I've scanned twice more with Ad-aware and found trojan horses in the restore folder. At the time I couldn't get on the internet so I also uninstalled ZoneAlarm - this allowed me access to the internet(I'll have to work that one out later!). Here are the two logs of the two scans:
I'm still not happy with the total number of objects scanned - it should be much greater than that. But there are two critical objects in the restore folder.
Ad-Aware SE Build 1.06r1
Logfile Created on:01 October 2005 09:16:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R68 28.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):9 total references
Win32.Trojan.StartPage(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R68 28.09.2005
Internal build : 80
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 526954 Bytes
Total size : 1581029 Bytes
Signature data size : 1547745 Bytes
Reference data size : 32772 Bytes
Signatures total : 43961
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 753
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:122304 kb
Available physical memory:3616 kb
Total page file size:1974844 kb
Available on page file:1718132 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:Microsoft Windows Millennium Edition
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
01-10-2005 09:16:40 - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293865519
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294964807
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294858331
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859927
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [SSDPSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SSDPSRV.EXE
Command Line : C:\WINDOWS\SYSTEM\ssdpsrv.exe
ProcessID : 4294841719
Threads : 8
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:6 [THOTKEY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\THOTKEY.EXE
Command Line : C:\WINDOWS\SYSTEM\THotkey.exe
ProcessID : 4294839787
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe
#:7 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294893627
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE
#:8 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294873891
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:9 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294881407
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE
#:10 [HPBPRO.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBPRO.EXE
Command Line : C:\WINDOWS\SYSTEM\hpbpro.exe
ProcessID : 4292954955
Threads : 1
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : PortResolver Module
CompanyName : Hewlett-Packard Company
FileDescription : PortResolver Module
InternalName : PortResolver
LegalCopyright : Copyright 2000
OriginalFilename : PortResolver.exe
#:11 [HPBOID.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBOID.EXE
Command Line : C:\WINDOWS\SYSTEM\hpboid.exe
ProcessID : 4294841075
Threads : 2
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : HP Status Server
CompanyName : Hewlett-Packard Company
FileDescription : HP Status Server Module
InternalName : HP Status Server
LegalCopyright : Copyright © 2000 by Hewlett-Packard Company
OriginalFilename : HPboid.EXE
#:12 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292942275
Threads : 17
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:13 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4292990451
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292980003
Threads : 27
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:15 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4292912891
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4293113343
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293019319
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:18 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\irmon.exe"
ProcessID : 4293051075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : irmon.dll
#:19 [ALISNDMG.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ALISNDMG.EXE
Command Line : "C:\WINDOWS\SYSTEM\ALiSndMg.exe"
ProcessID : 4293060151
Threads : 2
Priority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : ALiSndMgr
CompanyName : ALi Laboratories Inc.
FileDescription : ALiSndMgr
InternalName : ALiSndMgr
LegalCopyright : Copyright © 2000
OriginalFilename : ALiSndMgr.exe
#:20 [EM_EXEC.EXE]
ModuleName : C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 4293041707
Threads : 3
Priority : Normal
FileVersion : 9.11.62
ProductVersion : 9.11
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:21 [TPWRTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TPWRTRAY.EXE"
ProcessID : 4293256635
Threads : 2
Priority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : Toshiba Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : Toshiba Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 Toshiba Corporation.
OriginalFilename : Tpwrtray.exe
Comments : Toshiba Power Saver
#:22 [TFNCKY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TFNCKY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TFncKy.exe"
ProcessID : 4293018731
Threads : 2
Priority : Normal
FileVersion : 1.21
ProductVersion : 1.21
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE
#:23 [DCFSSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
Command Line : "C:\WINDOWS\System32\Drivers\dcfssvc.exe"
ProcessID : 4293252603
Threads : 3
Priority : Normal
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2002
OriginalFilename : DcFsSvc.exe
#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_ffe24863
ProcessID : 4293147259
Threads : 4
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:25 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293135427
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:26 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293242307
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:27 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4293142967
Threads : 8
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:28 [STATUSCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
ProcessID : 4293181139
Threads : 4
Priority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe
#:29 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293170207
Threads : 7
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:30 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4293365507
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:31 [AIRPLUS.EXE]
ModuleName : C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 4293333967
Threads : 2
Priority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © All Rights Reserved.
OriginalFilename : AIRPLUS.EXE
#:32 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 4293221199
Threads : 24
Priority : Normal
#:33 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293270091
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:34 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4293466287
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server
#:35 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293438919
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:36 [WUAUCLT.EXE]
ModuleName : C:\WINDOWS\WUAUCLT.EXE
Command Line : -AUMagic
ProcessID : 4293656115
Threads : 4
Priority : Idle
FileVersion : 5.4.5681.0
ProductVersion : 5.4.5681.0
ProductName : Microsoft Windows Update - AutoUpdate feature
CompanyName : Microsoft Corporation
FileDescription : Microsoft AutoUpdate
InternalName : WUAUCLT.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WUAUCLT.EXE
#:37 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293434199
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:
[email protected]/
Expires : 01-01-2021 00:59:58
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 01-01-2011 00:59:58
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:
[email protected]/
Expires : 06-09-2010 17:28:00
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:73
Value : Cookie:
[email protected]/
Expires : 31-12-2037 23:00:00
LastSync : Hits:73
UseCount : 0
Hits : 73
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 13-09-2015 21:45:24
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 19-11-2006 11:13:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/
Expires : 04-09-2006 18:29:26
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 15-09-2006 21:45:14
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/cgi-bin
Expires : 28-09-2015 18:49:34
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.StartPage Object Recognized!
Type : File
Data : A0000078.CPY
TAC Rating : 8
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
Win32.Trojan.StartPage Object Recognized!
Type : File
Data : A0000083.CPY
TAC Rating : 8
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
09:25:35 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:55.140
Objects scanned:74882
Objects identified:33
Objects ignored:22
New critical objects:0
Ad-Aware SE Build 1.06r1
Logfile Created on:01 October 2005 09:27:58
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R68 28.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):18 total references
Win32.Trojan.StartPage(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R68 28.09.2005
Internal build : 80
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 526954 Bytes
Total size : 1581029 Bytes
Signature data size : 1547745 Bytes
Reference data size : 32772 Bytes
Signatures total : 43961
CSI Fingerprints total : 1047
CSI data size : 37307 Bytes
Target categories : 15
Target families : 753
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:122304 kb
Available physical memory:3304 kb
Total page file size:1974844 kb
Available on page file:1716872 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:Microsoft Windows Millennium Edition
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
01-10-2005 09:27:58 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293865519
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294964807
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294858331
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859927
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [SSDPSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SSDPSRV.EXE
Command Line : C:\WINDOWS\SYSTEM\ssdpsrv.exe
ProcessID : 4294841719
Threads : 8
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:6 [THOTKEY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\THOTKEY.EXE
Command Line : C:\WINDOWS\SYSTEM\THotkey.exe
ProcessID : 4294839787
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999
OriginalFilename : THotkey.exe
#:7 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE
ProcessID : 4294893627
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE
#:8 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294873891
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:9 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294881407
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE
#:10 [HPBPRO.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBPRO.EXE
Command Line : C:\WINDOWS\SYSTEM\hpbpro.exe
ProcessID : 4292954955
Threads : 1
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : PortResolver Module
CompanyName : Hewlett-Packard Company
FileDescription : PortResolver Module
InternalName : PortResolver
LegalCopyright : Copyright 2000
OriginalFilename : PortResolver.exe
#:11 [HPBOID.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPBOID.EXE
Command Line : C:\WINDOWS\SYSTEM\hpboid.exe
ProcessID : 4294841075
Threads : 2
Priority : Normal
FileVersion : 1, 0, 42, 0
ProductVersion : 1, 0, 42, 0
ProductName : HP Status Server
CompanyName : Hewlett-Packard Company
FileDescription : HP Status Server Module
InternalName : HP Status Server
LegalCopyright : Copyright © 2000 by Hewlett-Packard Company
OriginalFilename : HPboid.EXE
#:12 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292942275
Threads : 17
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:13 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4292990451
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft® Windows NT Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:14 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292980003
Threads : 25
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:15 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4292912891
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:16 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4293113343
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:17 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293019319
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:18 [IRMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IRMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\irmon.exe"
ProcessID : 4293051075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Infrared Monitor
InternalName : irmon.dll
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : irmon.dll
#:19 [ALISNDMG.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ALISNDMG.EXE
Command Line : "C:\WINDOWS\SYSTEM\ALiSndMg.exe"
ProcessID : 4293060151
Threads : 2
Priority : Normal
FileVersion : 1.01
ProductVersion : 1.01
ProductName : ALiSndMgr
CompanyName : ALi Laboratories Inc.
FileDescription : ALiSndMgr
InternalName : ALiSndMgr
LegalCopyright : Copyright © 2000
OriginalFilename : ALiSndMgr.exe
#:20 [EM_EXEC.EXE]
ModuleName : C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 4293041707
Threads : 3
Priority : Normal
FileVersion : 9.11.62
ProductVersion : 9.11
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:21 [TPWRTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TPWRTRAY.EXE"
ProcessID : 4293256635
Threads : 2
Priority : Normal
FileVersion : 4. 0. 0. 0
ProductVersion : 4. 0. 0. 0
ProductName : Toshiba Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : Toshiba Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2001 Toshiba Corporation.
OriginalFilename : Tpwrtray.exe
Comments : Toshiba Power Saver
#:22 [TFNCKY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TFNCKY.EXE
Command Line : "C:\WINDOWS\SYSTEM\TFncKy.exe"
ProcessID : 4293018731
Threads : 2
Priority : Normal
FileVersion : 1.21
ProductVersion : 1.21
ProductName : TFncKy
CompanyName : Toshiba Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2000 Toshiba Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE
#:23 [DCFSSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
Command Line : "C:\WINDOWS\System32\Drivers\dcfssvc.exe"
ProcessID : 4293252603
Threads : 3
Priority : Normal
FileVersion : 1.1.4400.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2002
OriginalFilename : DcFsSvc.exe
#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_ffe24863
ProcessID : 4293147259
Threads : 4
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:25 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293135427
Threads : 6
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:26 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293242307
Threads : 7
Priority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:27 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4293142967
Threads : 8
Priority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:28 [STATUSCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
ProcessID : 4293181139
Threads : 4
Priority : Normal
FileVersion : 00.00.13
ProductVersion : 00.00.13
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe
#:29 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293170207
Threads : 7
Priority : Normal
FileVersion : 6.0.667.000
ProductVersion : 6.0.667.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:30 [RunDLL.exe]
ModuleName : C:\WINDOWS\RunDLL.exe
Command Line : n/a
ProcessID : 4293365507
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:31 [AIRPLUS.EXE]
ModuleName : C:\PROGRAM FILES\D-LINK AIRPLUS\AIRPLUS.EXE
Command Line : "C:\Program Files\D-Link AirPlus\AirPlus.exe"
ProcessID : 4293333967
Threads : 2
Priority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © All Rights Reserved.
OriginalFilename : AIRPLUS.EXE
#:32 [JAVAW.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 4293221199
Threads : 24
Priority : Normal
#:33 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4293270091
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:34 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4293466287
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server
#:35 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293438919
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
Interna