Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware that won't go away!

Started by boltboymt , May 07 2005 12:25 PM

  • This topic is locked This topic is locked

#1
boltboymt
Posted 07 May 2005 - 12:25 PM

boltboymt

    New Member

  • Member
  • Pip
  • 7 posts
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 11:53:01 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):25 total references
ImIServer IEPlugin(TAC index:5):2 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-7-2005 11:46:17 AM Performing WebUpdate...

Installing Update...

5-7-2005 11:46:46 AM Failed
No updates installed.

5-7-2005 11:46:46 AM <RESTORE BCKP>
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654

5-7-2005 11:46:50 AM <OK>

5-7-2005 11:46:55 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


5-7-2005 11:47:35 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:40 %
Total physical memory:261488 kb
Available physical memory:104112 kb
Total page file size:633268 kb
Available on page file:406700 kb
Total virtual memory:2097024 kb
Available virtual memory:2039696 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 11:53:01 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 744
ThreadCreationTime : 5-7-2005 5:31:12 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 820
ThreadCreationTime : 5-7-2005 5:31:14 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 5-7-2005 5:31:14 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 5-7-2005 5:31:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 5-7-2005 5:31:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1064
ThreadCreationTime : 5-7-2005 5:31:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1108
ThreadCreationTime : 5-7-2005 5:31:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1316
ThreadCreationTime : 5-7-2005 5:31:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1340
ThreadCreationTime : 5-7-2005 5:31:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1620
ThreadCreationTime : 5-7-2005 5:31:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2044
ThreadCreationTime : 5-7-2005 5:31:23 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 1156
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:13 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 1176
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:14 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 1192
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:15 [tfnf5.exe]
ModuleName : C:\WINDOWS\System32\TFNF5.exe
Command Line : "C:\WINDOWS\System32\TFNF5.exe"
ProcessID : 1200
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:16 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 1212
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:17 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1220
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal


#:18 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1232
ThreadCreationTime : 5-7-2005 5:31:25 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:19 [pinger.exe]
ModuleName : C:\toshiba\ivp\ism\pinger.exe
Command Line : "C:\toshiba\ivp\ism\pinger.exe" /run
ProcessID : 1240
ThreadCreationTime : 5-7-2005 5:31:26 PM
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : Toshiba Pinger
InternalName : PINGER
LegalCopyright : © 1997-2001 Toshiba Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:20 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 952
ThreadCreationTime : 5-7-2005 5:31:26 PM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:21 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1396
ThreadCreationTime : 5-7-2005 5:31:26 PM
BasePriority : Normal


#:22 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1420
ThreadCreationTime : 5-7-2005 5:31:26 PM
BasePriority : Normal


#:23 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : "C:\Program Files\8p1qq0jj\8p1qq0jj.exe"
ProcessID : 1436
ThreadCreationTime : 5-7-2005 5:31:26 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:24 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1300
ThreadCreationTime : 5-7-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1704
ThreadCreationTime : 5-7-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:26 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1748
ThreadCreationTime : 5-7-2005 5:31:27 PM
BasePriority : Normal
FileVersion : 3.5.0.198
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:27 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1792
ThreadCreationTime : 5-7-2005 5:31:28 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:28 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 2036
ThreadCreationTime : 5-7-2005 5:31:32 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:29 [59017510.exe]
ModuleName : C:\Program Files\8p1qq0jj\59017510.exe
Command Line : a b
ProcessID : 772
ThreadCreationTime : 5-7-2005 5:31:35 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:30 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1248
ThreadCreationTime : 5-7-2005 5:31:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1144
ThreadCreationTime : 5-7-2005 5:31:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:32 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1456
ThreadCreationTime : 5-7-2005 5:31:41 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:33 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1084
ThreadCreationTime : 5-7-2005 5:31:43 PM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:34 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 364
ThreadCreationTime : 5-7-2005 5:31:47 PM
BasePriority : Normal


#:35 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 460
ThreadCreationTime : 5-7-2005 5:31:48 PM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:36 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 536
ThreadCreationTime : 5-7-2005 5:31:49 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:37 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : a b
ProcessID : 2424
ThreadCreationTime : 5-7-2005 5:36:36 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:38 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2384
ThreadCreationTime : 5-7-2005 5:36:47 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:39 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1144l
ProcessID : 2240
ThreadCreationTime : 5-7-2005 5:38:49 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3576
ThreadCreationTime : 5-7-2005 5:46:02 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-953129233-689911805-2960421364-1007\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : File
Data : A0300864.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP655\



VX2 Object Recognized!
Type : File
Data : A0301862.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP656\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


VX2 Object Recognized!
Type : File
Data : A0306474.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP684\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0306477.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP684\



VX2 Object Recognized!
Type : File
Data : A0313925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP694\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


VX2 Object Recognized!
Type : File
Data : A0313931.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F07DAC61-F7DF-4442-9D87-ABA01D78AFBB}\RP694\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 25
Objects found so far: 32

12:20:32 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:27:31.405
Objects scanned:148430
Objects identified:32
Objects ignored:0
New critical objects:32
  • 0

Advertisements

#2
Rawe
Posted 07 May 2005 - 12:58 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R43 06.05.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
boltboymt
Posted 07 May 2005 - 04:55 PM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay here's what I know thusfar. After following your instructions I ran AdAware in Safe Mode again, which turned up nothing.
After rebooting in normal mode the following log is what I got.

I have also run Webroot Spysweeper, which finds the Elite Bar in the Registry, tries to remove it but it keeps returning.

I've also run Spybot S&D per suggestions on the "before posting to Malware forum" directions

Thanks for your conituned help!!

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 4:06:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):25 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:16 %
Total physical memory:261488 kb
Available physical memory:41256 kb
Total page file size:633268 kb
Available on page file:434272 kb
Total virtual memory:2097024 kb
Available virtual memory:2040116 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-7-2005 4:06:14 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 5-7-2005 10:01:03 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 824
ThreadCreationTime : 5-7-2005 10:01:05 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 856
ThreadCreationTime : 5-7-2005 10:01:06 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 900
ThreadCreationTime : 5-7-2005 10:01:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 912
ThreadCreationTime : 5-7-2005 10:01:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1084
ThreadCreationTime : 5-7-2005 10:01:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1128
ThreadCreationTime : 5-7-2005 10:01:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1320
ThreadCreationTime : 5-7-2005 10:01:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1344
ThreadCreationTime : 5-7-2005 10:01:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1616
ThreadCreationTime : 5-7-2005 10:01:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 688
ThreadCreationTime : 5-7-2005 10:01:26 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1104
ThreadCreationTime : 5-7-2005 10:01:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1156
ThreadCreationTime : 5-7-2005 10:01:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:14 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1232
ThreadCreationTime : 5-7-2005 10:01:27 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1396
ThreadCreationTime : 5-7-2005 10:01:27 PM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 1464
ThreadCreationTime : 5-7-2005 10:01:27 PM
BasePriority : Normal


#:17 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 1816
ThreadCreationTime : 5-7-2005 10:01:28 PM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:18 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 1824
ThreadCreationTime : 5-7-2005 10:01:28 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:19 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 1852
ThreadCreationTime : 5-7-2005 10:01:28 PM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:20 [tfnf5.exe]
ModuleName : C:\WINDOWS\System32\TFNF5.exe
Command Line : "C:\WINDOWS\System32\TFNF5.exe"
ProcessID : 1280
ThreadCreationTime : 5-7-2005 10:01:28 PM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:21 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 1888
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:22 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1896
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal


#:23 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1904
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:24 [pinger.exe]
ModuleName : C:\toshiba\ivp\ism\pinger.exe
Command Line : "C:\toshiba\ivp\ism\pinger.exe" /run
ProcessID : 1916
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : Toshiba Pinger
InternalName : PINGER
LegalCopyright : © 1997-2001 Toshiba Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:25 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 1932
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1940
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal


#:27 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1968
ThreadCreationTime : 5-7-2005 10:01:29 PM
BasePriority : Normal


#:28 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : "C:\Program Files\8p1qq0jj\8p1qq0jj.exe"
ProcessID : 1976
ThreadCreationTime : 5-7-2005 10:01:30 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:29 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1984
ThreadCreationTime : 5-7-2005 10:01:30 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2008
ThreadCreationTime : 5-7-2005 10:01:30 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:31 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 2032
ThreadCreationTime : 5-7-2005 10:01:30 PM
BasePriority : Normal
FileVersion : 3.5.0.198
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:32 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 252
ThreadCreationTime : 5-7-2005 10:01:31 PM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:33 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 312
ThreadCreationTime : 5-7-2005 10:01:33 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:34 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 524
ThreadCreationTime : 5-7-2005 10:01:36 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:35 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 668
ThreadCreationTime : 5-7-2005 10:01:38 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:36 [59017510.exe]
ModuleName : C:\Program Files\8p1qq0jj\59017510.exe
Command Line : a b
ProcessID : 716
ThreadCreationTime : 5-7-2005 10:01:38 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1696
ThreadCreationTime : 5-7-2005 10:03:41 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-953129233-689911805-2960421364-1007\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 25

4:42:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:36:44.951
Objects scanned:147525
Objects identified:25
Objects ignored:0
New critical objects:25
  • 0

#4
Rawe
Posted 08 May 2005 - 01:20 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again.
Run these online virus scans;
- F-secure
- Trend Micro

Post the results here.

- Rawe :tazz:
  • 0

#5
boltboymt
Posted 08 May 2005 - 07:13 PM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I jumped ahead of you a little bit yesterday while reading some posts of others you've helped. Specifically "qcguy" and followed all of the instructions you'd given him.

So yesterday I ran Norton(which found nothing), TrendMicro(found 3 infections but could not remove), and PandaScan(Found 2 virues but could not remove).

I then ran AdAware in SafeMode, removed critical objects, and ran again this time showing clean. I did the same with SpySweeper in SafeMode after running AdAware which found EliteSearch bar again, removed, rescanned and came up clean.

I then rebooted in normal mode, scanned and found both issues on AdAware and Spysweeper.

So after your response today I followed your instructions. I ran TrendMicro again, finding 2 viruses but unable to remove, then ran F-secure it also found 2 viruses but also could not remove.
I then ran AdAware per your previous instuction in SafeMode, deleted critical objectes, restarted in Normal mode and reran AdAware and following is my log.

Thanks so much for your continued help!!!

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 08, 2005 4:43:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):25 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:14 %
Total physical memory:261488 kb
Available physical memory:35912 kb
Total page file size:633328 kb
Available on page file:440252 kb
Total virtual memory:2097024 kb
Available virtual memory:2038876 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-8-2005 4:43:18 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 744
ThreadCreationTime : 5-8-2005 10:32:56 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 824
ThreadCreationTime : 5-8-2005 10:32:58 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 5-8-2005 10:32:58 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 5-8-2005 10:32:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 5-8-2005 10:32:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1068
ThreadCreationTime : 5-8-2005 10:33:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1112
ThreadCreationTime : 5-8-2005 10:33:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1288
ThreadCreationTime : 5-8-2005 10:33:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1316
ThreadCreationTime : 5-8-2005 10:33:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1608
ThreadCreationTime : 5-8-2005 10:33:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 504
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 520
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:13 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 568
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 620
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 676
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal


#:16 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 812
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1096
ThreadCreationTime : 5-8-2005 10:33:14 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 400
ThreadCreationTime : 5-8-2005 10:33:28 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 736
ThreadCreationTime : 5-8-2005 10:33:30 PM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:20 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 800
ThreadCreationTime : 5-8-2005 10:33:30 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:21 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 1080
ThreadCreationTime : 5-8-2005 10:33:30 PM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:22 [tfnf5.exe]
ModuleName : C:\WINDOWS\System32\TFNF5.exe
Command Line : "C:\WINDOWS\System32\TFNF5.exe"
ProcessID : 1144
ThreadCreationTime : 5-8-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:23 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 1088
ThreadCreationTime : 5-8-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:24 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1232
ThreadCreationTime : 5-8-2005 10:33:31 PM
BasePriority : Normal


#:25 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1520
ThreadCreationTime : 5-8-2005 10:33:31 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:26 [pinger.exe]
ModuleName : C:\toshiba\ivp\ism\pinger.exe
Command Line : "C:\toshiba\ivp\ism\pinger.exe" /run
ProcessID : 1560
ThreadCreationTime : 5-8-2005 10:33:32 PM
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : Toshiba Pinger
InternalName : PINGER
LegalCopyright : © 1997-2001 Toshiba Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:27 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 1716
ThreadCreationTime : 5-8-2005 10:33:32 PM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:28 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1744
ThreadCreationTime : 5-8-2005 10:33:33 PM
BasePriority : Normal


#:29 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1884
ThreadCreationTime : 5-8-2005 10:33:33 PM
BasePriority : Normal


#:30 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : "C:\Program Files\8p1qq0jj\8p1qq0jj.exe"
ProcessID : 1796
ThreadCreationTime : 5-8-2005 10:33:34 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:31 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1788
ThreadCreationTime : 5-8-2005 10:33:34 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:32 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1912
ThreadCreationTime : 5-8-2005 10:33:34 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:33 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1956
ThreadCreationTime : 5-8-2005 10:33:35 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:34 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1488
ThreadCreationTime : 5-8-2005 10:33:36 PM
BasePriority : Normal
FileVersion : 3.5.0.198
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:35 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 1008
ThreadCreationTime : 5-8-2005 10:33:41 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:36 [59017510.exe]
ModuleName : C:\Program Files\8p1qq0jj\59017510.exe
Command Line : a b
ProcessID : 2052
ThreadCreationTime : 5-8-2005 10:33:48 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 236
ThreadCreationTime : 5-8-2005 10:35:57 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 520l
ProcessID : 2532
ThreadCreationTime : 5-8-2005 10:40:53 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:39 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : a b
ProcessID : 3384
ThreadCreationTime : 5-8-2005 10:41:39 PM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-953129233-689911805-2960421364-1007\software\lq
Value : AC

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 25

5:01:48 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:30.246
Objects scanned:141349
Objects identified:25
Objects ignored:0
New critical objects:25
  • 0

#6
boltboymt
Posted 10 May 2005 - 12:37 AM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Rawe!!!

Could it possibly be true? Is my Log finally clean???!!!

I ran the new TrendMicro Beta 6 this evening which found and DELETED the two viruses it found with the old version.

It also decteted the Ebates and Elite spyware and removed.
I rebooted in SafeMode, ran CCleaner, then ran AdAware which found the Ebates issue in the registry, but only that one item this time. Then I ran Spysweeper which found nothing.

I rebooted in normal mode, ran AdAware and the log came up clean. :tazz:

I would really appreciate your time if you could review this log and let me know what you think!!

Here is my last log:

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 12:03:15 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:13 %
Total physical memory:261488 kb
Available physical memory:33896 kb
Total page file size:633328 kb
Available on page file:443832 kb
Total virtual memory:2097024 kb
Available virtual memory:2045712 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2005 12:03:15 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 580
ThreadCreationTime : 5-10-2005 5:55:33 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 652
ThreadCreationTime : 5-10-2005 5:55:35 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 680
ThreadCreationTime : 5-10-2005 5:55:36 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 724
ThreadCreationTime : 5-10-2005 5:55:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 736
ThreadCreationTime : 5-10-2005 5:55:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 892
ThreadCreationTime : 5-10-2005 5:55:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 936
ThreadCreationTime : 5-10-2005 5:55:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1084
ThreadCreationTime : 5-10-2005 5:55:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1100
ThreadCreationTime : 5-10-2005 5:55:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1288
ThreadCreationTime : 5-10-2005 5:55:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1404
ThreadCreationTime : 5-10-2005 5:55:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1420
ThreadCreationTime : 5-10-2005 5:55:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:13 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1464
ThreadCreationTime : 5-10-2005 5:55:41 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1524
ThreadCreationTime : 5-10-2005 5:55:42 AM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 1604
ThreadCreationTime : 5-10-2005 5:55:42 AM
BasePriority : Normal


#:16 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 1648
ThreadCreationTime : 5-10-2005 5:55:42 AM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1704
ThreadCreationTime : 5-10-2005 5:55:43 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 532
ThreadCreationTime : 5-10-2005 5:56:11 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 844
ThreadCreationTime : 5-10-2005 5:56:15 AM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:20 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 884
ThreadCreationTime : 5-10-2005 5:56:15 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:21 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 916
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:22 [tfnf5.exe]
ModuleName : C:\WINDOWS\System32\TFNF5.exe
Command Line : "C:\WINDOWS\System32\TFNF5.exe"
ProcessID : 980
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:23 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 968
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:24 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1008
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal


#:25 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1016
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:26 [pinger.exe]
ModuleName : C:\toshiba\ivp\ism\pinger.exe
Command Line : "C:\toshiba\ivp\ism\pinger.exe" /run
ProcessID : 1028
ThreadCreationTime : 5-10-2005 5:56:16 AM
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : Toshiba Pinger
InternalName : PINGER
LegalCopyright : © 1997-2001 Toshiba Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:27 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 1180
ThreadCreationTime : 5-10-2005 5:56:17 AM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:28 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1232
ThreadCreationTime : 5-10-2005 5:56:17 AM
BasePriority : Normal


#:29 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1316
ThreadCreationTime : 5-10-2005 5:56:18 AM
BasePriority : Normal


#:30 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : "C:\Program Files\8p1qq0jj\8p1qq0jj.exe"
ProcessID : 1560
ThreadCreationTime : 5-10-2005 5:56:18 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:31 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1676
ThreadCreationTime : 5-10-2005 5:56:18 AM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:32 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1532
ThreadCreationTime : 5-10-2005 5:56:19 AM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:33 [spysweeper.exe]
ModuleName : C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Command Line : "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
ProcessID : 1744
ThreadCreationTime : 5-10-2005 5:56:19 AM
BasePriority : Normal
FileVersion : 3.5.0.198
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:34 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1756
ThreadCreationTime : 5-10-2005 5:56:19 AM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:35 [popupwasher.exe]
ModuleName : C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
Command Line : "C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe"
ProcessID : 2016
ThreadCreationTime : 5-10-2005 5:56:22 AM
BasePriority : Normal
FileVersion : 2.5.0.32
ProductVersion : 1.0.0.0
CompanyName : Webroot Software, Inc.
FileDescription : Pop-Up Washer
LegalCopyright : © 1999-2005 Webroot Software, Inc.

#:36 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 228
ThreadCreationTime : 5-10-2005 5:56:23 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:37 [59017510.exe]
ModuleName : C:\Program Files\8p1qq0jj\59017510.exe
Command Line : a b
ProcessID : 264
ThreadCreationTime : 5-10-2005 5:56:30 AM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:38 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 956
ThreadCreationTime : 5-10-2005 5:57:32 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:39 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : a b
ProcessID : 2052
ThreadCreationTime : 5-10-2005 6:01:08 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:40 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1420l
ProcessID : 2092
ThreadCreationTime : 5-10-2005 6:03:09 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


12:22:42 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:27.8
Objects scanned:140687
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#7
Rawe
Posted 10 May 2005 - 04:15 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello, boltboymt, sorry for the late answer.
Your Ad-aware log would seem to be clean, if you don't have any problems, your problems has gone.
Good for you!
Now when your computer is clean, here is something which will keep it clean..
- Make sure you have all critical updates installed.
- Make sure that you have a firewall running when you are connected to the internet and Anti-virus software which has the latest updates.

Also, two great sites to check for good tips and top rated software are http://members.acces...ntomPhixer.html and http://www.spywareai...p?file=toprated

Take a look in those. ;)
Also, most important is to use another browser than IE, you can find Firefox here.
Good luck.

- Rawe :tazz:
  • 0

#8
boltboymt
Posted 10 May 2005 - 01:18 PM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Rawe thanks again. I can't tell you how much I appreciate your help.

If you need a good deal on a new home theater let me know I'll take care of you!! :tazz:

I definately reccommend you check out the latest version on Trend Micro's site.

It was the first virus scan able to remove the two that every virus scan kept finding.

The problem is gone today and I've already switched Firefox.

You guys rock!!!

Ciao
  • 0

#9
Guest_Andy_veal_*
Posted 12 May 2005 - 04:10 PM

Guest_Andy_veal_*
  • Guest
Hello there.

Your last logfile wasn't clean :tazz:

There were some strange processes running.

Please reply so we can take further assistance for you ;)

Thanks
  • 0

#10
boltboymt
Posted 12 May 2005 - 11:08 PM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Andy,

Thanks for the heads up. I was starting to wonder.
I haven't had the pop up issues. However my initial start up of the computer
seems to take waaayyyyyy tooooooo loooonnnnngg. :tazz:

Please let me know what to do next.

In the meantime here is a current logfile that I ran after downloading current definition of SE1R44 10.05.2005.
You'll also note since I thought I was clean, I updated WinXP with SP2.

Thanks again.

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 10:36:04 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663

5-12-2005 10:34:55 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


5-12-2005 10:35:14 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:39 %
Total physical memory:261488 kb
Available physical memory:99856 kb
Total page file size:630576 kb
Available on page file:394924 kb
Total virtual memory:2097024 kb
Available virtual memory:2040592 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 10:36:04 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 760
ThreadCreationTime : 5-13-2005 2:14:44 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 832
ThreadCreationTime : 5-13-2005 2:14:47 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 856
ThreadCreationTime : 5-13-2005 2:14:47 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 900
ThreadCreationTime : 5-13-2005 2:14:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 912
ThreadCreationTime : 5-13-2005 2:14:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1060
ThreadCreationTime : 5-13-2005 2:14:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1136
ThreadCreationTime : 5-13-2005 2:14:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1176
ThreadCreationTime : 5-13-2005 2:14:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1248
ThreadCreationTime : 5-13-2005 2:14:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1372
ThreadCreationTime : 5-13-2005 2:14:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1696
ThreadCreationTime : 5-13-2005 2:14:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 796
ThreadCreationTime : 5-13-2005 2:15:06 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 1212
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:14 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 1224
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:15 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 1276
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:16 [tfnf5.exe]
ModuleName : C:\WINDOWS\system32\TFNF5.exe
Command Line : "C:\WINDOWS\system32\TFNF5.exe"
ProcessID : 1336
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:17 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 1364
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:18 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 1392
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal


#:19 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1476
ThreadCreationTime : 5-13-2005 2:15:07 AM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:20 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 1508
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:21 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1532
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal


#:22 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1552
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal


#:23 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1560
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:24 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : "C:\Program Files\8p1qq0jj\8p1qq0jj.exe"
ProcessID : 1568
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:25 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1580
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1596
ThreadCreationTime : 5-13-2005 2:15:08 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1756
ThreadCreationTime : 5-13-2005 2:15:10 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:28 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1828
ThreadCreationTime : 5-13-2005 2:15:10 AM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 1996
ThreadCreationTime : 5-13-2005 2:15:11 AM
BasePriority : Normal


#:30 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 236
ThreadCreationTime : 5-13-2005 2:15:12 AM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:31 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 360
ThreadCreationTime : 5-13-2005 2:15:12 AM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:32 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 416
ThreadCreationTime : 5-13-2005 2:15:12 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:33 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 580
ThreadCreationTime : 5-13-2005 2:15:12 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:34 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 952
ThreadCreationTime : 5-13-2005 2:15:17 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:35 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2516
ThreadCreationTime : 5-13-2005 2:15:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:36 [59017510.exe]
ModuleName : C:\Program Files\8p1qq0jj\59017510.exe
Command Line : a b
ProcessID : 2664
ThreadCreationTime : 5-13-2005 2:15:33 AM
BasePriority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1

#:37 [ivpsvmgr.exe]
ModuleName : C:\toshiba\ivp\ism\ivpsvmgr.exe
Command Line : "C:\toshiba\ivp\ism\ivpsvmgr.exe" /remind
ProcessID : 1836
ThreadCreationTime : 5-13-2005 2:18:21 AM
BasePriority : Normal
FileVersion : 3.4
ProductVersion : 3.4
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 Toshiba Corporation
OriginalFilename : IVPSVMGR.EXE

#:38 [8p1qq0jj.exe]
ModuleName : C:\Program Files\8p1qq0jj\8p1qq0jj.exe
Command Line : a b
ProcessID : 3356
ThreadCreationTime : 5-13-2005 2:21:15 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:39 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1560l
ProcessID : 2156
ThreadCreationTime : 5-13-2005 2:22:21 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:40 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 728
ThreadCreationTime : 5-13-2005 3:11:20 AM
BasePriority : Normal
FileVersion : 3.7.1.3244
ProductVersion : 3.7.3244
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:41 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 304
ThreadCreationTime : 5-13-2005 3:54:09 AM
BasePriority : Normal


#:42 [outlook.exe]
ModuleName : C:\PROGRA~1\MSOffice\Office\OUTLOOK.EXE
Command Line : "C:\PROGRA~1\MSOffice\Office\OUTLOOK.EXE"
ProcessID : 396
ThreadCreationTime : 5-13-2005 4:30:48 AM
BasePriority : Normal


#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2484
ThreadCreationTime : 5-13-2005 4:34:39 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


11:02:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:54.762
Objects scanned:160864
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#11
boltboymt
Posted 16 May 2005 - 10:09 PM

boltboymt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Andy,

Knowing how busy you guys are, I wanted to stay up to date with my scans/posting.

I'm now running AVG Antivirus, and got rid of Norton, which seemed to be slowing down the startup of my machine considerably. Startup time has improved considerably.

So, from SafeMode I ran CCleaner, then AVG, then Ad-Aware, then Spybot.

Restarted in Normal Mode and ran them all again.

Here is my latest Ad-Aware(with most current definitions).

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 16, 2005 9:40:17 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:38 %
Total physical memory:261488 kb
Available physical memory:98916 kb
Total page file size:630640 kb
Available on page file:423648 kb
Total virtual memory:2097024 kb
Available virtual memory:2042076 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-16-2005 9:40:17 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 780
ThreadCreationTime : 5-16-2005 2:47:46 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 852
ThreadCreationTime : 5-16-2005 2:47:48 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 876
ThreadCreationTime : 5-16-2005 2:47:49 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 920
ThreadCreationTime : 5-16-2005 2:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 932
ThreadCreationTime : 5-16-2005 2:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1076
ThreadCreationTime : 5-16-2005 2:47:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1156
ThreadCreationTime : 5-16-2005 2:47:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1196
ThreadCreationTime : 5-16-2005 2:47:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1244
ThreadCreationTime : 5-16-2005 2:47:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1312
ThreadCreationTime : 5-16-2005 2:47:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1712
ThreadCreationTime : 5-16-2005 2:47:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 216
ThreadCreationTime : 5-16-2005 2:48:09 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 232
ThreadCreationTime : 5-16-2005 2:48:09 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 244
ThreadCreationTime : 5-16-2005 2:48:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 316
ThreadCreationTime : 5-16-2005 2:48:10 PM
BasePriority : Normal
FileVersion : 6.13.10.2846
ProductVersion : 6.13.10.2846
ProductName : NVIDIA Driver Helper Service, Version 28.46
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.46
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [roomservice.exe]
ModuleName : C:\Program Files\Crestron\RoomView\RoomService.exe
Command Line : "C:\Program Files\Crestron\RoomView\RoomService.exe"
ProcessID : 364
ThreadCreationTime : 5-16-2005 2:48:10 PM
BasePriority : Normal


#:17 [roomsock.exe]
ModuleName : C:\Program Files\Crestron\RoomView\roomsock.exe
Command Line : roomsock.exe
ProcessID : 552
ThreadCreationTime : 5-16-2005 2:48:11 PM
BasePriority : Normal
FileVersion : 1, 6, 0, 1
ProductVersion : 1, 6, 0, 0
ProductName : RoomView License Manager
CompanyName : Crestron Electronics, Inc.
FileDescription : RoomSock
InternalName : RoomSock
LegalCopyright : Copyright © 2003
OriginalFilename : RoomSock.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 580
ThreadCreationTime : 5-16-2005 2:48:11 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1876
ThreadCreationTime : 5-16-2005 2:48:19 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 616
ThreadCreationTime : 5-16-2005 2:48:21 PM
BasePriority : Normal
FileVersion : 5.3.6.128
ProductVersion : 5.3.6.128
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:21 [00thotkey.exe]
ModuleName : C:\WINDOWS\System32\00THotkey.exe
Command Line : "C:\WINDOWS\System32\00THotkey.exe"
ProcessID : 628
ThreadCreationTime : 5-16-2005 2:48:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 5, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2001
OriginalFilename : THotkey.exe

#:22 [tfncky.exe]
ModuleName : C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
Command Line : "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" /Type 20
ProcessID : 492
ThreadCreationTime : 5-16-2005 2:48:23 PM
BasePriority : Normal
FileVersion : 2.39
ProductVersion : 2.39
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:23 [tfnf5.exe]
ModuleName : C:\WINDOWS\system32\TFNF5.exe
Command Line : "C:\WINDOWS\system32\TFNF5.exe"
ProcessID : 724
ThreadCreationTime : 5-16-2005 2:48:23 PM
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:24 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 708
ThreadCreationTime : 5-16-2005 2:48:23 PM
BasePriority : Normal


#:25 [touched.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
Command Line : "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
ProcessID : 1936
ThreadCreationTime : 5-16-2005 2:48:23 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 6
ProductVersion : 2, 0, 1, 6
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:26 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 1472
ThreadCreationTime : 5-16-2005 2:48:24 PM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:27 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1592
ThreadCreationTime : 5-16-2005 2:48:24 PM
BasePriority : Normal


#:28 [ptluworker.exe]
ModuleName : C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
Command Line : "C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe"
ProcessID : 1600
ThreadCreationTime : 5-16-2005 2:48:24 PM
BasePriority : Normal


#:29 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1568
ThreadCreationTime : 5-16-2005 2:48:24 PM
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:30 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1580
ThreadCreationTime : 5-16-2005 2:48:24 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:31 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 2056
ThreadCreationTime : 5-16-2005 2:48:26 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:32 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2216
ThreadCreationTime : 5-16-2005 2:48:28 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:33 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2228
ThreadCreationTime : 5-16-2005 2:48:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [wcescomm.exe]
ModuleName : C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
Command Line : "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
ProcessID : 2256
ThreadCreationTime : 5-16-2005 2:48:28 PM
BasePriority : Normal
FileVersion : 3.7.1.3244
ProductVersion : 3.7.3244
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:35 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 2496
ThreadCreationTime : 5-16-2005 2:48:38 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:36 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 244l
ProcessID : 3088
ThreadCreationTime : 5-16-2005 2:55:10 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:37 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 2296
ThreadCreationTime : 5-16-2005 3:05:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [ivpsvmgr.exe]
ModuleName : C:\toshiba\ivp\ism\ivpsvmgr.exe
Command Line : "C:\toshiba\ivp\ism\ivpsvmgr.exe" /remind
ProcessID : 3044
ThreadCreationTime : 5-16-2005 10:12:21 PM
BasePriority : Normal
FileVersion : 3.4
ProductVersion : 3.4
ProductName : Software Upgrades
CompanyName : Toshiba Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 Toshiba Corporation
OriginalFilename : IVPSVMGR.EXE

#:39 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 3764
ThreadCreationTime : 5-17-2005 1:11:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:40 [acrord32.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l
ProcessID : 3396
ThreadCreationTime : 5-17-2005 2:16:41 AM
BasePriority : Normal
FileVersion : 7.0.1.2005030700
ProductVersion : 7.0.1.2005030700
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 7.0
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3100
ThreadCreationTime : 5-17-2005 3:40:00 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


9:59:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:04.165
Objects scanned:152774
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP