-2005 12:15:48 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 800
ThreadCreationTime : 5-11-2005 12:15:51 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 868
ThreadCreationTime : 5-11-2005 12:15:56 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 876
ThreadCreationTime : 5-11-2005 12:16:00 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [wzcbdls.exe]
ModuleName : C:\Program Files\WZCBDL Service\WZCBDLS.exe
Command Line : "C:\Program Files\WZCBDL Service\WZCBDLS.exe"
ProcessID : 900
ThreadCreationTime : 5-11-2005 12:16:01 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe

#:20 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 1480
ThreadCreationTime : 5-11-2005 12:17:04 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:21 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 1416
ThreadCreationTime : 5-11-2005 12:18:14 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe

#:22 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 1396
ThreadCreationTime : 5-11-2005 12:19:09 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:23 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 1068
ThreadCreationTime : 5-11-2005 12:19:38 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2000 Gateway, Inc.
Comments : http://www.billp.com

#:24 [aircfg.exe]
ModuleName : C:\Program Files\D-Link\Air Utility\AirCFG.exe
Command Line : "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
ProcessID : 1588
ThreadCreationTime : 5-11-2005 12:19:45 AM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:25 [avgcc32.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1596
ThreadCreationTime : 5-11-2005 12:19:46 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:26 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1624
ThreadCreationTime : 5-11-2005 12:19:53 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:27 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 812
ThreadCreationTime : 5-11-2005 12:23:36 AM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:28 [incmail.exe]
ModuleName : C:\Program Files\IncrediMail\bin\IncMail.exe
Command Line : "C:\Program Files\IncrediMail\bin\IncMail.exe"
ProcessID : 288
ThreadCreationTime : 5-11-2005 2:01:08 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediMail
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : INCMAIL.EXE

#:29 [imapp.exe]
ModuleName : C:\PROGRA~1\INCRED~1\bin\IMApp.exe
Command Line : C:\PROGRA~1\INCRED~1\bin\IMApp.exe -Embedding
ProcessID : 1384
ThreadCreationTime : 5-11-2005 2:01:24 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE

#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1428
ThreadCreationTime : 5-11-2005 2:02:20 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 13




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : Pynix.inf
Category : Malware
Comment :
Object : C:\WINNT\inf\



Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287}
Value : Installer

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287}
Value : SystemComponent

Zango Object Recognized!
Type : File
Data : clientax.dll
Category : Data Miner
Comment :
Object : C:\WINNT\downloaded program files\
FileVersion : 6, 1, 2, 0
ProductVersion : 6, 1, 2, 0
ProductName : 180SAAX
CompanyName : 180solutions
FileDescription : ClientAX
InternalName : ClientAX.dll
LegalCopyright : © 180solutions, 2004. All rights reserved.
OriginalFilename : ClientAX.dll
Comments : /DID=000998


Zango Object Recognized!
Type : File
Data : ClientAX.inf
Category : Data Miner
Comment :
Object : C:\WINNT\downloaded program files\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 20

8:15:32 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:10.690
Objects scanned:79655
Objects identified:20
Objects ignored:0
New critical objects:20
  • 0

#11
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#12
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Tonight's scan...

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 8:41:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:5 %
Total physical memory:130544 kb
Available physical memory:6084 kb
Total page file size:309896 kb
Available on page file:152792 kb
Total virtual memory:2097024 kb
Available virtual memory:2042608 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-2005 8:41:09 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 156
ThreadCreationTime : 5-12-2005 2:36:02 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 180
ThreadCreationTime : 5-12-2005 2:36:13 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 200
ThreadCreationTime : 5-12-2005 2:36:16 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 228
ThreadCreationTime : 5-12-2005 2:36:19 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 240
ThreadCreationTime : 5-12-2005 2:36:19 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 416
ThreadCreationTime : 5-12-2005 2:36:24 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 444
ThreadCreationTime : 5-12-2005 2:36:24 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 472
ThreadCreationTime : 5-12-2005 2:36:24 AM
BasePriority : Normal


#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\ati2evxx.exe
Command Line : C:\WINNT\System32\ati2evxx.exe
ProcessID : 528
ThreadCreationTime : 5-12-2005 2:36:29 AM
BasePriority : Normal


#:10 [avgserv.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Command Line : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 556
ThreadCreationTime : 5-12-2005 2:36:32 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright © GRISOFT 1998-2004
OriginalFilename : AvgServ

#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 568
ThreadCreationTime : 5-12-2005 2:36:33 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe

#:12 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 620
ThreadCreationTime : 5-12-2005 2:36:40 AM
BasePriority : Normal
FileVersion : 9.0.504.0
ProductVersion : 9.0.504.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 636
ThreadCreationTime : 5-12-2005 2:36:45 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 680
ThreadCreationTime : 5-12-2005 2:36:48 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 348
ThreadCreationTime : 5-12-2005 2:36:51 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:16 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 752
ThreadCreationTime : 5-12-2005 2:36:52 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 824
ThreadCreationTime : 5-12-2005 2:36:55 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:18 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 836
ThreadCreationTime : 5-12-2005 2:36:58 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:19 [wzcbdls.exe]
ModuleName : C:\Program Files\WZCBDL Service\WZCBDLS.exe
Command Line : "C:\Program Files\WZCBDL Service\WZCBDLS.exe"
ProcessID : 844
ThreadCreationTime : 5-12-2005 2:36:58 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe

#:20 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 924
ThreadCreationTime : 5-12-2005 2:37:16 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe

#:21 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 1112
ThreadCreationTime : 5-12-2005 2:37:53 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 460
ThreadCreationTime : 5-12-2005 2:38:32 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2000 Gateway, Inc.
Comments : http://www.billp.com

#:23 [aircfg.exe]
ModuleName : C:\Program Files\D-Link\Air Utility\AirCFG.exe
Command Line : "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
ProcessID : 1044
ThreadCreationTime : 5-12-2005 2:38:37 AM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:24 [avgcc32.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1128
ThreadCreationTime : 5-12-2005 2:38:39 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE

#:25 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1184
ThreadCreationTime : 5-12-2005 2:38:48 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1156
ThreadCreationTime : 5-12-2005 2:39:47 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


8:52:30 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:21.210
Objects scanned:79206
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#13
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Your Logfile seems clean,

Do you still have problems?

To keep your computer safe
-Make sure you have all critical updates installed.
-To make sure that you have got a firewall running when your connected to the internet and Anti-virus software which has the latest updates.

Two great sites to check for good advice and top rated software are http://members.acces...ntomPhixer.html and http://www.spywareai...p?file=toprated
  • 0

#14
shanaluv

shanaluv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No more problems!! You guys are the best! Thanks!
  • 0

#15
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP