Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

log file 119 critical...thats not good is it:(

Started by paddyglen2003 , May 08 2005 04:36 AM

  • This topic is locked This topic is locked

#1
paddyglen2003
Posted 08 May 2005 - 04:36 AM

paddyglen2003

    New Member

  • Member
  • Pip
  • 3 posts
sorry bout that here is the scan log

Ad-Aware SE Build 1.05
Logfile Created on:08 May 2005 11:17:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CrackSpider(TAC index:4):6 total references
MediaMotor(TAC index:8):44 total references
MRU List(TAC index:0):4 total references
Possible Browser Hijack attempt(TAC index:3):38 total references
SahAgent(TAC index:9):10 total references
Softomate Toolbar(TAC index:9):3 total references
Tracking Cookie(TAC index:3):7 total references
WhenU(TAC index:3):8 total references
Windows(TAC index:3):1 total references
WindUpdates(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:30 %
Total physical memory:523756 kb
Available physical memory:152852 kb
Total page file size:1276040 kb
Available on page file:922324 kb
Total virtual memory:2097024 kb
Available virtual memory:2040568 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


08-05-2005 11:17:20 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3792271717-2330840451-424221463-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3792271717-2330840451-424221463-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3792271717-2330840451-424221463-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 608
ThreadCreationTime : 08-05-2005 08:48:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 08-05-2005 08:48:52
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 08-05-2005 08:48:53
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 08-05-2005 08:48:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 08-05-2005 08:48:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1128
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1180
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1292
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 08-05-2005 08:48:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 08-05-2005 08:48:56
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 08-05-2005 08:48:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1636
ThreadCreationTime : 08-05-2005 08:48:57
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1852
ThreadCreationTime : 08-05-2005 08:48:57
BasePriority : Normal


#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1952
ThreadCreationTime : 08-05-2005 08:48:57
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2028
ThreadCreationTime : 08-05-2005 08:49:00
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [ehsched.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 288
ThreadCreationTime : 08-05-2005 08:49:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:19 [ezntsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 332
ThreadCreationTime : 08-05-2005 08:49:01
BasePriority : Normal
FileVersion : 1.0.0.72
ProductVersion : 1.0.0.0
CompanyName : EasyBits Software Corp.
FileDescription : EasyBits Desktop Service for Windows NT
LegalCopyright : EasyBits Software Corp.

#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 796
ThreadCreationTime : 08-05-2005 08:49:02
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:21 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1428
ThreadCreationTime : 08-05-2005 08:49:03
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1664
ThreadCreationTime : 08-05-2005 08:49:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 500
ThreadCreationTime : 08-05-2005 08:49:03
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:24 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 08-05-2005 08:49:04
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 680
ThreadCreationTime : 08-05-2005 08:49:04
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:26 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1404
ThreadCreationTime : 08-05-2005 08:49:05
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2420
ThreadCreationTime : 08-05-2005 08:49:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 3912
ThreadCreationTime : 08-05-2005 08:54:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3956
ThreadCreationTime : 08-05-2005 08:54:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:30 [ehmsas.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 4084
ThreadCreationTime : 08-05-2005 08:54:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:31 [waol.exe]
FilePath : C:\Program Files\AOL 9.0\
ProcessID : 316
ThreadCreationTime : 08-05-2005 08:54:29
BasePriority : Normal


#:32 [aboard.exe]
FilePath : C:\apps\ABoard\
ProcessID : 528
ThreadCreationTime : 08-05-2005 08:54:30
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : Activboard Application
CompanyName : NEC Computers International
FileDescription : Activboard Application
InternalName : Activboard
LegalCopyright : Copyright © 2003
OriginalFilename : ABoard.exe

#:33 [aosd.exe]
FilePath : C:\apps\ABoard\
ProcessID : 552
ThreadCreationTime : 08-05-2005 08:54:31
BasePriority : ?
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : ActivOSD Application
CompanyName : NEC Computers International
FileDescription : ActivOSD Application
InternalName : ActivOSD
LegalCopyright : Copyright © 2003
OriginalFilename : ActivOSD.exe

#:34 [vcsplay.exe]
FilePath : C:\Program Files\Virtual CD v4 SDK\system\
ProcessID : 632
ThreadCreationTime : 08-05-2005 08:54:32
BasePriority : Normal
FileVersion : 4, 5, 0, 6
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD v4
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Player
InternalName : VCSPlay
LegalCopyright : Copyright © 2001-2002 by H+H Software GmbH
OriginalFilename : VCSPlay.EXE

#:35 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 788
ThreadCreationTime : 08-05-2005 08:54:32
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:36 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1972
ThreadCreationTime : 08-05-2005 08:54:34
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:37 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 1092
ThreadCreationTime : 08-05-2005 08:54:34
BasePriority : Normal


#:38 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1324
ThreadCreationTime : 08-05-2005 08:54:35
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:39 [dslstat.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 1260
ThreadCreationTime : 08-05-2005 08:54:36
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright © 2002
OriginalFilename : dslstatus.exe

#:40 [dslagent.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 1948
ThreadCreationTime : 08-05-2005 08:54:36
BasePriority : Normal


#:41 [fts.exe]
FilePath : C:\Program Files\VoyagerTest\
ProcessID : 1340
ThreadCreationTime : 08-05-2005 08:54:37
BasePriority : Normal
FileVersion : 1, 0, 2, 2
ProductVersion : 1, 0, 0, 0
ProductName : Friendly Products
CompanyName : Friendly Technologies
FileDescription : fts
InternalName : fts
LegalCopyright : Copyright © 2001 Friendly Technologies
OriginalFilename : fts.exe
Comments : Built 06/05/2003

#:42 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 492
ThreadCreationTime : 08-05-2005 08:54:37
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:43 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 444
ThreadCreationTime : 08-05-2005 08:54:38
BasePriority : Normal
FileVersion : 2.1.2.0
ProductVersion : 2.1.2.0
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright © Logitech 2000-2004. All rights reserved
OriginalFilename : backweb-8876480.exe
Comments : www.logitech.com/ldm

#:44 [aoltray.exe]
FilePath : C:\Program Files\AOL 9.0\
ProcessID : 1548
ThreadCreationTime : 08-05-2005 08:54:46
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:45 [lvcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2508
ThreadCreationTime : 08-05-2005 08:54:47
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:46 [mad.exe]
FilePath : C:\Program Files\AOL\Broadband CheckUp\bin\
ProcessID : 2672
ThreadCreationTime : 08-05-2005 08:54:54
BasePriority : Normal
FileVersion : 5.08.01
ProductVersion : 5.8.1.asst_classic.asst_mad
ProductName : AOL Broadband Check-Up
CompanyName : Motive, Inc.
FileDescription : AOL Broadband Check-Up
InternalName : mad
LegalCopyright : Copyright 1998-2004
OriginalFilename : mad

#:47 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 684
ThreadCreationTime : 08-05-2005 08:55:00
BasePriority : Normal


#:48 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3428
ThreadCreationTime : 08-05-2005 08:55:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:49 [shellmon.exe]
FilePath : C:\Program Files\AOL 9.0\
ProcessID : 3396
ThreadCreationTime : 08-05-2005 08:55:17
BasePriority : Normal


#:50 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\
ProcessID : 3656
ThreadCreationTime : 08-05-2005 08:55:18
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : [v1.1-4] On Tue 03/16/2004 21:24:09.18
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:51 [companion.exe]
FilePath : C:\Program Files\AOL Companion\
ProcessID : 1724
ThreadCreationTime : 08-05-2005 08:58:36
BasePriority : Normal
FileVersion : 1, 6, 2, 0
ProductVersion : 1, 6, 2, 0
ProductName : AOL Companion
FileDescription : AOL Companion
InternalName : Companion
LegalCopyright : Copyright 2004
OriginalFilename : Companion.EXE

#:52 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1248
ThreadCreationTime : 08-05-2005 08:59:03
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:53 [aolsps~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 3020
ThreadCreationTime : 08-05-2005 09:02:03
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:54 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4036
ThreadCreationTime : 08-05-2005 10:16:49
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader

CrackSpider Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader
Value :

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader.1

CrackSpider Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : addressbar.loader.1
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Value :

WhenU Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{20752c25-2d97-4e6f-9ee2-94b74d202875}

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYE2v3nt

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYS2t3atusOfSInst

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\azesearchco

CrackSpider Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\loaderco

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 43
Objects found so far: 47


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : DisplayIcon

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Blue
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : DisplayIcon

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw Dora
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com"
Category : Vulnerability
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents
Value : DisplayIcon

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Nickelodeon Jigsaw OddParents "http://www.gamehouse.com&quo

Edited by paddyglen2003, 08 May 2005 - 04:40 AM.

  • 0

Advertisements

#2
Rawe
Posted 08 May 2005 - 04:40 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again..

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R43 06.05.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next SahAgent ONLY. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
paddyglen2003
Posted 08 May 2005 - 05:59 AM

paddyglen2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
followed step here is log file


Ad-Aware SE Build 1.05
Logfile Created on:08 May 2005 12:42:37
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):32 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Tracking Cookie(TAC index:3):8 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:39 %
Total physical memory:523756 kb
Available physical memory:203088 kb
Total page file size:1276040 kb
Available on page file:986308 kb
Total virtual memory:2097024 kb
Available virtual memory:2041092 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


08-05-2005 12:42:37 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 596
ThreadCreationTime : 08-05-2005 11:41:29
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 08-05-2005 11:41:31
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 08-05-2005 11:41:32
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 08-05-2005 11:41:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 08-05-2005 11:41:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 980
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 08-05-2005 11:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1292
ThreadCreationTime : 08-05-2005 11:41:35
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1356
ThreadCreationTime : 08-05-2005 11:41:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1368
ThreadCreationTime : 08-05-2005 11:41:36
BasePriority : Normal
FileVersion : 9.35
ProductVersion : 9.35
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1560
ThreadCreationTime : 08-05-2005 11:41:36
BasePriority : Normal


#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1668
ThreadCreationTime : 08-05-2005 11:41:36
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1720
ThreadCreationTime : 08-05-2005 11:41:37
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [ehsched.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1808
ThreadCreationTime : 08-05-2005 11:41:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:19 [ezntsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1876
ThreadCreationTime : 08-05-2005 11:41:40
BasePriority : Normal
FileVersion : 1.0.0.72
ProductVersion : 1.0.0.0
CompanyName : EasyBits Software Corp.
FileDescription : EasyBits Desktop Service for Windows NT
LegalCopyright : EasyBits Software Corp.

#:20 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1972
ThreadCreationTime : 08-05-2005 11:41:40
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 280
ThreadCreationTime : 08-05-2005 11:41:41
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 296
ThreadCreationTime : 08-05-2005 11:41:41
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 08-05-2005 11:41:42
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 588
ThreadCreationTime : 08-05-2005 11:41:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 888
ThreadCreationTime : 08-05-2005 11:41:42
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:26 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1192
ThreadCreationTime : 08-05-2005 11:41:44
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:27 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 1580
ThreadCreationTime : 08-05-2005 11:41:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:28 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2056
ThreadCreationTime : 08-05-2005 11:41:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:29 [aboard.exe]
FilePath : C:\apps\ABoard\
ProcessID : 2072
ThreadCreationTime : 08-05-2005 11:41:47
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : Activboard Application
CompanyName : NEC Computers International
FileDescription : Activboard Application
InternalName : Activboard
LegalCopyright : Copyright © 2003
OriginalFilename : ABoard.exe

#:30 [aosd.exe]
FilePath : C:\apps\ABoard\
ProcessID : 2088
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : ?
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : ActivOSD Application
CompanyName : NEC Computers International
FileDescription : ActivOSD Application
InternalName : ActivOSD
LegalCopyright : Copyright © 2003
OriginalFilename : ActivOSD.exe

#:31 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 2096
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 8.0.3.1112
ProductVersion : 8.0.3.1112
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:32 [vcsplay.exe]
FilePath : C:\Program Files\Virtual CD v4 SDK\system\
ProcessID : 2112
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 4, 5, 0, 6
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD v4
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Player
InternalName : VCSPlay
LegalCopyright : Copyright © 2001-2002 by H+H Software GmbH
OriginalFilename : VCSPlay.EXE

#:33 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2124
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:34 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2140
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:35 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 2164
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:36 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2216
ThreadCreationTime : 08-05-2005 11:41:48
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:37 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 2252
ThreadCreationTime : 08-05-2005 11:41:49
BasePriority : Normal


#:38 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2260
ThreadCreationTime : 08-05-2005 11:41:49
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:39 [dslstat.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 2284
ThreadCreationTime : 08-05-2005 11:41:49
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright © 2002
OriginalFilename : dslstatus.exe

#:40 [dslagent.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 2292
ThreadCreationTime : 08-05-2005 11:41:49
BasePriority : Normal


#:41 [fts.exe]
FilePath : C:\Program Files\VoyagerTest\
ProcessID : 2304
ThreadCreationTime : 08-05-2005 11:41:50
BasePriority : Normal
FileVersion : 1, 0, 2, 2
ProductVersion : 1, 0, 0, 0
ProductName : Friendly Products
CompanyName : Friendly Technologies
FileDescription : fts
InternalName : fts
LegalCopyright : Copyright © 2001 Friendly Technologies
OriginalFilename : fts.exe
Comments : Built 06/05/2003

#:42 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 2316
ThreadCreationTime : 08-05-2005 11:41:50
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:43 [vqtsza.exe]
FilePath : C:\windows\system32\
ProcessID : 2332
ThreadCreationTime : 08-05-2005 11:41:50
BasePriority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

VX2 Object Recognized!
Type : Process
Data : vqtsza.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\windows\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Warning! VX2 Object found in memory(C:\windows\system32\vqtsza.exe)

"C:\windows\system32\vqtsza.exe"Process terminated successfully
"C:\windows\system32\vqtsza.exe"Process terminated successfully

#:44 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 2344
ThreadCreationTime : 08-05-2005 11:41:50
BasePriority : Normal
FileVersion : 2.1.2.0
ProductVersion : 2.1.2.0
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright © Logitech 2000-2004. All rights reserved
OriginalFilename : backweb-8876480.exe
Comments : www.logitech.com/ldm

#:45 [wwdisp.exe]
FilePath : C:\Program Files\Webroot\Washer\
ProcessID : 2408
ThreadCreationTime : 08-05-2005 11:41:51
BasePriority : Normal
FileVersion : 5.5.1.273
ProductVersion : 5.5
ProductName : Window Washer
CompanyName : Webroot Software
FileDescription : Window Washer hard disk cleaning utility
InternalName : wwDisp.exe
LegalCopyright : Copyright © 1999, 2004 All Rights Reserved
LegalTrademarks : Window Washer
OriginalFilename : wwDisp.exe
Comments : Window Washer hard disk cleaning utility

#:46 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 2516
ThreadCreationTime : 08-05-2005 11:41:52
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:47 [aoltray.exe]
FilePath : C:\Program Files\AOL 9.0\
ProcessID : 2716
ThreadCreationTime : 08-05-2005 11:41:57
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:48 [lvcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2740
ThreadCreationTime : 08-05-2005 11:41:57
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:49 [companion.exe]
FilePath : C:\Program Files\AOL Companion\
ProcessID : 2828
ThreadCreationTime : 08-05-2005 11:41:57
BasePriority : Normal
FileVersion : 1, 6, 2, 0
ProductVersion : 1, 6, 2, 0
ProductName : AOL Companion
FileDescription : AOL Companion
InternalName : Companion
LegalCopyright : Copyright 2004
OriginalFilename : Companion.EXE

#:50 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2852
ThreadCreationTime : 08-05-2005 11:41:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:51 [mad.exe]
FilePath : C:\Program Files\AOL\Broadband CheckUp\bin\
ProcessID : 2884
ThreadCreationTime : 08-05-2005 11:41:58
BasePriority : Normal
FileVersion : 5.08.01
ProductVersion : 5.8.1.asst_classic.asst_mad
ProductName : AOL Broadband Check-Up
CompanyName : Motive, Inc.
FileDescription : AOL Broadband Check-Up
InternalName : mad
LegalCopyright : Copyright 1998-2004
OriginalFilename : mad

#:52 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 3304
ThreadCreationTime : 08-05-2005 11:42:03
BasePriority : Normal


#:53 [mpbtn.exe]
FilePath : C:\Program Files\AOL\Broadband CheckUp\bin\
ProcessID : 3344
ThreadCreationTime : 08-05-2005 11:42:03
BasePriority : Normal


#:54 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3360
ThreadCreationTime : 08-05-2005 11:42:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:55 [motive~1.exe]
FilePath : C:\PROGRA~1\Motive\Common\
ProcessID : 3440
ThreadCreationTime : 08-05-2005 11:42:06
BasePriority : Normal
FileVersion : 5.01.00
ProductVersion : 5.8.1.asst_classic.asst_motivedirectory
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Directory
InternalName : motivedirectory
LegalCopyright : Copyright 1998-2003
OriginalFilename : motivedirectory

#:56 [ehmsas.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 3468
ThreadCreationTime : 08-05-2005 11:42:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:57 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3588
ThreadCreationTime : 08-05-2005 11:42:17
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:58 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3620
ThreadCreationTime : 08-05-2005 11:42:30
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYE2v3nt

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3792271717-2330840451-424221463-1004\software\pynix
Value : PYS2t3atusOfSInst

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 32
Objects found so far: 33


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@mediaplex[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:glen [email protected]/
Expires : 22-06-2009 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@doubleclick[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:glen [email protected]/
Expires : 07-05-2008 11:06:58
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@0[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:glen [email protected]/HTM/751/0
Expires : 08-05-2006 10:57:26
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:glen [email protected]/
Expires : 08-05-2007 11:59:30
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@advertising[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:glen [email protected]/
Expires : 07-05-2010 12:00:28
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:glen [email protected]/
Expires : 07-06-2005 12:00:28
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:glen [email protected]/HTM/751/0
Expires : 08-05-2006 10:57:26
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : glen patrick@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:glen [email protected]/
Expires : 01-01-2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 41



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MediaMotor Object Recognized!
Type : File
Data : A0037072.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{7325E54B-AF8F-4F16-80AE-10F9983CDEF9}\RP168\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
22 entries scanned.
New critical objects:0
Objects found so far: 42



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CrackSpider.url
Category : Misc
Comment : Problematic URL discovered: http://www.crackspider.net/?freeseri
Object : C:\Documents and Settings\glen patrick\Favorites\Software\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Visit GameHouse.com.url
Category : Misc
Comment : Problematic URL discovered: http://www.gamehouse.com/
Object : C:\Documents and Settings\glen patrick\Start Menu\Programs\GameHouse\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 45

12:55:37 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:00.312
Objects scanned:158026
Objects identified:45
Objects ignored:0
New critical objects:45
  • 0

#4
Rawe
Posted 08 May 2005 - 06:09 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
22 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:

After restored your hosts file to default, run a rescan with Ad-aware, and post the fresh scanlog. I'll take a look then.
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP