hi,
thanks for replying. i've updated ad-aware.
here's my latest logfile:
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 14, 2005 11:58:54 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
CommonName(TAC index:7):3 total references
CoolWebSearch(TAC index:10):47 total references
MicroGaming(TAC index:4):1 total references
Security iGuard(TAC index:9):3 total references
Tracking Cookie(TAC index:3):2 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:12 %
Total physical memory:261684 kb
Available physical memory:30412 kb
Total page file size:633592 kb
Available on page file:383084 kb
Total virtual memory:2097024 kb
Available virtual memory:2046800 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-14-2005 11:58:54 AM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 456
ThreadCreationTime : 5-14-2005 6:26:46 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 504
ThreadCreationTime : 5-14-2005 6:26:50 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 528
ThreadCreationTime : 5-14-2005 6:26:52 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 572
ThreadCreationTime : 5-14-2005 6:26:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 584
ThreadCreationTime : 5-14-2005 6:26:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 744
ThreadCreationTime : 5-14-2005 6:26:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 804
ThreadCreationTime : 5-14-2005 6:26:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 880
ThreadCreationTime : 5-14-2005 6:26:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 956
ThreadCreationTime : 5-14-2005 6:26:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1084
ThreadCreationTime : 5-14-2005 6:26:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1304
ThreadCreationTime : 5-14-2005 6:27:00 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1480
ThreadCreationTime : 5-14-2005 6:27:02 PM
BasePriority : Normal
#:13 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : "C:\WINDOWS\System32\shnlog.exe"
ProcessID : 1488
ThreadCreationTime : 5-14-2005 6:27:03 PM
BasePriority : Normal
ProductVersion : 1.7
#:14 [popuper.exe]
ModuleName : C:\WINDOWS\popuper.exe
Command Line : "C:\WINDOWS\popuper.exe"
ProcessID : 1496
ThreadCreationTime : 5-14-2005 6:27:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe
#:15 [delttray.exe]
ModuleName : C:\WINDOWS\System32\DeltTray.exe
Command Line : "C:\WINDOWS\System32\DeltTray.exe"
ProcessID : 1528
ThreadCreationTime : 5-14-2005 6:27:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : CMControl Application
FileDescription : CMControl MFC Application
InternalName : CMControl
LegalCopyright : Copyright © 1999
OriginalFilename : CMControl.EXE
#:16 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1568
ThreadCreationTime : 5-14-2005 6:27:03 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:17 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 1580
ThreadCreationTime : 5-14-2005 6:27:03 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:18 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1588
ThreadCreationTime : 5-14-2005 6:27:04 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:19 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1600
ThreadCreationTime : 5-14-2005 6:27:04 PM
BasePriority : Normal
#:20 [type32.exe]
ModuleName : C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
Command Line : "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
ProcessID : 1612
ThreadCreationTime : 5-14-2005 6:27:04 PM
BasePriority : Normal
#:21 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1620
ThreadCreationTime : 5-14-2005 6:27:04 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:22 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1636
ThreadCreationTime : 5-14-2005 6:27:05 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:23 [intmonp.exe]
ModuleName : C:\WINDOWS\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1668
ThreadCreationTime : 5-14-2005 6:27:05 PM
BasePriority : Normal
#:24 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe" -cnetwait.odl
ProcessID : 1752
ThreadCreationTime : 5-14-2005 6:27:07 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:25 [bsw.exe]
ModuleName : C:\bsw.exe
Command Line : "C:\bsw.exe"
ProcessID : 1776
ThreadCreationTime : 5-14-2005 6:27:07 PM
BasePriority : Normal
#:26 [spysub.exe]
ModuleName : C:\Program Files\interMute\SpySubtract\SpySub.exe
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 1848
ThreadCreationTime : 5-14-2005 6:27:09 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe
#:27 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 1868
ThreadCreationTime : 5-14-2005 6:27:09 PM
BasePriority : Normal
#:28 [msdtc.exe]
ModuleName : C:\WINDOWS\System32\msdtc.exe
Command Line : C:\WINDOWS\System32\msdtc.exe
ProcessID : 1876
ThreadCreationTime : 5-14-2005 6:27:09 PM
BasePriority : Normal
FileVersion : 2001.12.4414.42
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows is a trademark of Microsoft Corporation
#:29 [explorer.exe]
ModuleName : C:\Documents and Settings\rick\Start Menu\Programs\Startup\explorer.exe
Command Line : "C:\Documents and Settings\rick\Start Menu\Programs\Startup\explorer.exe"
ProcessID : 1904
ThreadCreationTime : 5-14-2005 6:27:10 PM
BasePriority : Normal
FileVersion : 1, 0, 25, 10
ProductVersion : 1, 0, 25, 10
ProductName : AutoHotkey
FileDescription : AutoHotkey
InternalName : AutoHotkey
LegalCopyright : Copyright © 2005
OriginalFilename : AutoHotkey.rc
#:30 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 124
ThreadCreationTime : 5-14-2005 6:27:21 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:31 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 220
ThreadCreationTime : 5-14-2005 6:27:23 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:32 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 256
ThreadCreationTime : 5-14-2005 6:27:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:33 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 344
ThreadCreationTime : 5-14-2005 6:27:23 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:34 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 384
ThreadCreationTime : 5-14-2005 6:27:24 PM
BasePriority : Normal
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
ProductName : NVIDIA Driver Helper Service, Version 30.82
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:35 [r_server.exe]
ModuleName : C:\WINDOWS\System32\r_server.exe
Command Line : "C:\WINDOWS\System32\r_server.exe" /service
ProcessID : 412
ThreadCreationTime : 5-14-2005 6:27:24 PM
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 2, 2, 0, 0
ProductName : Remote Administrator
FileDescription : Remote control tool
InternalName : R_server
LegalCopyright : Software and all its components Copyright © 1999-2004 Dmitri Znosko. All rights reserved.
LegalTrademarks : Radmin, Remote Administrator
OriginalFilename : R_server.exe
Comments : Server part
#:36 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 1172
ThreadCreationTime : 5-14-2005 6:27:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
#:37 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 1232
ThreadCreationTime : 5-14-2005 6:27:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.28 (xpclnt_qfe.010827-1803)
ProductVersion : 5.1.2600.28
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
#:38 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1284
ThreadCreationTime : 5-14-2005 6:27:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:39 [mqsvc.exe]
ModuleName : C:\WINDOWS\System32\mqsvc.exe
Command Line : C:\WINDOWS\System32\mqsvc.exe
ProcessID : 1340
ThreadCreationTime : 5-14-2005 6:27:44 PM
BasePriority : Normal
FileVersion : 5.01.1020
ProductVersion : 5.01.1020
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Message Queuing Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT is a trademark of Microsoft Corporation
OriginalFilename : MQSVC.EXE
#:40 [mqtgsvc.exe]
ModuleName : C:\WINDOWS\System32\mqtgsvc.exe
Command Line : C:\WINDOWS\System32\mqtgsvc.exe
ProcessID : 2252
ThreadCreationTime : 5-14-2005 6:27:50 PM
BasePriority : Normal
FileVersion : 5.01.1020
ProductVersion : 5.01.1020
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Windows NT MSMQ Trigger Service
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT is a trademark of Microsoft Corporation
OriginalFilename : QMTGSVC.EXE
#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3292
ThreadCreationTime : 5-14-2005 6:52:50 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b599c57e-113a-4488-a5e9-bc552c4f1152}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
Value : InprocServer32
MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1417001333-838170752-725345543-1003\software\microgaming
Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Security iGuard Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Value : MGuid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1417001333-838170752-725345543-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 14
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rick@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 5-13-2010 11:42:56 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 6-13-2005 11:42:56 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 16
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 16
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9d573d0e-663c-435f-bf31-2c4497373c41}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9d573d0e-663c-435f-bf31-2c4497373c41}
Value :
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\run
Value : WindowsFY
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : NoDispAppearancePage
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\system
Value : WallpaperStyle
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank
CoolWebSearch Object Recognized!
Type : RegData
Data : C:\wp.bmp
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : control panel\desktop
Value : Wallpaper
Data : C:\wp.bmp
CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\Online Pharmacy
CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\Adult
CoolWebSearch Object Recognized!
Type : File
Data : wp.bmp
Category : Malware
Comment :
Object : c:\
CoolWebSearch Object Recognized!
Type : File
Data : Adipex.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Alprazolam.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Ambien.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Carisoprodol.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Celebrex.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Cipro.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Clonazepam.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Codeine.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Diazepam.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Hydrocodone.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Lipitor.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Lorazepam.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Lorcet.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Lortab.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Norco.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Online Pharmacy.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Paxil.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Prozac.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Ritalin.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Steroids.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Ultram.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Valium.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Viagra.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Vicodin.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Xanax.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Zithromax.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Zoloft.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
CoolWebSearch Object Recognized!
Type : File
Data : Zyban.url
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Favorites\online pharmacy\
Security iGuard Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\rick\Application Data\Rex-Services
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 44
Objects found so far: 60
12:28:46 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:51.734
Objects scanned:186781
Objects identified:60
Objects ignored:0
New critical objects:60
Reanalyzing scan result
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
The following objects have been removed from the result list:
C:\Documents and Settings\rick\Favorites\Adult
C:\Documents and Settings\rick\Application Data\Rex-Services
thanks!