I just used hijack this and am wondering if there is also a place to send my adaware log.
Also, can you tell by the vendor or category what is safe to delete?
Thanks for the forum, you guys are awesome!
Ad-Aware Log
Started by
Guest_jegwinn_*
, Jan 12 2004 08:22 PM
7 replies to this topic
#2
bluesman821
-
- Charter Members
-
- 91 posts
Adv. Member
Posted 12 January 2004 - 11:35 PM
jegwinn, post it here http://forum.gladiat...p?showforum=170
Wait for one of the Mods take a look at it before you delete anything on you hijack log.
Wait for one of the Mods take a look at it before you delete anything on you hijack log.
#3
Guest_jegwinn_*
Guest_jegwinn_*
-
- Guests
Posted 13 January 2004 - 12:10 AM
Thanks for the help in advance! Here is the ad-ware log. I hope the format is right.
Ad-aware 6 Scanning Result, 1-12-2004 4:08:19 PM
Created with Ad-aware Personal, free for private use.
Vendor Type Category Object Comment
Purity Scan Process Malware c:\documents and settings\owner\application data\wris.exe
MainPean Dialer RegKey Malware HKEY_LOCAL_MACHINE:SOFTWARE\MainPean Highspeed\ MainPean
MetaDirect RegKey Malware HKEY_CLASSES_ROOT:Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}\
Purity Scan RegValue Malware HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Run\ "Trsc"
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ads.specificpop[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@advertising[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@atdmt[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@centrport[1].txt
Other File Data Miner c:\documents and settings\owner\cookies\owner@cgi-bin[1].txt RedSherrif Tracking Cookie
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@doubleclick[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ehg-spafinder.hitbox[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ehg-uniontrib.hitbox[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@hitbox[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@hotlog[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@mediaplex[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@servedby.advertising[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@tribalfusion[1].txt
BrowserAid File Data Miner c:\windows\system32\stlbdist.dll
Verticity File Malware c:\windows\system32\td.exe
BrowserAid RegKey Data Miner HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Updt\
BrowserAid File Data Miner c:\windows\system32\stlbdist.xml
Ad-aware 6 Scanning Result, 1-12-2004 4:08:19 PM
Created with Ad-aware Personal, free for private use.
Vendor Type Category Object Comment
Purity Scan Process Malware c:\documents and settings\owner\application data\wris.exe
MainPean Dialer RegKey Malware HKEY_LOCAL_MACHINE:SOFTWARE\MainPean Highspeed\ MainPean
MetaDirect RegKey Malware HKEY_CLASSES_ROOT:Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}\
Purity Scan RegValue Malware HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Run\ "Trsc"
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ads.specificpop[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@advertising[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@atdmt[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@centrport[1].txt
Other File Data Miner c:\documents and settings\owner\cookies\owner@cgi-bin[1].txt RedSherrif Tracking Cookie
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@doubleclick[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ehg-spafinder.hitbox[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@ehg-uniontrib.hitbox[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@hitbox[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@hotlog[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@mediaplex[1].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@servedby.advertising[2].txt
Tracking Cookie File Data Miner c:\documents and settings\owner\cookies\owner@tribalfusion[1].txt
BrowserAid File Data Miner c:\windows\system32\stlbdist.dll
Verticity File Malware c:\windows\system32\td.exe
BrowserAid RegKey Data Miner HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Updt\
BrowserAid File Data Miner c:\windows\system32\stlbdist.xml
#4
Guest_jegwinn_*
Guest_jegwinn_*
-
- Guests
Posted 13 January 2004 - 12:25 AM
after looking around a bit it looks like I didn't send this in the right format, I will try again!
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, January 12, 2004 4:17:10 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R247 10.01.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R247 10.01.2004
Internal build : 174
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 776519 Bytes
Signature data size : 761540 Bytes
Reference data size : 14915 Bytes
Signatures total : 17322
Target categories : 10
Target families : 395
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:34 %
Total physical memory:260096 kb
Available physical memory:86548 kb
Total page file size:640596 kb
Available on page file:441916 kb
Total virtual memory:2097024 kb
Available virtual memory:2045244 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
1-12-2004 4:17:10 PM - Scan started. (Smart mode)
Listing running processes
??????????????????????????????????????
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 1-13-2004 12:01:54 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 9/3/2002 4:59:11 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 9/3/2002 4:59:11 PM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 9/3/2002 4:39:51 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 4:39:51 PM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:32 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:55:20 PM
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 9/3/2002 5:04:18 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 9/3/2002 5:04:18 PM
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:33 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:51:48 PM
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/17/2003 5:01:49 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 7/17/2003 7:16:38 PM
#:11 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 9/11/2003 2:11:46 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 9/11/2003 2:11:46 AM
#:12 [kpf4ss.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 1888 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - Service
InternalName : kpf4ss
OriginalFilename : kpf4ss.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/17/2003 5:01:40 AM
Last accessed : 1/13/2004 12:00:38 AM
Last modified : 11/15/2002 3:41:26 AM
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 9/3/2002 4:32:50 PM
Last accessed : 1/13/2004 12:06:15 AM
Last modified : 9/3/2002 4:32:50 PM
#:16 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:05 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:17 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:08 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:18 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:12 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 11/14/2003 9:20:40 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 4/7/2003 8:07:38 AM
#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:02:13 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/30/2003 7:31:38 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 10/18/2003 6:36:40 AM
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 11/14/2003 9:44:28 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 8/15/2002 1:29:26 AM
#:21 [dlbkbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe
ProductName : Button Manager Executable
Created on : 11/14/2003 10:15:57 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 4/10/2003 11:52:38 AM
#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:50 AM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 10/22/2003 1:07:50 AM
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 11/14/2003 11:23:17 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 11/14/2003 11:23:17 PM
#:24 [dlbkbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe
ProductName : Button Monitor Executable
Created on : 11/14/2003 10:15:58 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 4/10/2003 12:10:14 PM
#:25 [wupdater.exe]
FilePath : C:\Program Files\Common files\updater\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Idle
FileSize : 60 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright © 2003
FileDescription : Updater Application
InternalName : Updater
OriginalFilename : updater.exe
ProductName : Updater Application
Created on : 11/15/2003 11:06:10 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/15/2003 11:06:10 AM
#:26 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:40 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 10/22/2003 1:07:40 AM
#:27 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 4568 KB
FileVersion : 6.1.0203
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 11/19/2003 10:50:18 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/19/2003 10:50:18 PM
#:28 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 1-13-2004 12:02:25 AM
BasePriority : Normal
FileSize : 64 KB
Created on : 11/14/2003 11:14:36 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 2/5/2002 2:15:00 AM
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 1-13-2004 12:06:06 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/5/2003 10:08:57 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 7/13/2003 6:00:20 AM
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 1-13-2004 12:08:44 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 11/14/2003 7:41:55 PM
Last accessed : 1/13/2004 12:08:46 AM
Last modified : 9/3/2002 4:35:04 PM
#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 1-13-2004 12:15:10 AM
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 4:05:20 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 4/15/2003 4:05:20 AM
Memory scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 0
Started registry scan
??????????????????????????????????????
MainPean Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MainPean Highspeed
MetaDirect Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}
Registry scan result :
??????????????????????????????????????
New objects : 2
Objects found so far: 2
Started deep registry scan
??????????????????????????????????????
Purity Scan Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Trsc"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Trsc
Purity Scan Object recognized!
Type : File
Data : wris.exe
Category : Malware
Comment :
Object : c:\documents and settings\owner\application data\
FileSize : 64 KB
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0
Created on : 11/26/2003 11:01:03 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/26/2003 11:01:14 PM
Deep registry scan result :
??????????????????????????????????????
New objects : 1
Objects found so far: 4
??????????????????????????????????????
Other Object recognized!
Type : File
Data : owner@cgi-bin[1].txt
Category : Data Miner
Comment : RedSherrif Tracking Cookie
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/10/2004 9:46:31 PM
Last accessed : 1/13/2004 12:07:25 AM
Last modified : 1/10/2004 9:46:31 PM
??????????????????????????????????????
Deep scanning and examining files (C:)
??????????????????????????????????????
BrowserAid Object recognized!
Type : File
Data : stlbdist.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileSize : 212 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:00 AM
Last modified : 12/5/2003 2:01:31 AM
Verticity Object recognized!
Type : File
Data : td.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : TurboDownload
Created on : 5/2/2002 8:23:30 PM
Last accessed : 1/13/2004 12:08:01 AM
Last modified : 5/2/2002 8:23:30 PM
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
????????????????????????????????????????????????????????????????????????????
Hosts file scan result:
??????????????????????????????????????
1 entries scanned.
New objects :0
Objects found so far: 7
Performing conditional scans..
??????????????????????????????????????
BrowserAid Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Updt
BrowserAid Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
BrowserAid Object recognized!
Type : File
Data : stlbdist.xml
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:07 AM
Last modified : 12/5/2003 2:01:31 AM
Conditional scan result:
??????????????????????????????????????
New objects : 3
Objects found so far: 10
Reanalyzing scan result
??????????????????????????????????????
The following objects have been removed from the result list:
c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
4:18:47 PM Scan complete
Summary of this scan
??????????????????????????????????????
Total scanning time :00:01:36:594
Objects scanned :37889
Objects identified :10
Objects ignored :1
New objects :9
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, January 12, 2004 4:17:10 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R247 10.01.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R247 10.01.2004
Internal build : 174
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 776519 Bytes
Signature data size : 761540 Bytes
Reference data size : 14915 Bytes
Signatures total : 17322
Target categories : 10
Target families : 395
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:34 %
Total physical memory:260096 kb
Available physical memory:86548 kb
Total page file size:640596 kb
Available on page file:441916 kb
Total virtual memory:2097024 kb
Available virtual memory:2045244 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
1-12-2004 4:17:10 PM - Scan started. (Smart mode)
Listing running processes
??????????????????????????????????????
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 1-13-2004 12:01:54 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 9/3/2002 4:59:11 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 9/3/2002 4:59:11 PM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 9/3/2002 4:39:51 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 4:39:51 PM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:01:58 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:32 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:55:20 PM
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 9/3/2002 5:04:18 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 9/3/2002 5:04:18 PM
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:33 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:51:48 PM
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:02:00 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/17/2003 5:01:49 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 7/17/2003 7:16:38 PM
#:11 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 9/11/2003 2:11:46 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 9/11/2003 2:11:46 AM
#:12 [kpf4ss.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 1888 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - Service
InternalName : kpf4ss
OriginalFilename : kpf4ss.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/17/2003 5:01:40 AM
Last accessed : 1/13/2004 12:00:38 AM
Last modified : 11/15/2002 3:41:26 AM
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:02:05 AM
Last modified : 9/3/2002 5:05:32 PM
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 1-13-2004 12:02:04 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 9/3/2002 4:32:50 PM
Last accessed : 1/13/2004 12:06:15 AM
Last modified : 9/3/2002 4:32:50 PM
#:16 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:05 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:17 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:02:08 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 12/12/2003 7:21:08 PM
#:18 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:02:12 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 11/14/2003 9:20:40 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 4/7/2003 8:07:38 AM
#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:02:13 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/30/2003 7:31:38 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 10/18/2003 6:36:40 AM
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 11/14/2003 9:44:28 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 8/15/2002 1:29:26 AM
#:21 [dlbkbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe
ProductName : Button Manager Executable
Created on : 11/14/2003 10:15:57 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 4/10/2003 11:52:38 AM
#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:50 AM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 10/22/2003 1:07:50 AM
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 1-13-2004 12:02:14 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 11/14/2003 11:23:17 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 11/14/2003 11:23:17 PM
#:24 [dlbkbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe
ProductName : Button Monitor Executable
Created on : 11/14/2003 10:15:58 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 4/10/2003 12:10:14 PM
#:25 [wupdater.exe]
FilePath : C:\Program Files\Common files\updater\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Idle
FileSize : 60 KB
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
Copyright : Copyright © 2003
FileDescription : Updater Application
InternalName : Updater
OriginalFilename : updater.exe
ProductName : Updater Application
Created on : 11/15/2003 11:06:10 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/15/2003 11:06:10 AM
#:26 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:40 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 10/22/2003 1:07:40 AM
#:27 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 1-13-2004 12:02:15 AM
BasePriority : Normal
FileSize : 4568 KB
FileVersion : 6.1.0203
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 11/19/2003 10:50:18 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/19/2003 10:50:18 PM
#:28 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 1-13-2004 12:02:25 AM
BasePriority : Normal
FileSize : 64 KB
Created on : 11/14/2003 11:14:36 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 2/5/2002 2:15:00 AM
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 1-13-2004 12:06:06 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/5/2003 10:08:57 PM
Last accessed : 1/13/2004 12:02:09 AM
Last modified : 7/13/2003 6:00:20 AM
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 1-13-2004 12:08:44 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 11/14/2003 7:41:55 PM
Last accessed : 1/13/2004 12:08:46 AM
Last modified : 9/3/2002 4:35:04 PM
#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 1-13-2004 12:15:10 AM
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 4:05:20 AM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 4/15/2003 4:05:20 AM
Memory scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 0
Started registry scan
??????????????????????????????????????
MainPean Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MainPean Highspeed
MetaDirect Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}
Registry scan result :
??????????????????????????????????????
New objects : 2
Objects found so far: 2
Started deep registry scan
??????????????????????????????????????
Purity Scan Object recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Trsc"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Trsc
Purity Scan Object recognized!
Type : File
Data : wris.exe
Category : Malware
Comment :
Object : c:\documents and settings\owner\application data\
FileSize : 64 KB
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0
Created on : 11/26/2003 11:01:03 PM
Last accessed : 1/13/2004 12:02:08 AM
Last modified : 11/26/2003 11:01:14 PM
Deep registry scan result :
??????????????????????????????????????
New objects : 1
Objects found so far: 4
??????????????????????????????????????
Other Object recognized!
Type : File
Data : owner@cgi-bin[1].txt
Category : Data Miner
Comment : RedSherrif Tracking Cookie
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/10/2004 9:46:31 PM
Last accessed : 1/13/2004 12:07:25 AM
Last modified : 1/10/2004 9:46:31 PM
??????????????????????????????????????
Deep scanning and examining files (C:)
??????????????????????????????????????
BrowserAid Object recognized!
Type : File
Data : stlbdist.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileSize : 212 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:00 AM
Last modified : 12/5/2003 2:01:31 AM
Verticity Object recognized!
Type : File
Data : td.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : TurboDownload
Created on : 5/2/2002 8:23:30 PM
Last accessed : 1/13/2004 12:08:01 AM
Last modified : 5/2/2002 8:23:30 PM
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
????????????????????????????????????????????????????????????????????????????
Hosts file scan result:
??????????????????????????????????????
1 entries scanned.
New objects :0
Objects found so far: 7
Performing conditional scans..
??????????????????????????????????????
BrowserAid Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Updt
BrowserAid Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
BrowserAid Object recognized!
Type : File
Data : stlbdist.xml
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:07 AM
Last modified : 12/5/2003 2:01:31 AM
Conditional scan result:
??????????????????????????????????????
New objects : 3
Objects found so far: 10
Reanalyzing scan result
??????????????????????????????????????
The following objects have been removed from the result list:
c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
4:18:47 PM Scan complete
Summary of this scan
??????????????????????????????????????
Total scanning time :00:01:36:594
Objects scanned :37889
Objects identified :10
Objects ignored :1
New objects :9
#5
Hunter
-
- General Admin
-
- 12,465 posts
The Flying Dutchman
Posted 13 January 2004 - 12:31 AM
You can get rid of all that stuff in your first post. When you did use hijackthis..did you delete anything with it ??
Take a look at this thread and we will help you..
Guidelines for Posting in This Forum, READ THIS FIRST PLEASE
http://forum.gladiat...showtopic=10517
Take a look at this thread and we will help you..
Guidelines for Posting in This Forum, READ THIS FIRST PLEASE
http://forum.gladiat...showtopic=10517
#6
Hunter
-
- General Admin
-
- 12,465 posts
The Flying Dutchman
Posted 13 January 2004 - 12:45 AM
Also.. you can download CWShredder which is a special tool to take care of the Coolwebsearch hijacker you might have. Just download it, unzip it and click on it. Hit the *next* button to run it. Let it fix whatever it finds.
http://www.merijn.or.../cwshredder.zip
http://www.merijn.or.../cwshredder.zip
#7
Guest_Guest_*
Guest_Guest_*
-
- Guests
Posted 13 January 2004 - 12:56 AM
First off, thanks a lot for the help!
I have used hijack this and got some help at http://forums.spywar...php?showforum=7. They did give me some things to delete and now my ad-aware log looks a little different and I am not sure why:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, January 12, 2004 4:45:18 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R247 10.01.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R247 10.01.2004
Internal build : 174
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 776519 Bytes
Signature data size : 761540 Bytes
Reference data size : 14915 Bytes
Signatures total : 17322
Target categories : 10
Target families : 395
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:260096 kb
Available physical memory:73596 kb
Total page file size:640596 kb
Available on page file:467328 kb
Total virtual memory:2097024 kb
Available virtual memory:2058400 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
1-12-2004 4:45:18 PM - Scan started. (Smart mode)
Listing running processes
??????????????????????????????????????
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 1-13-2004 12:36:35 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 9/3/2002 4:59:11 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 9/3/2002 4:59:11 PM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 9/3/2002 4:39:51 PM
Last accessed : 1/13/2004 12:36:45 AM
Last modified : 9/3/2002 4:39:51 PM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:32 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:55:20 PM
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 9/3/2002 5:04:18 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 9/3/2002 5:04:18 PM
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:33 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:51:48 PM
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/17/2003 5:01:49 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 7/17/2003 7:16:38 PM
#:11 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 9/11/2003 2:11:46 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 9/11/2003 2:11:46 AM
#:12 [kpf4ss.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 1888 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - Service
InternalName : kpf4ss
OriginalFilename : kpf4ss.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 12/12/2003 7:21:08 PM
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/17/2003 5:01:40 AM
Last accessed : 1/13/2004 12:00:38 aM
Last modified : 11/15/2002 3:41:26 AM
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 1-13-2004 12:36:45 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 9/3/2002 4:32:50 PM
Last accessed : 1/13/2004 12:37:07 AM
Last modified : 9/3/2002 4:32:50 PM
#:16 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:45 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:56 AM
Last modified : 12/12/2003 7:21:08 PM
#:17 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:46 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:56 AM
Last modified : 12/12/2003 7:21:08 PM
#:18 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 11/14/2003 9:20:40 PM
Last accessed : 1/13/2004 12:36:47 AM
Last modified : 4/7/2003 8:07:38 AM
#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/30/2003 7:31:38 PM
Last accessed : 1/13/2004 12:36:52 AM
Last modified : 10/18/2003 6:36:40 AM
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 11/14/2003 9:44:28 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 8/15/2002 1:29:26 AM
#:21 [dlbkbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe
ProductName : Button Manager Executable
Created on : 11/14/2003 10:15:57 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 4/10/2003 11:52:38 AM
#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:50 AM
Last accessed : 1/13/2004 12:36:55 AM
Last modified : 10/22/2003 1:07:50 AM
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 11/14/2003 11:23:17 PM
Last accessed : 1/13/2004 12:36:54 AM
Last modified : 11/14/2003 11:23:17 PM
#:24 [dlbkbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:36:48 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe
ProductName : Button Monitor Executable
Created on : 11/14/2003 10:15:58 PM
Last accessed : 1/13/2004 12:36:49 AM
Last modified : 4/10/2003 12:10:14 PM
#:25 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 1-13-2004 12:36:49 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:40 AM
Last accessed : 1/13/2004 12:36:55 AM
Last modified : 10/22/2003 1:07:40 AM
#:26 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 1-13-2004 12:36:57 AM
BasePriority : Normal
FileSize : 64 KB
Created on : 11/14/2003 11:14:36 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 2/5/2002 2:15:00 AM
#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 1-13-2004 12:44:22 AM
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 4:05:20 AM
Last accessed : 1/13/2004 12:38:44 AM
Last modified : 4/15/2003 4:05:20 AM
#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 1-13-2004 12:45:11 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/5/2003 10:08:57 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 7/13/2003 6:00:20 AM
Memory scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 0
Started registry scan
??????????????????????????????????????
MainPean Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MainPean Highspeed
MetaDirect Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}
Registry scan result :
??????????????????????????????????????
New objects : 2
Objects found so far: 2
Started deep registry scan
??????????????????????????????????????
Deep registry scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 2
??????????????????????????????????????
Other Object recognized!
Type : File
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : RedSherrif Tracking Cookie
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/13/2004 12:30:40 AM
Last accessed : 1/13/2004 12:30:40 AM
Last modified : 1/13/2004 12:30:40 AM
Tracking Cookie Object recognized!
Type : File
Data : owner@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/13/2004 12:31:04 AM
Last accessed : 1/13/2004 12:31:04 AM
Last modified : 1/13/2004 12:31:04 AM
??????????????????????????????????????
Deep scanning and examining files (C:)
??????????????????????????????????????
BrowserAid Object recognized!
Type : File
Data : stlbdist.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileSize : 212 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:00 AM
Last modified : 12/5/2003 2:01:31 AM
Verticity Object recognized!
Type : File
Data : td.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : TurboDownload
Created on : 5/2/2002 8:23:30 PM
Last accessed : 1/13/2004 12:08:01 AM
Last modified : 5/2/2002 8:23:30 PM
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
????????????????????????????????????????????????????????????????????????????
Hosts file scan result:
??????????????????????????????????????
1 entries scanned.
New objects :0
Objects found so far: 6
Performing conditional scans..
??????????????????????????????????????
BrowserAid Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Updt
BrowserAid Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
BrowserAid Object recognized!
Type : File
Data : stlbdist.xml
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:07 AM
Last modified : 12/5/2003 2:01:31 AM
Conditional scan result:
??????????????????????????????????????
New objects : 3
Objects found so far: 9
Reanalyzing scan result
??????????????????????????????????????
The following objects have been removed from the result list:
c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
4:47:07 PM Scan complete
Summary of this scan
??????????????????????????????????????
Total scanning time :00:01:48:578
Objects scanned :37881
Objects identified :9
Objects ignored :1
New objects :8
I have used hijack this and got some help at http://forums.spywar...php?showforum=7. They did give me some things to delete and now my ad-aware log looks a little different and I am not sure why:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, January 12, 2004 4:45:18 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R247 10.01.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R247 10.01.2004
Internal build : 174
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 776519 Bytes
Signature data size : 761540 Bytes
Reference data size : 14915 Bytes
Signatures total : 17322
Target categories : 10
Target families : 395
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:260096 kb
Available physical memory:73596 kb
Total page file size:640596 kb
Available on page file:467328 kb
Total virtual memory:2097024 kb
Available virtual memory:2058400 kb
OS:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Reanalyze result after scanning, before displaying result list
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
1-12-2004 4:45:18 PM - Scan started. (Smart mode)
Listing running processes
??????????????????????????????????????
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 1-13-2004 12:36:35 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 9/3/2002 4:59:11 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 9/3/2002 4:59:11 PM
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 9/3/2002 4:39:51 PM
Last accessed : 1/13/2004 12:36:45 AM
Last modified : 9/3/2002 4:39:51 PM
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:38 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:32 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:55:20 PM
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 9/3/2002 5:04:18 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 9/3/2002 5:04:18 PM
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : © 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 11/14/2003 10:16:33 PM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 4/7/2003 8:51:48 PM
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:36:40 AM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 11/17/2003 5:01:49 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 7/17/2003 7:16:38 PM
#:11 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 48 KB
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
Copyright : Copyright
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
OriginalFilename : gearsec.exe
ProductName : gearsec
Created on : 9/11/2003 2:11:46 AM
Last accessed : 1/13/2004 12:01:54 AM
Last modified : 9/11/2003 2:11:46 AM
#:12 [kpf4ss.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 1888 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - Service
InternalName : kpf4ss
OriginalFilename : kpf4ss.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:46 AM
Last modified : 12/12/2003 7:21:08 PM
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/17/2003 5:01:40 AM
Last accessed : 1/13/2004 12:00:38 aM
Last modified : 11/15/2002 3:41:26 AM
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:44 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 9/3/2002 5:05:32 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 9/3/2002 5:05:32 PM
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 1-13-2004 12:36:45 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 9/3/2002 4:32:50 PM
Last accessed : 1/13/2004 12:37:07 AM
Last modified : 9/3/2002 4:32:50 PM
#:16 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:45 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:56 AM
Last modified : 12/12/2003 7:21:08 PM
#:17 [kpf4gui.exe]
FilePath : C:\Program Files\Kerio\Personal Firewall 4\
ThreadCreationTime : 1-13-2004 12:36:46 AM
BasePriority : Normal
FileSize : 2240 KB
FileVersion : 4.0.10
ProductVersion : 4.0.10
Copyright : Copyright © 1997-2003 Kerio Technologies
CompanyName : Kerio Technologies
FileDescription : Kerio Personal Firewall 4 - GUI
InternalName : kpf4gui
OriginalFilename : kpf4gui.EXE
ProductName : Kerio Personal Firewall 4
Created on : 12/12/2003 7:21:08 PM
Last accessed : 1/13/2004 12:36:56 AM
Last modified : 12/12/2003 7:21:08 PM
#:18 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel® Common User Interface
Created on : 11/14/2003 9:20:40 PM
Last accessed : 1/13/2004 12:36:47 AM
Last modified : 4/7/2003 8:07:38 AM
#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11/30/2003 7:31:38 PM
Last accessed : 1/13/2004 12:36:52 AM
Last modified : 10/18/2003 6:36:40 AM
#:20 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 88 KB
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
Copyright : Copyright © MUSICMATCH 1998-2001
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
OriginalFilename : mm_tray.exe
ProductName : MUSICMATCH JUKEBOX
Created on : 11/14/2003 9:44:28 PM
Last accessed : 1/13/2004 12:36:48 AM
Last modified : 8/15/2002 1:29:26 AM
#:21 [dlbkbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 264 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe
ProductName : Button Manager Executable
Created on : 11/14/2003 10:15:57 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 4/10/2003 11:52:38 AM
#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:50 AM
Last accessed : 1/13/2004 12:36:55 AM
Last modified : 10/22/2003 1:07:50 AM
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 1-13-2004 12:36:47 AM
BasePriority : Normal
FileSize : 76 KB
FileVersion : 6.4
ProductVersion : QuickTime 6.4
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 11/14/2003 11:23:17 PM
Last accessed : 1/13/2004 12:36:54 AM
Last modified : 11/14/2003 11:23:17 PM
#:24 [dlbkbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ThreadCreationTime : 1-13-2004 12:36:48 AM
BasePriority : Normal
FileSize : 52 KB
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe
ProductName : Button Monitor Executable
Created on : 11/14/2003 10:15:58 PM
Last accessed : 1/13/2004 12:36:49 AM
Last modified : 4/10/2003 12:10:14 PM
#:25 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 1-13-2004 12:36:49 AM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 4.1.1.54
ProductVersion : 4.1.1.54
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 10/22/2003 1:07:40 AM
Last accessed : 1/13/2004 12:36:55 AM
Last modified : 10/22/2003 1:07:40 AM
#:26 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ThreadCreationTime : 1-13-2004 12:36:57 AM
BasePriority : Normal
FileSize : 64 KB
Created on : 11/14/2003 11:14:36 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 2/5/2002 2:15:00 AM
#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 1-13-2004 12:44:22 AM
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 4/15/2003 4:05:20 AM
Last accessed : 1/13/2004 12:38:44 AM
Last modified : 4/15/2003 4:05:20 AM
#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 1-13-2004 12:45:11 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/5/2003 10:08:57 PM
Last accessed : 1/13/2004 12:36:57 AM
Last modified : 7/13/2003 6:00:20 AM
Memory scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 0
Started registry scan
??????????????????????????????????????
MainPean Dialer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MainPean Highspeed
MetaDirect Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{305F57E2-4479-4F5B-A76E-E67BABE2355C}
Registry scan result :
??????????????????????????????????????
New objects : 2
Objects found so far: 2
Started deep registry scan
??????????????????????????????????????
Deep registry scan result :
??????????????????????????????????????
New objects : 0
Objects found so far: 2
??????????????????????????????????????
Other Object recognized!
Type : File
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : RedSherrif Tracking Cookie
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/13/2004 12:30:40 AM
Last accessed : 1/13/2004 12:30:40 AM
Last modified : 1/13/2004 12:30:40 AM
Tracking Cookie Object recognized!
Type : File
Data : owner@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Cookies\
Created on : 1/13/2004 12:31:04 AM
Last accessed : 1/13/2004 12:31:04 AM
Last modified : 1/13/2004 12:31:04 AM
??????????????????????????????????????
Deep scanning and examining files (C:)
??????????????????????????????????????
BrowserAid Object recognized!
Type : File
Data : stlbdist.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileSize : 212 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:00 AM
Last modified : 12/5/2003 2:01:31 AM
Verticity Object recognized!
Type : File
Data : td.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileSize : 44 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : Verticity
InternalName : td
OriginalFilename : td.exe
ProductName : TurboDownload
Created on : 5/2/2002 8:23:30 PM
Last accessed : 1/13/2004 12:08:01 AM
Last modified : 5/2/2002 8:23:30 PM
Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
????????????????????????????????????????????????????????????????????????????
Hosts file scan result:
??????????????????????????????????????
1 entries scanned.
New objects :0
Objects found so far: 6
Performing conditional scans..
??????????????????????????????????????
BrowserAid Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Updt
BrowserAid Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
BrowserAid Object recognized!
Type : File
Data : stlbdist.xml
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileSize : 3 KB
Created on : 12/5/2003 2:01:31 AM
Last accessed : 1/13/2004 12:08:07 AM
Last modified : 12/5/2003 2:01:31 AM
Conditional scan result:
??????????????????????????????????????
New objects : 3
Objects found so far: 9
Reanalyzing scan result
??????????????????????????????????????
The following objects have been removed from the result list:
c:\documents and settings\owner\application data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
4:47:07 PM Scan complete
Summary of this scan
??????????????????????????????????????
Total scanning time :00:01:48:578
Objects scanned :37881
Objects identified :9
Objects ignored :1
New objects :8
#8
Hunter
-
- General Admin
-
- 12,465 posts
The Flying Dutchman
Posted 13 January 2004 - 12:12 PM
Well then let adware clean off those object and then reboot. But it appears to me what ever help you did get so far on your hijackthis log has not helped completely to clean your system.
The cookies will always come back an that has to do with the sites you are visiting and allowing your Browser to accept.
On your MainPean problem see these two links..
http://www.dslreport...07312~mode=flat
http://www.dslreport...de=flat#8580559
Since you did not give me a link directly to your post at the spywareinfo i have no idea what your hijackthis log actually looks like.
:)
But you can post it here..in this forum..and I will look at it.
http://forum.gladiat...p?showforum=170
You might also consider locking down your Browser with setting changed in your IE for better security...
http://www.markusjansson.net/
The cookies will always come back an that has to do with the sites you are visiting and allowing your Browser to accept.
On your MainPean problem see these two links..
http://www.dslreport...07312~mode=flat
http://www.dslreport...de=flat#8580559
Since you did not give me a link directly to your post at the spywareinfo i have no idea what your hijackthis log actually looks like.
:)
But you can post it here..in this forum..and I will look at it.
http://forum.gladiat...p?showforum=170
You might also consider locking down your Browser with setting changed in your IE for better security...
http://www.markusjansson.net/
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
