Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Major infection?


  • This topic is locked This topic is locked

#1
finkbubble

finkbubble

    New Member

  • Member
  • Pip
  • 2 posts
I'm a new PC owner and as such i'm totally bamboozled by all this! I had no problems until about 2 days ago and now i seem to be having problems with my internet connection. I often cannot shut down AOL properly and i'm left with windows i cannot get rid of and an unresponsive desktop.
I have no clue what's going on!

Here is my log. Sorry if i've gone about this incorrectly. Like i said, I'm a PC Newbie!


Ad-Aware SE Build 1.05
Logfile Created on:13 May 2005 15:48:23
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
AltnetBDE(TAC index:4):18 total references
CasinoPalazzo(TAC index:5):2 total references
CoolWebSearch(TAC index:10):49 total references
IBIS Toolbar(TAC index:5):135 total references
Other(TAC index:5):5 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
SahAgent(TAC index:9):38 total references
Security iGuard(TAC index:9):1 total references
WindUpdates(TAC index:8):25 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

13-05-2005 15:44:38 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


13-05-2005 15:44:54 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:61 %
Total physical memory:1047852 kb
Available physical memory:633200 kb
Total page file size:2522696 kb
Available on page file:2153568 kb
Total virtual memory:2097024 kb
Available virtual memory:2043616 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


13-05-2005 15:48:23 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 404
ThreadCreationTime : 13-05-2005 14:39:16
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 916
ThreadCreationTime : 13-05-2005 14:39:23
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 940
ThreadCreationTime : 13-05-2005 14:39:23
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 984
ThreadCreationTime : 13-05-2005 14:39:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 996
ThreadCreationTime : 13-05-2005 14:39:24
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1164
ThreadCreationTime : 13-05-2005 14:39:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 13-05-2005 14:39:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1356
ThreadCreationTime : 13-05-2005 14:39:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1380
ThreadCreationTime : 13-05-2005 14:39:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1632
ThreadCreationTime : 13-05-2005 14:39:26
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1664
ThreadCreationTime : 13-05-2005 14:39:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1788
ThreadCreationTime : 13-05-2005 14:39:26
BasePriority : Normal


#:13 [ccproxy.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ProcessID : 1812
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:14 [ccsetmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1856
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\gearsec.exe
Command Line : C:\WINDOWS\System32\gearsec.exe
ProcessID : 1880
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1908
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:17 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "c:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1956
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1984
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 6.14.10.5316
ProductVersion : 6.14.10.5316
ProductName : NVIDIA Driver Helper Service, Version 53.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [savscan.exe]
ModuleName : c:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : "c:\Program Files\Norton AntiVirus\SAVScan.exe"
ProcessID : 2032
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:20 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
ProcessID : 168
ThreadCreationTime : 13-05-2005 14:39:27
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 208
ThreadCreationTime : 13-05-2005 14:39:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 212
ThreadCreationTime : 13-05-2005 14:39:28
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 332
ThreadCreationTime : 13-05-2005 14:39:28
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:24 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 696
ThreadCreationTime : 13-05-2005 14:39:30
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\windows\system\hpsysdrv.exe"Process terminated successfully

#:25 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 704
ThreadCreationTime : 13-05-2005 14:39:30
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"Process terminated successfully

#:26 [hphmon05.exe]
ModuleName : C:\WINDOWS\System32\hphmon05.exe
Command Line : "C:\WINDOWS\System32\hphmon05.exe"
ProcessID : 720
ThreadCreationTime : 13-05-2005 14:39:31
BasePriority : Normal
FileVersion : 5,1,7
ProductVersion : 5,1,7
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\hphmon05.exe"Process terminated successfully

#:27 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 728
ThreadCreationTime : 13-05-2005 14:39:31
BasePriority : High

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\HP\KBD\KBD.EXE"Process terminated successfully

#:28 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 736
ThreadCreationTime : 13-05-2005 14:39:31
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iTunesHelper.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully

#:29 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 832
ThreadCreationTime : 13-05-2005 14:39:31
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:30 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 840
ThreadCreationTime : 13-05-2005 14:39:31
BasePriority : Normal
FileVersion : 2.1.37.8 2.1.37.8 02/27/2004 17:07:44
ProductVersion : 2.1.37.8 2.1.37.8 02/27/2004 17:07:44
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\AGRSMMSG.exe"Process terminated successfully

#:31 [dslstat.exe]
ModuleName : C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
Command Line : "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
ProcessID : 1248
ThreadCreationTime : 13-05-2005 14:39:32
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright © 2002
OriginalFilename : dslstatus.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe"Process terminated successfully

#:32 [dslagent.exe]
ModuleName : C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
Command Line : "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
ProcessID : 1304
ThreadCreationTime : 13-05-2005 14:39:32
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"Process terminated successfully

#:33 [fts.exe]
ModuleName : C:\Program Files\VoyagerTest\fts.exe
Command Line : "C:\Program Files\VoyagerTest\fts.exe"
ProcessID : 1312
ThreadCreationTime : 13-05-2005 14:39:32
BasePriority : Normal
FileVersion : 1, 0, 2, 2
ProductVersion : 1, 0, 0, 0
ProductName : Friendly Products
CompanyName : Friendly Technologies
FileDescription : fts
InternalName : fts
LegalCopyright : Copyright © 2001 Friendly Technologies
OriginalFilename : fts.exe
Comments : Built 06/05/2003
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\VoyagerTest\fts.exe"Process terminated successfully

#:34 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 1444
ThreadCreationTime : 13-05-2005 14:39:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\rundll32.exe"Process terminated successfully

#:35 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 1460
ThreadCreationTime : 13-05-2005 14:39:33
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:36 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1576
ThreadCreationTime : 13-05-2005 14:39:35
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully

#:37 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 2932
ThreadCreationTime : 13-05-2005 14:39:37
BasePriority : Normal
FileVersion : 9.00.0609.0
ProductVersion : 9.00.0609.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:38 [jupitco.exe]
ModuleName : C:\WINDOWS\System32\JupitCo.exe
Command Line : "C:\WINDOWS\System32\JupitCo.exe"
ProcessID : 3060
ThreadCreationTime : 13-05-2005 14:39:38
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : PROLIFIC USB SECURITY DEVICE
CompanyName : Prolific Technology Inc.
FileDescription : PROLIFIC USB SECURITY DEVICE AP
InternalName : JupitCo.EXE
LegalCopyright : Copyright © 2001 Prolific Technology Inc.
OriginalFilename : JupitCo.exe

#:39 [vsnpstd.exe]
ModuleName : C:\WINDOWS\vsnpstd.exe
Command Line : "C:\WINDOWS\vsnpstd.exe"
ProcessID : 3184
ThreadCreationTime : 13-05-2005 14:39:38
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright © 2003
OriginalFilename : CameraMonitor.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\vsnpstd.exe"Process terminated successfully

#:40 [dvd43_tray.exe]
ModuleName : C:\Program Files\dvd43\dvd43_tray.exe
Command Line : "C:\Program Files\dvd43\dvd43_tray.exe"
ProcessID : 3292
ThreadCreationTime : 13-05-2005 14:39:42
BasePriority : Normal
FileVersion : 1.3.0.54
ProductVersion : 1.0.0.0
ProductName : DVD43
CompanyName : Captain Red
FileDescription : Inline DVD Decryption engine
InternalName : DVD FOR FREE
LegalCopyright : Captain Red 2003
LegalTrademarks : Captain Red 2003
OriginalFilename : dvd43_tray.exe
Comments : Please use this software on a fair use basis. This software is FREE - No charges must be paid to obtain it.
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\dvd43\dvd43_tray.exe"Process terminated successfully

#:41 [anydvd.exe]
ModuleName : C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
Command Line : "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
ProcessID : 3340
ThreadCreationTime : 13-05-2005 14:39:42
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"Process terminated successfully

#:42 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 3348
ThreadCreationTime : 13-05-2005 14:39:43
BasePriority : Normal
FileVersion : 1, 0, 0, 73
ProductVersion : 1, 0, 0, 73
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"Process terminated successfully

#:43 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 3384
ThreadCreationTime : 13-05-2005 14:39:44
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully

#:44 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 3400
ThreadCreationTime : 13-05-2005 14:39:44
BasePriority : Normal


#:45 [atwtusb.exe]
ModuleName : C:\WINDOWS\System32\atwtusb.exe
Command Line : "C:\WINDOWS\System32\atwtusb.exe" beta
ProcessID : 3488
ThreadCreationTime : 13-05-2005 14:39:45
BasePriority : Realtime
FileVersion : 2, 21, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : Tablet HID
CompanyName : Aiptek
FileDescription : Tablet HID
InternalName : Tablet
LegalCopyright : Copyright © 1999
OriginalFilename : usbtablet.exe
Comments : USB
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\atwtusb.exe"Process terminated successfully

#:46 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3496
ThreadCreationTime : 13-05-2005 14:39:45
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:47 [mediaacck.exe]
ModuleName : C:\Program Files\Media Access\MediaAccK.exe
Command Line : "C:\Program Files\Media Access\MediaAccK.exe"
ProcessID : 3504
ThreadCreationTime : 13-05-2005 14:39:45
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Media Access\MediaAccK.exe"Process terminated successfully

#:48 [mediaaccess.exe]
ModuleName : C:\Program Files\Media Access\MediaAccess.exe
Command Line : "C:\Program Files\Media Access\MediaAccess.exe"
ProcessID : 3524
ThreadCreationTime : 13-05-2005 14:39:46
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE

WindUpdates Object Recognized!
Type : Process
Data : MediaAccC.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Media Access\


Warning! WindUpdates Object found in memory(C:\Program Files\Media Access\MediaAccC.dll)

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Media Access\MediaAccess.exe"Process terminated successfully

#:49 [gah95on6.exe]
ModuleName : C:\WINDOWS\System32\gah95on6.exe
Command Line : "C:\WINDOWS\System32\gah95on6.exe"
ProcessID : 3536
ThreadCreationTime : 13-05-2005 14:39:46
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\gah95on6.exe)

SahAgent Object Recognized!
Type : Process
Data : gah95on6.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

"C:\WINDOWS\System32\gah95on6.exe"Process terminated successfully
"C:\WINDOWS\System32\gah95on6.exe"Process terminated successfully

#:50 [tblmouse.exe]
ModuleName : C:\WINDOWS\System32\TBLMOUSE.EXE
Command Line : TBLMOUSE.EXE U
ProcessID : 3632
ThreadCreationTime : 13-05-2005 14:39:48
BasePriority : Normal
FileVersion : 5, 2, 5, 2000
ProductVersion : 1, 0, 0, 1
ProductName : Tblmouse
FileDescription : Tblmouse
InternalName : Tblmouse
LegalCopyright : Copyright c 1999
OriginalFilename : Tblmouse.exe
Comments : All
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\WINDOWS\System32\TBLMOUSE.EXE"Process terminated successfully

#:51 [tca.exe]
ModuleName : C:\Program Files\The Cleaner\tca.exe
Command Line : "C:\Program Files\The Cleaner\tca.exe"
ProcessID : 3656
ThreadCreationTime : 13-05-2005 14:39:48
BasePriority : Normal
FileVersion : 3.1.0.3073
ProductVersion : 3.1.0.0
ProductName : TCActive
CompanyName : MooSoft Development
FileDescription : The Cleaner Active Process Monitor
InternalName : TCActive!
LegalCopyright : © 2000-2004 MooSoft Development
OriginalFilename : tca.exe
Comments : http://www.moosoft.com

#:52 [tcm.exe]
ModuleName : C:\Program Files\The Cleaner\tcm.exe
Command Line : "C:\Program Files\The Cleaner\tcm.exe"
ProcessID : 3900
ThreadCreationTime : 13-05-2005 14:39:52
BasePriority : Normal
FileVersion : 2.1.0.2043
ProductVersion : 2.1.0.0
ProductName : TC Monitor
CompanyName : MooSoft Development
FileDescription : The Cleaner Registry and File Monitor
InternalName : TCMonitor
LegalCopyright : 2000-2004 MooSoft Development
OriginalFilename : tcm.exe
Comments : http://www.moosoft.com

#:53 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 3956
ThreadCreationTime : 13-05-2005 14:39:52
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:54 [p2p networking.exe]
ModuleName : C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 4092
ThreadCreationTime : 13-05-2005 14:39:57
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:55 [wtoolsa.exe]
ModuleName : C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Command Line : "C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"
ProcessID : 444
ThreadCreationTime : 13-05-2005 14:39:59
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\COMMON~1\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe)

"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully

#:56 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1332
ThreadCreationTime : 13-05-2005 14:40:00
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:57 [pchbutton.exe]
ModuleName : C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
Command Line : "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe"
ProcessID : 2100
ThreadCreationTime : 13-05-2005 14:40:03
BasePriority : Normal
FileVersion : 4.12.0.pchealthclient.pchclient.20030625_085000
ProductVersion : 4.12.0.pchealthclient.pchclient
ProductName : Motive System
CompanyName : Motive Communications, Inc.
InternalName : PCHButton
LegalCopyright : Copyright 1998-2003
OriginalFilename : PCHButton
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe"Process terminated successfully

#:58 [wsup.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WSup.exe
Command Line : "C:\Program Files\Common Files\WinTools\WSup.exe"
ProcessID : 2148
ThreadCreationTime : 13-05-2005 14:40:07
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)

"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully

#:59 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2288
ThreadCreationTime : 13-05-2005 14:40:11
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:60 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2404
ThreadCreationTime : 13-05-2005 14:40:15
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:61 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1544
ThreadCreationTime : 13-05-2005 14:40:42
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:62 [waol.exe]
ModuleName : C:\Program Files\AOL 9.0\waol.exe
Command Line : "C:\Program Files\AOL 9.0\waol.exe"
ProcessID : 484
ThreadCreationTime : 13-05-2005 14:41:06
BasePriority : Normal


#:63 [shellmon.exe]
ModuleName : C:\Program Files\AOL 9.0\shellmon.exe
Command Line : "C:\Program Files\AOL 9.0\shellmon.exe"
ProcessID : 1700
ThreadCreationTime : 13-05-2005 14:41:11
BasePriority : Normal


#:64 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\aoltpspd.exe
Command Line : -p11523 -S256 -s443 -l443 -G"C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\vph.ph" -c1 -Z -H484
ProcessID : 668
ThreadCreationTime : 13-05-2005 14:41:11
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : [v1.1-4] On Tue 03/16/2004 21:24:09.18
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\2b3fsk0h.dll)

SahAgent Object Recognized!
Type : Process
Data : 2b3fsk0h.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Common Files\AOL\aoltpspd.exe"Process terminated successfully

#:65 [iexplore.exe]
ModuleName : C:\program files\internet explorer\iexplore.exe
Command Line : "C:\program files\internet explorer\iexplore.exe" "C:\WINDOWS\System32\inf0ee2p.html"
ProcessID : 2656
ThreadCreationTime : 13-05-2005 14:42:13
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:66 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3108
ThreadCreationTime : 13-05-2005 14:44:25
BasePriorit
  • 0

Advertisements


#2
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Good evening!


Lets try this below and see if we can make things better :tazz:

First go to control panel > add/remove programs and look for "Media Access", "Web Search Toolbar", "Win-Tools Easy Installer (By Web Search)", "ShopAtHomeSelect Agent" and "Security iGuard" If you find them please uninstall/remove and read the instructions very carefully! You may have to be connected to the internet for some of them during the removal

Launch Ad-Aware SE and update!

Then click on the gear to access the Configuration Menu.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Run a full system scan

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to "SahAgent" ONLY. Click next, Click OK. If Adaware ask you to reboot please do so

Please shutdown/restart your computer after removal, run a new full scan and delete the rest found.

Reboot once more and scan again

Then copy & paste the complete log file here. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Good luck!
Mannen

Edited by Mannen, 13 May 2005 - 03:55 PM.

  • 0

#3
finkbubble

finkbubble

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi there. I followed your instructions and everything seems fine now.
Here is my log..

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:57 %
Total physical memory:1047852 kb
Available physical memory:589516 kb
Total page file size:2522696 kb
Available on page file:2248024 kb
Total virtual memory:2097024 kb
Available virtual memory:2030268 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


17-05-2005 11:12:06 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 636
ThreadCreationTime : 17-05-2005 09:46:54
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 916
ThreadCreationTime : 17-05-2005 09:47:01
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 940
ThreadCreationTime : 17-05-2005 09:47:01
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 984
ThreadCreationTime : 17-05-2005 09:47:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 996
ThreadCreationTime : 17-05-2005 09:47:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1164
ThreadCreationTime : 17-05-2005 09:47:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 17-05-2005 09:47:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1324
ThreadCreationTime : 17-05-2005 09:47:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1372
ThreadCreationTime : 17-05-2005 09:47:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1640
ThreadCreationTime : 17-05-2005 09:47:04
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1668
ThreadCreationTime : 17-05-2005 09:47:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1800
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal


#:13 [ccproxy.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
ProcessID : 1824
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:14 [ccsetmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1836
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\gearsec.exe
Command Line : C:\WINDOWS\System32\gearsec.exe
ProcessID : 1868
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1928
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:17 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "c:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1964
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 2000
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal
FileVersion : 6.14.10.5316
ProductVersion : 6.14.10.5316
ProductName : NVIDIA Driver Helper Service, Version 53.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 53.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [savscan.exe]
ModuleName : c:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : "c:\Program Files\Norton AntiVirus\SAVScan.exe"
ProcessID : 2044
ThreadCreationTime : 17-05-2005 09:47:05
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:20 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
ProcessID : 188
ThreadCreationTime : 17-05-2005 09:47:06
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 228
ThreadCreationTime : 17-05-2005 09:47:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 252
ThreadCreationTime : 17-05-2005 09:47:06
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 360
ThreadCreationTime : 17-05-2005 09:47:06
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:24 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 604
ThreadCreationTime : 17-05-2005 09:47:08
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:25 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 620
ThreadCreationTime : 17-05-2005 09:47:08
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:26 [hphmon05.exe]
ModuleName : C:\WINDOWS\System32\hphmon05.exe
Command Line : "C:\WINDOWS\System32\hphmon05.exe"
ProcessID : 668
ThreadCreationTime : 17-05-2005 09:47:08
BasePriority : Normal
FileVersion : 5,1,7
ProductVersion : 5,1,7
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe

#:27 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 676
ThreadCreationTime : 17-05-2005 09:47:08
BasePriority : High


#:28 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 704
ThreadCreationTime : 17-05-2005 09:47:09
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iTunesHelper.exe

#:29 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 764
ThreadCreationTime : 17-05-2005 09:47:09
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:30 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 772
ThreadCreationTime : 17-05-2005 09:47:09
BasePriority : Normal
FileVersion : 2.1.37.8 2.1.37.8 02/27/2004 17:07:44
ProductVersion : 2.1.37.8 2.1.37.8 02/27/2004 17:07:44
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:31 [dslstat.exe]
ModuleName : C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
Command Line : "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
ProcessID : 1272
ThreadCreationTime : 17-05-2005 09:47:09
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright © 2002
OriginalFilename : dslstatus.exe

#:32 [dslagent.exe]
ModuleName : C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
Command Line : "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
ProcessID : 1304
ThreadCreationTime : 17-05-2005 09:47:09
BasePriority : Normal


#:33 [fts.exe]
ModuleName : C:\Program Files\VoyagerTest\fts.exe
Command Line : "C:\Program Files\VoyagerTest\fts.exe"
ProcessID : 1044
ThreadCreationTime : 17-05-2005 09:47:10
BasePriority : Normal
FileVersion : 1, 0, 2, 2
ProductVersion : 1, 0, 0, 0
ProductName : Friendly Products
CompanyName : Friendly Technologies
FileDescription : fts
InternalName : fts
LegalCopyright : Copyright © 2001 Friendly Technologies
OriginalFilename : fts.exe
Comments : Built 06/05/2003

#:34 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 1472
ThreadCreationTime : 17-05-2005 09:47:10
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:35 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 1496
ThreadCreationTime : 17-05-2005 09:47:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:36 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1540
ThreadCreationTime : 17-05-2005 09:47:10
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:37 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 1860
ThreadCreationTime : 17-05-2005 09:47:10
BasePriority : Normal
FileVersion : 9.00.0609.0
ProductVersion : 9.00.0609.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2003 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:38 [jupitco.exe]
ModuleName : C:\WINDOWS\System32\JupitCo.exe
Command Line : "C:\WINDOWS\System32\JupitCo.exe"
ProcessID : 2064
ThreadCreationTime : 17-05-2005 09:47:11
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : PROLIFIC USB SECURITY DEVICE
CompanyName : Prolific Technology Inc.
FileDescription : PROLIFIC USB SECURITY DEVICE AP
InternalName : JupitCo.EXE
LegalCopyright : Copyright © 2001 Prolific Technology Inc.
OriginalFilename : JupitCo.exe

#:39 [vsnpstd.exe]
ModuleName : C:\WINDOWS\vsnpstd.exe
Command Line : "C:\WINDOWS\vsnpstd.exe"
ProcessID : 2092
ThreadCreationTime : 17-05-2005 09:47:11
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright © 2003
OriginalFilename : CameraMonitor.EXE

#:40 [dvd43_tray.exe]
ModuleName : C:\Program Files\dvd43\dvd43_tray.exe
Command Line : "C:\Program Files\dvd43\dvd43_tray.exe"
ProcessID : 2352
ThreadCreationTime : 17-05-2005 09:47:12
BasePriority : Normal
FileVersion : 1.3.0.54
ProductVersion : 1.0.0.0
ProductName : DVD43
CompanyName : Captain Red
FileDescription : Inline DVD Decryption engine
InternalName : DVD FOR FREE
LegalCopyright : Captain Red 2003
LegalTrademarks : Captain Red 2003
OriginalFilename : dvd43_tray.exe
Comments : Please use this software on a fair use basis. This software is FREE - No charges must be paid to obtain it.

#:41 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 2472
ThreadCreationTime : 17-05-2005 09:47:12
BasePriority : Normal
FileVersion : 1, 0, 0, 73
ProductVersion : 1, 0, 0, 73
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:42 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2496
ThreadCreationTime : 17-05-2005 09:47:12
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:43 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 2536
ThreadCreationTime : 17-05-2005 09:47:13
BasePriority : Normal


#:44 [atwtusb.exe]
ModuleName : C:\WINDOWS\System32\atwtusb.exe
Command Line : "C:\WINDOWS\System32\atwtusb.exe" beta
ProcessID : 2584
ThreadCreationTime : 17-05-2005 09:47:13
BasePriority : Realtime
FileVersion : 2, 21, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : Tablet HID
CompanyName : Aiptek
FileDescription : Tablet HID
InternalName : Tablet
LegalCopyright : Copyright © 1999
OriginalFilename : usbtablet.exe
Comments : USB

#:45 [tca.exe]
ModuleName : C:\Program Files\The Cleaner\tca.exe
Command Line : "C:\Program Files\The Cleaner\tca.exe"
ProcessID : 2652
ThreadCreationTime : 17-05-2005 09:47:13
BasePriority : Normal
FileVersion : 3.1.0.3073
ProductVersion : 3.1.0.0
ProductName : TCActive
CompanyName : MooSoft Development
FileDescription : The Cleaner Active Process Monitor
InternalName : TCActive!
LegalCopyright : © 2000-2004 MooSoft Development
OriginalFilename : tca.exe
Comments : http://www.moosoft.com

#:46 [anydvd.exe]
ModuleName : C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
Command Line : "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
ProcessID : 2684
ThreadCreationTime : 17-05-2005 09:47:13
BasePriority : Normal


#:47 [tcm.exe]
ModuleName : C:\Program Files\The Cleaner\tcm.exe
Command Line : "C:\Program Files\The Cleaner\tcm.exe"
ProcessID : 2708
ThreadCreationTime : 17-05-2005 09:47:14
BasePriority : Normal
FileVersion : 2.1.0.2043
ProductVersion : 2.1.0.0
ProductName : TC Monitor
CompanyName : MooSoft Development
FileDescription : The Cleaner Registry and File Monitor
InternalName : TCMonitor
LegalCopyright : 2000-2004 MooSoft Development
OriginalFilename : tcm.exe
Comments : http://www.moosoft.com

#:48 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 2768
ThreadCreationTime : 17-05-2005 09:47:14
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:49 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3644
ThreadCreationTime : 17-05-2005 09:47:16
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:50 [win32.exe]
ModuleName : C:\WINDOWS\win32.exe
Command Line : "C:\WINDOWS\win32.exe"
ProcessID : 3720
ThreadCreationTime : 17-05-2005 09:47:16
BasePriority : Normal


#:51 [p2p networking.exe]
ModuleName : C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 3776
ThreadCreationTime : 17-05-2005 09:47:17
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:52 [tblmouse.exe]
ModuleName : C:\WINDOWS\System32\TBLMOUSE.EXE
Command Line : TBLMOUSE.EXE U
ProcessID : 4000
ThreadCreationTime : 17-05-2005 09:47:18
BasePriority : Normal
FileVersion : 5, 2, 5, 2000
ProductVersion : 1, 0, 0, 1
ProductName : Tblmouse
FileDescription : Tblmouse
InternalName : Tblmouse
LegalCopyright : Copyright c 1999
OriginalFilename : Tblmouse.exe
Comments : All

#:53 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 4028
ThreadCreationTime : 17-05-2005 09:47:19
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:54 [pchbutton.exe]
ModuleName : C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
Command Line : "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe"
ProcessID : 4068
ThreadCreationTime : 17-05-2005 09:47:19
BasePriority : Normal
FileVersion : 4.12.0.pchealthclient.pchclient.20030625_085000
ProductVersion : 4.12.0.pchealthclient.pchclient
ProductName : Motive System
CompanyName : Motive Communications, Inc.
InternalName : PCHButton
LegalCopyright : Copyright 1998-2003
OriginalFilename : PCHButton

#:55 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1248
ThreadCreationTime : 17-05-2005 09:47:23
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:56 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 1332
ThreadCreationTime : 17-05-2005 09:47:24
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:57 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2596
ThreadCreationTime : 17-05-2005 09:50:43
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:58 [acrord32.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe" "C:\Documents and Settings\Owner\My Documents\Downloads\Banachek - PreThoughts.pdf"
ProcessID : 3092
ThreadCreationTime : 17-05-2005 10:00:41
BasePriority : Normal
FileVersion : 6.0.1.2003110300
ProductVersion : 6.0.1.2003110300
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe

#:59 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\wisptis.exe
Command Line : "C:\WINDOWS\System32\wisptis.exe" -Embedding
ProcessID : 2704
ThreadCreationTime : 17-05-2005 10:00:47
BasePriority : High
FileVersion : 1.7.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 1.7.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2003 Microsoft Corp.
OriginalFilename : WISPTIS.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


11:20:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:26.844
Objects scanned:172195
Objects identified:0
Objects ignored:0
New critical objects:0

Thank you very, very much for your help.... :tazz:
  • 0

#4
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings!


This is a clean log!

But to be on the safe side please update Adaware and scan again.
ONLY post a new log if Adaware finds something. Tracking cookies are no security threat

Cheers
Mannen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP