Hi g2i2r4,
Sorry it took so long, but as in your signature, I had some life happening and just got to run Ad-Aware again.
I can hardly stand it, but it would seem there are 23 critical objects AGAIN and the SHERRIFF word is among them.
Here is my logfile from Ad-aware. I have not clicked "NEXT" yet in Ad-Aware, just in case we need to do something special.
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 19, 2005 11:46:26 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
SpywareNo(TAC index:7):22 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R50 13.06.2005
Internal build : 58
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481146 Bytes
Total size : 1456012 Bytes
Signature data size : 1427935 Bytes
Reference data size : 27565 Bytes
Signatures total : 40456
CSI Fingerprints total : 904
CSI data size : 31134 Bytes
Target categories : 15
Target families : 692
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:54 %
Total physical memory:392688 kb
Available physical memory:209976 kb
Total page file size:1993236 kb
Available on page file:1638492 kb
Total virtual memory:2097024 kb
Available virtual memory:2041864 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-19-2005 11:46:28 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 472
ThreadCreationTime : 6-19-2005 5:01:18 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 540
ThreadCreationTime : 6-19-2005 5:01:23 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 564
ThreadCreationTime : 6-19-2005 5:01:25 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 608
ThreadCreationTime : 6-19-2005 5:01:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 6-19-2005 5:01:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 860
ThreadCreationTime : 6-19-2005 5:01:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 928
ThreadCreationTime : 6-19-2005 5:01:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 996
ThreadCreationTime : 6-19-2005 5:01:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1076
ThreadCreationTime : 6-19-2005 5:01:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1124
ThreadCreationTime : 6-19-2005 5:01:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1240
ThreadCreationTime : 6-19-2005 5:01:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1352
ThreadCreationTime : 6-19-2005 5:01:38 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:13 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1368
ThreadCreationTime : 6-19-2005 5:01:39 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:14 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"
ProcessID : 1432
ThreadCreationTime : 6-19-2005 5:01:40 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:15 [nprotect.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Command Line : "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"
ProcessID : 1472
ThreadCreationTime : 6-19-2005 5:01:41 AM
BasePriority : Normal
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2002 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE
#:16 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Command Line : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
ProcessID : 1632
ThreadCreationTime : 6-19-2005 5:01:44 AM
BasePriority : Normal
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll
#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1696
ThreadCreationTime : 6-19-2005 5:01:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1732
ThreadCreationTime : 6-19-2005 5:01:46 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:19 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1800
ThreadCreationTime : 6-19-2005 5:01:48 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:20 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 716
ThreadCreationTime : 6-19-2005 5:02:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1272
ThreadCreationTime : 6-19-2005 5:02:07 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:22 [reminderapp.exe]
ModuleName : C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
Command Line : "C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe"
ProcessID : 2328
ThreadCreationTime : 6-19-2005 5:02:34 AM
BasePriority : Normal
#:23 [ahqtb.exe]
ModuleName : C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Command Line : "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
ProcessID : 2340
ThreadCreationTime : 6-19-2005 5:02:35 AM
BasePriority : Normal
FileVersion : 1.0.185
ProductVersion : 1.0.185
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ
#:24 [devldr32.exe]
ModuleName : C:\WINDOWS\system32\devldr32.exe
Command Line : C:\WINDOWS\system32\devldr32.exe
ProcessID : 2356
ThreadCreationTime : 6-19-2005 5:02:36 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe
#:25 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 2364
ThreadCreationTime : 6-19-2005 5:02:37 AM
BasePriority : Normal
FileVersion : 9.80.019
ProductVersion : 9.80.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2004 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:26 [opware32.exe]
ModuleName : C:\PROGRA~1\Caere\OMNIPA~1\opware32.exe
Command Line : "C:\PROGRA~1\Caere\OMNIPA~1\opware32.exe"
ProcessID : 2368
ThreadCreationTime : 6-19-2005 5:02:37 AM
BasePriority : Normal
FileVersion : 9.0
ProductVersion : 9.0
ProductName : OmniPage Pro
CompanyName : Caere Corporation
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
LegalCopyright : Copyright © 1995-1998 Caere Corporation
OriginalFilename : Opware32.exe
#:27 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 2408
ThreadCreationTime : 6-19-2005 5:02:40 AM
BasePriority : Normal
#:28 [ctnotify.exe]
ModuleName : C:\Program Files\Creative\ShareDLL\CtNotify.exe
Command Line : "C:\Program Files\Creative\ShareDLL\CtNotify.exe"
ProcessID : 2436
ThreadCreationTime : 6-19-2005 5:02:41 AM
BasePriority : Normal
FileVersion : 2.0.0.0
ProductVersion : 2.0
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : CtNotify
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : CtNotify.exe
Comments : CtNotify Entry
#:29 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 2452
ThreadCreationTime : 6-19-2005 5:02:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2504
ThreadCreationTime : 6-19-2005 5:02:47 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:31 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2524
ThreadCreationTime : 6-19-2005 5:02:48 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:32 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2540
ThreadCreationTime : 6-19-2005 5:02:50 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:33 [mediadet.exe]
ModuleName : C:\Program Files\Creative\ShareDLL\MediaDet.Exe
Command Line : "C:\Program Files\Creative\ShareDLL\MediaDet.Exe" -Embedding
ProcessID : 2548
ThreadCreationTime : 6-19-2005 5:02:50 AM
BasePriority : Normal
FileVersion : 2.0.0.0
ProductVersion : 2.0
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : MediaDet.exe
Comments : Local Server
#:34 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe"
ProcessID : 2636
ThreadCreationTime : 6-19-2005 5:02:56 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
#:35 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2664
ThreadCreationTime : 6-19-2005 5:02:57 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:36 [kem.exe]
ModuleName : C:\Program Files\Logitech\SetPoint\KEM.exe
Command Line : "C:\Program Files\Logitech\SetPoint\KEM.exe"
ProcessID : 2760
ThreadCreationTime : 6-19-2005 5:03:08 AM
BasePriority : Normal
FileVersion : 2.14.106
ProductVersion : 2.14.106
ProductName : SetPoint Files
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint
InternalName : SetPoint
LegalCopyright : © 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, is a registered trademark of Logitech Inc.
OriginalFilename : KEM.exe
Comments : Created by the Productivity Software team
#:37 [diskmon.exe]
ModuleName : C:\Program Files\DiskMonFiles\Diskmon.exe
Command Line : "C:\Program Files\DiskMonFiles\Diskmon.exe" /L
ProcessID : 2816
ThreadCreationTime : 6-19-2005 5:03:10 AM
BasePriority : Normal
FileVersion : 2.01
ProductVersion : 2.01
ProductName : Sysinternals Diskmon
CompanyName : Sysinternals
FileDescription : Disk Monitor
InternalName : Diskmon
LegalCopyright : Copyright © 1996-2003 Mark Russinovich
OriginalFilename : Diskmon.exe
#:38 [khalmnpr.exe]
ModuleName : C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
Command Line : KHALMNPR.EXE /API
ProcessID : 2868
ThreadCreationTime : 6-19-2005 5:03:12 AM
BasePriority : Normal
FileVersion : 2.14.103
ProductVersion : 2.14.103
ProductName : Productivity Software Common Files
CompanyName : Logitech Inc.
FileDescription : Logitech Hardware Abstraction Layer
InternalName : SetPoint
LegalCopyright : © 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, MouseWare® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.Exe
Comments : Created by the Productivity Software team
#:39 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 308
ThreadCreationTime : 6-19-2005 5:07:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:40 [thunderbird.exe]
ModuleName : C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Command Line : "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
ProcessID : 924
ThreadCreationTime : 6-19-2005 5:09:44 AM
BasePriority : Normal
#:41 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3588
ThreadCreationTime : 6-20-2005 12:25:10 AM
BasePriority : Normal
#:42 [netscp.exe]
ModuleName : C:\Program Files\Netscape\Netscape\Netscp.exe
Command Line : "C:\Program Files\Netscape\Netscape\Netscp.exe" -edit
ProcessID : 3544
ThreadCreationTime : 6-20-2005 12:44:25 AM
BasePriority : Normal
#:43 [winavi.exe]
ModuleName : C:\Program Files\WinAVI VideoConverter\WinAVI.exe
Command Line : "C:\Program Files\WinAVI VideoConverter\WinAVI.exe"
ProcessID : 2052
ThreadCreationTime : 6-20-2005 3:05:19 AM
BasePriority : Normal
#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2392
ThreadCreationTime : 6-20-2005 3:08:30 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SpywareNo Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : PlaySounds
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : ScheduledScan
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : ScheduledScanHour
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : ScheduledScanMin
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : SecurityLevel
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : Uninstall
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1606980848-1060284298-1003\software\spysheriff
Value : Security
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
MRU List Object Recognized!
Location: : C:\Documents and Settings\Don\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-527237240-1606980848-1060284298-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : don@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/
Expires : 6-23-2010 10:28:36 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 24
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 24
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SpywareNo Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sno
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\desktop\general
Value : WallpaperLocalFileTime
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : control panel\desktop
Value : WallpaperStyle
SpywareNo Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\desktop\general
Value : WallpaperFileTime
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoAddingComponents
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoChangingWallpaper
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoComponents
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoEditingComponents
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\activedesktop
Value : NoHTMLWallPaper
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\explorer
Value : ClassicShell
Data : 0
SpywareNo Object Recognized!
Type : RegData
Data : 0
TAC Rating : 7
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\explorer
Value : NoActiveDesktop
Data : 0
SpywareNo Object Recognized!
Type : Folder
TAC Rating : 7
Category : Misc
Comment : SpywareNo
Object : C:\Documents and Settings\Don\Start Menu\Programs\SpySheriff
SpywareNo Object Recognized!
Type : File
Data : Install.dat
TAC Rating : 7
Category : Misc
Comment :
Object : C:\Documents and Settings\Don\Application Data\
SpywareNo Object Recognized!
Type : File
Data : SpySheriff.lnk
TAC Rating : 7
Category : Misc
Comment :
Object : C:\Documents and Settings\Don\Start Menu\Programs\spysheriff\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 38
12:16:21 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:53.599
Objects scanned:186464
Objects identified:23
Objects ignored:0
New critical objects:23
I really thought I was a rather cautious and safe surfer.
Don