new here.........having major probs with spyware. everytime we open IE we get pop ups. have spent 2 days deleting files and registry keys only for them to come back again. this bug is chewing up virtual memory. does anyone know how to get rid of this.
posting adaware log for help.
thanks
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, 21 April 2005 7:36:44 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649
21-04-2005 7:32:31 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
21-04-2005 7:32:47 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:21 %
Total physical memory:523760 kb
Available physical memory:109860 kb
Total page file size:885520 kb
Available on page file:496472 kb
Total virtual memory:2097024 kb
Available virtual memory:2031800 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
21-04-2005 7:36:44 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 632
ThreadCreationTime : 20-04-2005 8:37:48 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 684
ThreadCreationTime : 20-04-2005 8:37:50 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 708
ThreadCreationTime : 20-04-2005 8:37:52 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 752
ThreadCreationTime : 20-04-2005 8:37:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 764
ThreadCreationTime : 20-04-2005 8:37:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 924
ThreadCreationTime : 20-04-2005 8:37:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 972
ThreadCreationTime : 20-04-2005 8:37:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1136
ThreadCreationTime : 20-04-2005 8:37:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1196
ThreadCreationTime : 20-04-2005 8:37:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1340
ThreadCreationTime : 20-04-2005 8:37:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1480
ThreadCreationTime : 20-04-2005 8:37:56 PM
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
ProcessID : 1496
ThreadCreationTime : 20-04-2005 8:37:56 PM
BasePriority : Normal
FileVersion : 5.4.3.11
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:13 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1564
ThreadCreationTime : 20-04-2005 8:37:58 PM
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1744
ThreadCreationTime : 20-04-2005 8:37:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [isafe.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\isafe.exe
Command Line : C:\WINDOWS\system32\ZoneLabs\isafe.exe
ProcessID : 1840
ThreadCreationTime : 20-04-2005 8:37:59 PM
BasePriority : Normal
FileVersion : Version 10.65.0.7
ProductVersion : Version 10.65.0.7
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1876
ThreadCreationTime : 20-04-2005 8:37:59 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1932
ThreadCreationTime : 20-04-2005 8:37:59 PM
BasePriority : Normal
FileVersion : 11.0.1.3
ProductVersion : 11.0.1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
ProcessID : 1984
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 11.0.1.3
ProductVersion : 11.0.1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
#:19 [nprotect.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Command Line : "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"
ProcessID : 2040
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE
#:20 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 148
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:21 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Command Line : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
ProcessID : 224
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll
#:22 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 364
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:23 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
ProcessID : 300
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 456
ThreadCreationTime : 20-04-2005 8:38:00 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:25 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 20-04-2005 8:38:01 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
#:26 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2360
ThreadCreationTime : 20-04-2005 8:38:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 3552
ThreadCreationTime : 20-04-2005 8:39:24 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:28 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 3656
ThreadCreationTime : 20-04-2005 8:39:28 PM
BasePriority : Normal
FileVersion : 5.0.05
ProductVersion : 5.0.05
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2002 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager
#:29 [dit.exe]
ModuleName : C:\WINDOWS\Dit.exe
Command Line : "C:\WINDOWS\Dit.exe"
ProcessID : 3664
ThreadCreationTime : 20-04-2005 8:39:28 PM
BasePriority : Normal
#:30 [capfax.exe]
ModuleName : C:\Program Files\Classic PhoneTools\CapFax.EXE
Command Line : "C:\Program Files\Classic PhoneTools\CapFax.EXE"
ProcessID : 3824
ThreadCreationTime : 20-04-2005 8:39:33 PM
BasePriority : Normal
#:31 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 3844
ThreadCreationTime : 20-04-2005 8:39:33 PM
BasePriority : Normal
FileVersion : 7.00.0724.0
ProductVersion : 7.00.0724.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe
#:32 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 3964
ThreadCreationTime : 20-04-2005 8:39:35 PM
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:33 [ditexp.exe]
ModuleName : C:\WINDOWS\DitExp.exe
Command Line : DitExp.exe
ProcessID : 4076
ThreadCreationTime : 20-04-2005 8:39:36 PM
BasePriority : Normal
#:34 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 208
ThreadCreationTime : 20-04-2005 8:39:37 PM
BasePriority : Normal
#:35 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 284
ThreadCreationTime : 20-04-2005 8:39:37 PM
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:36 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1192
ThreadCreationTime : 20-04-2005 8:39:37 PM
BasePriority : Normal
FileVersion : 9.75.302
ProductVersion : 9.75.302
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:37 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1236
ThreadCreationTime : 20-04-2005 8:39:37 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
#:38 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2124
ThreadCreationTime : 20-04-2005 8:39:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:39 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
ProcessID : 344
ThreadCreationTime : 20-04-2005 8:39:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:40 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 2172
ThreadCreationTime : 20-04-2005 8:39:43 PM
BasePriority : Normal
#:41 [mmdiag.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 1000
ThreadCreationTime : 20-04-2005 8:39:45 PM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE
#:42 [hpohmr08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Command Line : n/a
ProcessID : 2380
ThreadCreationTime : 20-04-2005 8:39:53 PM
BasePriority : Normal
FileVersion : 4.2.0.170
ProductVersion : 002.000.000.170
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOHMR08.EXE
Comments : HP OfficeJet <Homer> Series COM Device Objects
#:43 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 620
ThreadCreationTime : 20-04-2005 8:39:53 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
#:44 [mim.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe" -Embedding
ProcessID : 1032
ThreadCreationTime : 20-04-2005 8:39:55 PM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe
#:45 [mantispm.exe]
ModuleName : C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
Command Line : C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
ProcessID : 3068
ThreadCreationTime : 20-04-2005 8:40:24 PM
BasePriority : Normal
FileVersion : 4, 2, 1, 2891
ProductVersion : 4, 2, 1, 2891
FileDescription : Spam Filter
InternalName : mantispm.exe
LegalCopyright : © 2002-2004
OriginalFilename : mantispm.exe
#:46 [sbftiv.exe]
ModuleName : c:\windows\system32\sbftiv.exe
Command Line : "c:\windows\system32\sbftiv.exe" ucwozp
ProcessID : 3176
ThreadCreationTime : 20-04-2005 8:40:31 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:47 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3440
ThreadCreationTime : 20-04-2005 8:58:31 PM
BasePriority : Normal
#:48 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3796
ThreadCreationTime : 20-04-2005 9:32:15 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sven@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\sven@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sven@paycounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\sven@paycounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sven@sexlist[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\sven@sexlist[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sven@sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\sven@sextracker[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sven@xxxcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sven\Cookies\sven@xxxcounter[1].txt
SahAgent Object Recognized!
Type : File
Data : A0291625.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP955\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0291741.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP956\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0291857.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP957\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0291973.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP958\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0292065.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP958\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0292537.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP958\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0293063.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP958\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
MediaMotor Object Recognized!
Type : File
Data : A0296390.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP959\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com
MediaMotor Object Recognized!
Type : File
Data : A0296391.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{9F8255AA-4D49-4549-8300-3555A90EAD13}\RP959\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
7:57:30 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:45.625
Objects scanned:195532
Objects identified:21
Objects ignored:0
New critical objects:21