btw, since the ad-aware forum is closed i'll post the scan results now:
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, August 27, 2005 11:55:14 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R63 24.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692
8-27-2005 11:47:29 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R63 24.08.2005
Internal build : 73
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 512535 Bytes
Total size : 1543974 Bytes
Signature data size : 1510909 Bytes
Reference data size : 32553 Bytes
Signatures total : 42991
CSI Fingerprints total : 1029
CSI data size : 36589 Bytes
Target categories : 15
Target families : 736
8-27-2005 11:53:43 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:12 %
Total physical memory:130508 kb
Available physical memory:3028 kb
Total page file size:1966640 kb
Available on page file:1849232 kb
Total virtual memory:2093056 kb
Available virtual memory:2041856 kb
OS:Microsoft Windows Millennium Edition
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-27-2005 11:55:14 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279190971
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294935387
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294845083
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294846687
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294861303
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4294865587
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:7 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294855299
Threads : 20
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:8 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4294964131
Threads : 5
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:9 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294823131
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:10 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294712035
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:11 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294770159
Threads : 23
Priority : Realtime
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2001
OriginalFilename : DDHelp.exe
#:12 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4294764495
Threads : 5
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:13 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4294648267
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:14 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4294649047
Threads : 4
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [MDM.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MDM.EXE
Command Line : "C:\WINDOWS\SYSTEM\MDM.EXE"
ProcessID : 4294667167
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe
#:16 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_fffc04d7
ProcessID : 4294662947
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:17 [FTCTRL32.EXE]
ModuleName : C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FTCTRL32.EXE
Command Line : "C:\Program Files\FaxTalk Communicator 4.0\FTCtrl32.exe"
ProcessID : 4294682907
Threads : 1
Priority : Normal
FileVersion : 4.0.0.100
ProductVersion : 4.0
ProductName : FaxTalk®
CompanyName : Thought Communications, Inc.
FileDescription : CallControl Application
InternalName : FTCTRL32.EXE
LegalCopyright : Copyright © Thought Communications, Inc. 1989-1997
LegalTrademarks : FaxTalk® is a registered trademark of Thought Communications, Inc.
OriginalFilename : FTCTRL32.EXE
#:18 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4294582367
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:19 [OSA.EXE]
ModuleName : C:\PROGRAM FILES2\MICROSOFT OFFICE\OFFICE\OSA.EXE
Command Line : "C:\Program Files2\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 4294695335
Threads : 1
Priority : Normal
#:20 [FINDFAST.EXE]
ModuleName : C:\PROGRAM FILES2\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
Command Line : "C:\Program Files2\Microsoft Office\Office\FINDFAST.EXE"
ProcessID : 4294695567
Threads : 2
Priority : Normal
#:21 [RUNDLL32.EXE]
ModuleName : C:\WINDOWS\RUNDLL32.EXE
Command Line : rundll32
ProcessID : 4294605391
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:22 [FAPIEXE.EXE]
ModuleName : C:\PROGRAM FILES\FAXTALK COMMUNICATOR 4.0\FAPIEXE.EXE
Command Line : FAPIEXE.EXE /e /ySoftware\Thought Communications\FaxTalk Communicator\4.0\
ProcessID : 4294614791
Threads : 4
Priority : Normal
FileVersion : 5.0
ProductVersion : 5.0
ProductName : FAPI32.DLL
CompanyName : Thought Communications, Inc.
FileDescription : FAPI32.DLL
InternalName : FAPI32
LegalCopyright : Copyright © THOUGHT COMMUNICATIONS, INC. 1989-1997
LegalTrademarks : FaxTalk® is a registered trademark of Thought Communications, Inc.
OriginalFilename : FAPI32.DLL
#:23 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4294520735
Threads : 8
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:24 [FIREFOX.EXE]
ModuleName : C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
Command Line : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "C:\My Documents\assorted\well\trojans!!!!!!!!!\You_Must_Read_This_Before_Posting_A_Hijackthis_Log-t2852.html"
ProcessID : 4294469831
Threads : 4
Priority : Normal
#:25 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4294492239
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:26 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294384639
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : Katsy\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (e:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for e:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
12:21:43 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:29.270
Objects scanned:278756
Objects identified:1
Objects ignored:0
New critical objects:1
anyway there's only 1 critical object: Alexa
what's alexa anyway?? is it a tracking cookie??
tnx, again
Edited by Duality_88, 27 August 2005 - 09:09 PM.