[kbstarzz]

This virus keeps coming back! How do I get rid of it?? Here's my ad-aware log...

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Saturday, May 14, 2005 10:23:57 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R315 06.06.2004
______________________________________________________

Edited to save confusion Please Update to Ad-aware SE Build 1.05 (Free/Personal

Edited by GR@PH;<'S, 14 May 2005 - 09:33 AM.

[Advertisements]

kbstarzz,
You need to uninstall your copy of Ad-Aware 6 as there is a newer version Ad-aware SE Build 105 (Free/Personal) once you have done that please use the WebUpDate to get Latest Definition file (SE1R45.13.05.2005)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
then do a scan and once it has finished post a full copy of your log here so that some one can help.
Open Ad-aware
Click the WebUpDate button at the top right hand side of the Ad-aware screen (The world globe).
If the server is busy and you are having problems getting the Definition file then you can always download it manually
Then scan with Ad-ware by doing a "Full Scan"When the scan is complete click Show Log
Right click in the window and click Select all
Right click in the window again and select Copy
Start your post here,
Right click in the text area and select 'Paste'.

Here’s how to copy your Ad-aware log
click my computer
click local C Drive
then Click Program Files
then Click Lavasoft
then click Ad-aware SE
and then Logs,
find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
GR@PH;<'S

Edited by GR@PH;<'S, 14 May 2005 - 03:55 PM.

[GR@PH;<'S]

kbstarzz,
You need to uninstall your copy of Ad-Aware 6 as there is a newer version Ad-aware SE Build 105 (Free/Personal) once you have done that please use the WebUpDate to get Latest Definition file (SE1R45.13.05.2005)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
then do a scan and once it has finished post a full copy of your log here so that some one can help.
Open Ad-aware
Click the WebUpDate button at the top right hand side of the Ad-aware screen (The world globe).
If the server is busy and you are having problems getting the Definition file then you can always download it manually
Then scan with Ad-ware by doing a "Full Scan"When the scan is complete click Show Log
Right click in the window and click Select all
Right click in the window again and select Copy
Start your post here,
Right click in the text area and select 'Paste'.

Here’s how to copy your Ad-aware log
click my computer
click local C Drive
then Click Program Files
then Click Lavasoft
then click Ad-aware SE
and then Logs,
find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
GR@PH;<'S

Edited by GR@PH;<'S, 14 May 2005 - 03:55 PM.

[kbstarzz]

Ok I updated and this is my new log..

ArchiveData(auto-quarantine- 2005-05-14 17-21-59.bckp)
Referencefile : SE1R45 13.05.2005
=====================================================
Edited just to save confusion Wrong log file posted

Edited by GR@PH;<'S, 14 May 2005 - 04:03 PM.

[GR@PH;<'S]

kbstarzz,
Unfortunately you appear to have posted the wrong log for us you have posted your quarantine log file we need you to post the log file from your "Full Scan" here by using the "Add-reply" feature
If needed here how to post your Ad-aware Logfile
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default
GR@PH;<'S

[kbstarzz]

OK, I think I got it this time...

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 14, 2005 4:44:43 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):1 total references
Adintelligence.AproposToolbar(TAC index:5):27 total references
BargainBuddy(TAC index:8):12 total references
DyFuCA(TAC index:3):6 total references
MRU List(TAC index:0):38 total references
Other(TAC index:5):4 total references
PeopleOnPage(TAC index:9):60 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Rads01.Quadrogram(TAC index:6):2 total references
SahAgent(TAC index:9):4 total references
Softomate Toolbar(TAC index:9):6 total references
Tracking Cookie(TAC index:3):20 total references
WindUpdates(TAC index:8):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-14-2005 4:44:43 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\student\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\student\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 792
ThreadCreationTime : 5-13-2005 6:52:56 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 5-13-2005 6:53:01 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 5-13-2005 6:53:03 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-13-2005 6:53:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 5-13-2005 6:53:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 5-13-2005 6:53:05 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 5-13-2005 6:53:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1204
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1312
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1668
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1700
ThreadCreationTime : 5-13-2005 6:53:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1828
ThreadCreationTime : 5-13-2005 6:53:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 5-13-2005 6:53:16 PM
BasePriority : Normal


#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 660
ThreadCreationTime : 5-13-2005 6:53:17 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 776
ThreadCreationTime : 5-13-2005 6:53:17 PM
BasePriority : Normal


#:19 [basfipm.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 484
ThreadCreationTime : 5-13-2005 6:53:17 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:20 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 816
ThreadCreationTime : 5-13-2005 6:53:18 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:21 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 908
ThreadCreationTime : 5-13-2005 6:53:18 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 5-13-2005 6:53:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1392
ThreadCreationTime : 5-13-2005 6:53:20 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:24 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1520
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal


#:25 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal
FileVersion : 3.40.67.0
ProductVersion : 3.40.67.0
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Computer Corporation
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:26 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1556
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:27 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 1948
ThreadCreationTime : 5-13-2005 6:53:25 PM
BasePriority : Normal
FileVersion : 5.4.101.118
ProductVersion : 5.4.101.118
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:28 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1996
ThreadCreationTime : 5-13-2005 6:53:26 PM
BasePriority : Normal


#:29 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 2008
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:30 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2012
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 6.14.10.5028
ProductVersion : 6.14.10.5028
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:31 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2028
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:32 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 2036
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:33 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 176
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:34 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 276
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:35 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 288
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:36 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 220
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 78
ProductVersion : 1, 0, 0, 78
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:37 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 572
ThreadCreationTime : 5-13-2005 6:53:30 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:38 [ezsp_px.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 5-13-2005 6:53:30 PM
BasePriority : Normal


#:39 [mediapassk.exe]
FilePath : C:\Program Files\Media Pass\
ProcessID : 1960
ThreadCreationTime : 5-13-2005 6:53:31 PM
BasePriority : Normal


#:40 [mediapass.exe]
FilePath : C:\Program Files\Media Pass\
ProcessID : 2100
ThreadCreationTime : 5-13-2005 6:53:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE

#:41 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2200
ThreadCreationTime : 5-13-2005 6:53:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:42 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2208
ThreadCreationTime : 5-13-2005 6:53:36 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:43 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 2216
ThreadCreationTime : 5-13-2005 6:53:36 PM
BasePriority : Normal
FileVersion : 1.8.1.2955
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:44 [desktopweather.exe]
FilePath : C:\Program Files\The Weather Channel FW\Desktop Weather\
ProcessID : 2336
ThreadCreationTime : 5-13-2005 6:53:38 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:45 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 5-13-2005 6:53:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:46 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3752
ThreadCreationTime : 5-13-2005 6:53:49 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:47 [webshots.scr]
FilePath : C:\PROGRA~1\Webshots\
ProcessID : 3828
ThreadCreationTime : 5-13-2005 6:53:50 PM
BasePriority : Normal
FileVersion : 2.1.0.4586
ProductVersion : 2.1.0.4586
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright © 2004
OriginalFilename : Webshots2.SCR

#:48 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2836
ThreadCreationTime : 5-13-2005 6:54:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:49 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 692
ThreadCreationTime : 5-13-2005 6:56:57 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:50 [wisptis.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 188
ThreadCreationTime : 5-13-2005 10:58:35 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:51 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3940
ThreadCreationTime : 5-14-2005 2:11:15 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:52 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3356
ThreadCreationTime : 5-14-2005 6:53:32 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:53 [autoupdate.exe]
FilePath : C:\Program Files\AutoUpdate\
ProcessID : 496
ThreadCreationTime : 5-14-2005 7:00:24 PM
BasePriority : Normal

Warning! PeopleOnPage Object found in memory(C:\Program Files\AutoUpdate\AutoUpdate.exe)

PeopleOnPage Object Recognized!
Type : Process
Data : AutoUpdate.exe
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate\


"C:\Program Files\AutoUpdate\AutoUpdate.exe"Process terminated successfully
"C:\Program Files\AutoUpdate\AutoUpdate.exe"Process terminated successfully

#:54 [mydrnlpa.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3176
ThreadCreationTime : 5-14-2005 7:01:48 PM
BasePriority : Normal


#:55 [newwdm32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 5-14-2005 7:01:50 PM
BasePriority : Normal


#:56 [cxtpls.exe]
FilePath : C:\Program Files\CxtPls\
ProcessID : 3304
ThreadCreationTime : 5-14-2005 8:38:25 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe

#:57 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 3680
ThreadCreationTime : 5-14-2005 8:43:12 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:58 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2952
ThreadCreationTime : 5-14-2005 8:43:40 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 39


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-901399723-1389057155-1950509763-1005\software\policies\avenue media

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-901399723-1389057155-1950509763-1005\software\apropos

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\apropos

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

PeopleOnPage Object Recognized!
Type : Regkey
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate

PeopleOnPage Object Recognized!
Type : RegValue
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate
Value : UninstallString

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 63


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PeopleOnPage Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoUpdater"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : AutoUpdater

PeopleOnPage Object Recognized!
Type : File
Data : autoupdate.exe
Category : Data Miner
Comment :
Object : c:\program files\autoupdate\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 65


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@centrport[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\student\Cookies\student@zedo[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 85



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\student\Local Settings\Temp\AutoUpdate0\



PeopleOnPage Object Recognized!
Type : File
Data : AutoUpdaterInstaller[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\student\Local Settings\Temporary Internet Files\Content.IE5\9C8RXTO1\



BargainBuddy Object Recognized!
Type : File
Data : A0022948.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022952.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022953.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription

[kbstarzz]

Here's the rest...

BargainBuddy Object Recognized!
Type : File
Data : A0022953.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022954.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022955.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022956.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022959.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : trkgif
CompanyName : ..
InternalName : trkgif
OriginalFilename : trkgif.exe


BargainBuddy Object Recognized!
Type : File
Data : A0022961.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


Rads01.Quadrogram Object Recognized!
Type : File
Data : A0022962.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1


BargainBuddy Object Recognized!
Type : File
Data : A0022963.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


PeopleOnPage Object Recognized!
Type : File
Data : A0022965.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\



180Solutions Object Recognized!
Type : File
Data : A0022968.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP240\



PeopleOnPage Object Recognized!
Type : File
Data : A0022999.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


SahAgent Object Recognized!
Type : File
Data : A0023022.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0023023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 3, 0, 0, 3
ProductVersion : 3, 0, 0, 3


BargainBuddy Object Recognized!
Type : File
Data : A0023029.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023032.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023033.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\



SahAgent Object Recognized!
Type : File
Data : A0023034.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


SahAgent Object Recognized!
Type : File
Data : A0023035.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


PeopleOnPage Object Recognized!
Type : File
Data : A0023051.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023055.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP242\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023056.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP243\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023158.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP249\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023159.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP249\



PeopleOnPage Object Recognized!
Type : File
Data : A0023321.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP251\



PeopleOnPage Object Recognized!
Type : File
Data : A0023326.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP251\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023356.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP253\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023359.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP253\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023360.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP253\



PeopleOnPage Object Recognized!
Type : File
Data : A0023429.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP255\



PeopleOnPage Object Recognized!
Type : File
Data : A0023454.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP255\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023458.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP255\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023490.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP258\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023500.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP259\



PeopleOnPage Object Recognized!
Type : File
Data : A0023531.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP260\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023576.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : A0023594.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



PeopleOnPage Object Recognized!
Type : File
Data : A0023597.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023651.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023652.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023653.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023654.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



PeopleOnPage Object Recognized!
Type : File
Data : A0023655.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023659.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023661.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023663.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\



PeopleOnPage Object Recognized!
Type : File
Data : A0023789.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP261\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023911.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



PeopleOnPage Object Recognized!
Type : File
Data : A0023914.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023916.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023918.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0023920.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



PeopleOnPage Object Recognized!
Type : File
Data : A0023959.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0024076.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



PeopleOnPage Object Recognized!
Type : File
Data : A0024103.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



PeopleOnPage Object Recognized!
Type : File
Data : A0024121.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : A0024139.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP262\



PeopleOnPage Object Recognized!
Type : File
Data : A0025182.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP263\



PeopleOnPage Object Recognized!
Type : File
Data : A0025213.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP265\



WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\



BargainBuddy Object Recognized!
Type : File
Data : instsrv.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 149


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 149



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Katie's Address.url
Category : Misc
Comment : Problematic URL discovered: http://kevdb.infospa...FG=US&ran=06363
Object : C:\Documents and Settings\student\Favorites\Favorites\Kristie's Favorites\Anything Else\Dawsons Creek\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\autoloader

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\DOCUME~1\student\LOCALS~1\Temp\AutoUpdate0

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\DOCUME~1\student\LOCALS~1\Temp\Atf

PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\autoupdate\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\student\LOCALS~1\Temp\autoupdate0\



PeopleOnPage Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\DOCUME~1\student\LOCALS~1\Temp\autoupdate0\



PeopleOnPage Object Recognized!
Type : File
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


PeopleOnPage Object Recognized!
Type : File
Data : AI_08-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_09-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_10-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_11-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_12-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_13-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_14-05-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : atl.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : ATL.DLL


PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe


PeopleOnPage Object Recognized!
Type : File
Data : data.bin
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : ProxyStub.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : uninstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : WinGenerics.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout
Value : Comment

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout
Value : DComment

BargainBuddy Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\BullsEye Network

Rads01.Quadrogram Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 40
Objects found so far: 190

5:07:11 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:28.158
Objects scanned:146398
Objects identified:152
Objects ignored:0
New critical objects:152

[GR@PH;<'S]

kbstarzz,
Please can you try at least two if not more of these On-line scans
Panda
Symantec
McAfee
TrendMicro
Bit Defender
RAV
Kaspersky
CommandonDemand
Computer Associates
CyberTechHelp
PC Pitstop
Stinger
a2
or download and try
TrojanHunter (Note Trojan Scanner 30 day Trial)
Then once you have done please rescan with Ad-aware doing a "Full Scan" and post your logfile here by using the "Add-reply" feature
If needed here's how to post your Ad-aware Logfile

Here’s how to copy your Ad-aware log
click my computer
click local C Drive
then Click Program Files
then Click Lavasoft
then click Ad-aware SE
and then Logs,
find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

GR@PH;<'S

[kbstarzz]

Ok, I ran some of those and this is my new log...


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 11:35:35 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):44 total references
WindUpdates(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-2005 11:35:35 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\student\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\student\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 792
ThreadCreationTime : 5-13-2005 6:52:56 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 5-13-2005 6:53:01 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 5-13-2005 6:53:03 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-13-2005 6:53:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 5-13-2005 6:53:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 5-13-2005 6:53:05 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 5-13-2005 6:53:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1164
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1204
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1312
ThreadCreationTime : 5-13-2005 6:53:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1668
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 5-13-2005 6:53:07 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1700
ThreadCreationTime : 5-13-2005 6:53:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1828
ThreadCreationTime : 5-13-2005 6:53:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 5-13-2005 6:53:16 PM
BasePriority : Normal


#:17 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 776
ThreadCreationTime : 5-13-2005 6:53:17 PM
BasePriority : Normal


#:18 [basfipm.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 484
ThreadCreationTime : 5-13-2005 6:53:17 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:19 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 816
ThreadCreationTime : 5-13-2005 6:53:18 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 908
ThreadCreationTime : 5-13-2005 6:53:18 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 5-13-2005 6:53:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1392
ThreadCreationTime : 5-13-2005 6:53:20 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:23 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1520
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal


#:24 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal
FileVersion : 3.40.67.0
ProductVersion : 3.40.67.0
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Computer Corporation
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:25 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1556
ThreadCreationTime : 5-13-2005 6:53:21 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:26 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 1948
ThreadCreationTime : 5-13-2005 6:53:25 PM
BasePriority : Normal
FileVersion : 5.4.101.118
ProductVersion : 5.4.101.118
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1996
ThreadCreationTime : 5-13-2005 6:53:26 PM
BasePriority : Normal


#:28 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 2008
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:29 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2012
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 6.14.10.5028
ProductVersion : 6.14.10.5028
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:30 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2028
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:31 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 2036
ThreadCreationTime : 5-13-2005 6:53:27 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:32 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 176
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:33 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 276
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:34 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 288
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:35 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 220
ThreadCreationTime : 5-13-2005 6:53:29 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 78
ProductVersion : 1, 0, 0, 78
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:36 [ezsp_px.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 5-13-2005 6:53:30 PM
BasePriority : Normal


#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2200
ThreadCreationTime : 5-13-2005 6:53:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:38 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2208
ThreadCreationTime : 5-13-2005 6:53:36 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:39 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 2216
ThreadCreationTime : 5-13-2005 6:53:36 PM
BasePriority : Normal
FileVersion : 1.8.1.2955
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:40 [desktopweather.exe]
FilePath : C:\Program Files\The Weather Channel FW\Desktop Weather\
ProcessID : 2336
ThreadCreationTime : 5-13-2005 6:53:38 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:41 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 5-13-2005 6:53:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:42 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3752
ThreadCreationTime : 5-13-2005 6:53:49 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:43 [webshots.scr]
FilePath : C:\PROGRA~1\Webshots\
ProcessID : 3828
ThreadCreationTime : 5-13-2005 6:53:50 PM
BasePriority : Normal
FileVersion : 2.1.0.4586
ProductVersion : 2.1.0.4586
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright © 2004
OriginalFilename : Webshots2.SCR

#:44 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2836
ThreadCreationTime : 5-13-2005 6:54:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:45 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 692
ThreadCreationTime : 5-13-2005 6:56:57 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:46 [wisptis.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 188
ThreadCreationTime : 5-13-2005 10:58:35 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:47 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3356
ThreadCreationTime : 5-14-2005 6:53:32 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:48 [mydrnlpa.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3176
ThreadCreationTime : 5-14-2005 7:01:48 PM
BasePriority : Normal


#:49 [newwdm32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 5-14-2005 7:01:50 PM
BasePriority : Normal


#:50 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2392
ThreadCreationTime : 5-14-2005 9:22:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:51 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 3000
ThreadCreationTime : 5-15-2005 1:13:57 AM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:52 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1776
ThreadCreationTime : 5-15-2005 2:09:07 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:53 [trojanhunter.exe]
FilePath : C:\Program Files\TrojanHunter 4.2\
ProcessID : 3092
ThreadCreationTime : 5-15-2005 2:20:06 PM
BasePriority : Normal
FileVersion : 4.2.0.908
ProductVersion : 4.1.0.0
ProductName : TrojanHunter
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Scanner
InternalName : TrojanHunter Scanner
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security
OriginalFilename : TrojanHunter.exe

#:54 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3284
ThreadCreationTime : 5-15-2005 3:34:56 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:55 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2700
ThreadCreationTime : 5-15-2005 3:35:00 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@tickle[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-13-2007 1:02:26 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@bfast[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-15-2025 10:49:04 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-14-2006 4:50:10 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@clickagents[1].txt
Category : Data Miner
Comment : Hits:118
Value : Cookie:[email protected]/
Expires : 5-7-2030 10:11:38 AM
LastSync : Hits:118
UseCount : 0
Hits : 118

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-1-2006
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-14-2006 5:33:36 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@adrevolver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/adrevolver/
Expires : 1-23-2008 7:15:28 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 7-5-2006 4:02:30 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@fastclick[1].txt
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Expires : 5-14-2007 4:53:02 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@casalemedia[1].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:[email protected]/
Expires : 5-6-2006 6:59:46 AM
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-12-2015 1:27:42 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-13-2005 1:05:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@zedo[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-12-2015 4:42:16 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@doubleclick[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 5-13-2008 5:26:52 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-13-2006 1:41:50 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@statcounter[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-12-2010 1:18:16 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 1-1-2038 1:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@targetnet[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 5-17-2033 11:33:20 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-12-2010 1:44:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@tripod[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-6-2006 4:10:46 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-12-2010 1:44:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-13-2020 11:52:46 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@trafficmp[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 5-14-2006 4:52:14 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@atdmt[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-12-2010 8:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@mediaplex[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:35
Value : Cookie:[email protected]/
Expires : 6-14-2005 10:58:50 AM
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@hitbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-14-2006 5:33:36 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-8-2035 10:30:30 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2029 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@advertising[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-14-2010 10:54:10 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-13-2015 10:17:28 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@valueclick[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 5-7-2030 10:43:10 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@pro-market[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-31-2030 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/
Expires : 5-11-2006 7:54:04 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@maxserving[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 5-11-2015 1:16:18 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 6-12-2005 10:10:46 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin
Expires : 5-12-2015 4:55:18 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@2o7[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 5-14-2010 10:30:50 AM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:33
Value : Cookie:[email protected]/
Expires : 5-13-2006 7:02:20 PM
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@realmedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-11-2005 7:07:08 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 2-27-2015 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 44
Objects found so far: 82



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : A0025412.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP267\



BargainBuddy Object Recognized!
Type : File
Data : A0025413.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{987E0331

[GR@PH;<'S]

kbstarzz,
you did not post all of your log file
but can you clear out clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner also
please can you make sure that you still have “Ticks by these :
"Unload recognized processes during scanning",
"Let Windows remove files in use after reboot."
to do this Open Ad-aware SE
Click “settings” (the Gear)
then Click “Tweaks“,
then click “Scanning Engine”
Tick ."Unload recognized processes during scanning"
Then Click “Cleaning Engine”
And Tick
"Let Windows remove files in use after reboot."
then Click “proceed”.
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
If needed here how to post your Ad-aware Logfile
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's or more to get it all)

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98*admin users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default
GR@PH;<'S

[kbstarzz]

Ok, I did the scan and then rebooted and then did it again...here is the latest one...


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 15, 2005 5:46:26 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-15-2005 5:46:26 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\student\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\student\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-901399723-1389057155-1950509763-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 784
ThreadCreationTime : 5-15-2005 9:38:08 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 5-15-2005 9:38:15 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 5-15-2005 9:38:19 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-15-2005 9:38:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 5-15-2005 9:38:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 5-15-2005 9:38:21 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 5-15-2005 9:38:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1176
ThreadCreationTime : 5-15-2005 9:38:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1216
ThreadCreationTime : 5-15-2005 9:38:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1316
ThreadCreationTime : 5-15-2005 9:38:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1476
ThreadCreationTime : 5-15-2005 9:38:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1668
ThreadCreationTime : 5-15-2005 9:38:24 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1704
ThreadCreationTime : 5-15-2005 9:38:24 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : 5-15-2005 9:38:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1800
ThreadCreationTime : 5-15-2005 9:38:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:16 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 252
ThreadCreationTime : 5-15-2005 9:38:33 PM
BasePriority : Normal


#:17 [basfipm.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 268
ThreadCreationTime : 5-15-2005 9:38:34 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:18 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 288
ThreadCreationTime : 5-15-2005 9:38:34 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 388
ThreadCreationTime : 5-15-2005 9:38:34 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 532
ThreadCreationTime : 5-15-2005 9:38:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 568
ThreadCreationTime : 5-15-2005 9:38:34 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:22 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 632
ThreadCreationTime : 5-15-2005 9:38:35 PM
BasePriority : Normal


#:23 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 768
ThreadCreationTime : 5-15-2005 9:38:39 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:24 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 776
ThreadCreationTime : 5-15-2005 9:38:39 PM
BasePriority : Normal
FileVersion : 3.40.67.0
ProductVersion : 3.40.67.0
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Computer Corporation
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:25 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 828
ThreadCreationTime : 5-15-2005 9:38:40 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1552
ThreadCreationTime : 5-15-2005 9:38:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2104
ThreadCreationTime : 5-15-2005 9:42:39 PM
BasePriority : Normal


#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2180
ThreadCreationTime : 5-15-2005 9:42:41 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2260
ThreadCreationTime : 5-15-2005 9:43:04 PM
BasePriority : Normal
FileVersion : 5.4.101.118
ProductVersion : 5.4.101.118
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2292
ThreadCreationTime : 5-15-2005 9:43:05 PM
BasePriority : Normal


#:31 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2328
ThreadCreationTime : 5-15-2005 9:43:05 PM
BasePriority : Normal
FileVersion : 6.14.10.5028
ProductVersion : 6.14.10.5028
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:32 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2368
ThreadCreationTime : 5-15-2005 9:43:06 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:33 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 2392
ThreadCreationTime : 5-15-2005 9:43:07 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:34 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2468
ThreadCreationTime : 5-15-2005 9:43:08 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:35 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2476
ThreadCreationTime : 5-15-2005 9:43:08 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:36 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 2492
ThreadCreationTime : 5-15-2005 9:43:08 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 78
ProductVersion : 1, 0, 0, 78
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:37 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2508
ThreadCreationTime : 5-15-2005 9:43:08 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:38 [ezsp_px.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2604
ThreadCreationTime : 5-15-2005 9:43:09 PM
BasePriority : Normal


#:39 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2656
ThreadCreationTime : 5-15-2005 9:43:10 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:40 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 2720
ThreadCreationTime : 5-15-2005 9:43:11 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:41 [cmutwiz.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3096
ThreadCreationTime : 5-15-2005 9:43:16 PM
BasePriority : Normal


#:42 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3108
ThreadCreationTime : 5-15-2005 9:43:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:43 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 3116
ThreadCreationTime : 5-15-2005 9:43:16 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:44 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 3124
ThreadCreationTime : 5-15-2005 9:43:16 PM
BasePriority : Normal
FileVersion : 1.8.1.2955
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:45 [desktopweather.exe]
FilePath : C:\Program Files\The Weather Channel FW\Desktop Weather\
ProcessID : 3132
ThreadCreationTime : 5-15-2005 9:43:16 PM
BasePriority : Normal
FileVersion : 4.0.0.1
ProductVersion : 4.0.0.1
ProductName : Desktop Weather 4
CompanyName : TWCi
FileDescription : DesktopWeather4
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather4.exe

#:46 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 3280
ThreadCreationTime : 5-15-2005 9:43:20 PM
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:47 [webshots.scr]
FilePath : C:\PROGRA~1\Webshots\
ProcessID : 3312
ThreadCreationTime : 5-15-2005 9:43:21 PM
BasePriority : Normal
FileVersion : 2.1.0.4586
ProductVersion : 2.1.0.4586
ProductName : The Webshots Desktop
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
LegalCopyright : Copyright © 2004
OriginalFilename : Webshots2.SCR

#:48 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3816
ThreadCreationTime : 5-15-2005 9:43:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:49 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2516
ThreadCreationTime : 5-15-2005 9:44:47 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:50 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3788
ThreadCreationTime : 5-15-2005 9:45:45 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:51 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2204
ThreadCreationTime : 5-15-2005 9:46:21 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@doubleclick[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-14-2008 5:45:12 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : student@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-13-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 40



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

6:07:54 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:27.531
Objects scanned:149701
Objects identified:2
Objects ignored:0
New critical objects:2

[GR@PH;<'S]

kbstarzz,
well you nearly clean the MRU's you can remove as they are only negligible you can set your Ad-aware to not see them ie: ignore them for say a week then remove them to do this open your Ad-aware and click start then un-tick / un-check the Search for Negligible Risk entries
you may wish to download a Free Cookie manager called CookieWall to take care of all your Cookie’s for you.
(Tracking Cookie’s are always safe to delete)

I Recommend the you do a smartscan Daily and a Full Scan Weekly unless your Smart Scan finds items then I recommend you do a full Scan.
then if need be post a full logfile.
and remember to use the WebUpdate just before you scan.
(there is not always one to download but at least you will always be up to date )
if you are still having problems let us know
GR@PH;<‘S

[kbstarzz]

Ok thanks for your help! Whenever I do the scans the people on page comes back, but I guess its not a big deal if I just do the scans more often.