Jump to content


Photo

Adaware hangs at system volume info


  • Please log in to reply
10 replies to this topic

#1 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 23 July 2006 - 07:47 PM

Good morning. I am trying to run my Adaware program and it stops at system volume info\_restore.......
My computer is also running slow. I am using Windows XP and Norton antivirus. Here is my hijackthis log. I'd appreciate any help! Thanks in advance!!! Also....Adaware found several items before it stopped, 9 of which were registry items. It would not finish, so I could not fix them! And by hanging I mean, it just stops going any further. It says its running, but it never goes beyond that point. Oh yeah...and when I defragged, it could not defrag 2 files. They are: Files that cannot be defragmented
2 292 KB \System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP331\A0034921.rbf
6 290 KB \Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat

Logfile of HijackThis v1.99.1
Scan saved at 11:26:20 AM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CoffeeCup Software Popup Blocker - {49E0E0F0-5C30-11D4-945D-010002000012} - C:\PROGRA~1\COFFEE~1\POPUPB~1\CCPOPB~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CoffeeCup Popup Blocker.lnk = C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase7617.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) -
O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) - http://rapprinter.ra...Creator_001.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firs...r/mapviewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

#2 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 23 July 2006 - 09:40 PM

I set my Ad-Aware program to skip the system volume files and got it to finish scanning and removed the regristry files that were a problem. Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:35:00 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CoffeeCup Software Popup Blocker - {49E0E0F0-5C30-11D4-945D-010002000012} - C:\PROGRA~1\COFFEE~1\POPUPB~1\CCPOPB~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CoffeeCup Popup Blocker.lnk = C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase7617.cab
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) -
O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) - http://rapprinter.ra...Creator_001.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave...aploader_v6.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firs...r/mapviewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

#3 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 24 July 2006 - 03:51 AM

Bump

#4 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 24 July 2006 - 08:33 PM

Hi Lacey,

I don't see any problems in either your before or after HijackThis logs, so I doubt you had any active infections going.

Can you post the results of the Adaware Scan log for review so I can see what it found?

As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#5 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 July 2006 - 04:56 PM

Hi Jane. Thanks for the help! Here's my log:


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, July 23, 2006 12:45:40 PM
Using definitions file:SE1R115 18.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Pop(TAC index:3):17 total references
MRU List(TAC index:0):26 total references
Tracking Cookie(TAC index:3):27 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


7-23-2006 12:45:40 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 624
ThreadCreationTime : 7-23-2006 3:52:47 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 7-23-2006 3:52:51 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 7-23-2006 3:52:53 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 7-23-2006 3:52:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 768
ThreadCreationTime : 7-23-2006 3:52:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 7-23-2006 3:52:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 7-23-2006 3:52:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 7-23-2006 3:52:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1152
ThreadCreationTime : 7-23-2006 3:52:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 7-23-2006 3:52:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1596
ThreadCreationTime : 7-23-2006 3:53:00 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1612
ThreadCreationTime : 7-23-2006 3:53:00 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1676
ThreadCreationTime : 7-23-2006 3:53:02 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 296
ThreadCreationTime : 7-23-2006 3:53:03 PM
BasePriority : Normal
FileVersion : 6.0.3.303
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 316
ThreadCreationTime : 7-23-2006 3:53:03 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 448
ThreadCreationTime : 7-23-2006 3:53:03 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 7-23-2006 3:53:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 7-23-2006 3:53:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:19 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1220
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:20 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1248
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 4.11.050
ProductVersion : 4.11.050 Windows NT 2001/07/12
ProductName : SafeCast Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:21 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 1284
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 12
ProductVersion : 3, 0, 0, 10
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:22 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:23 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1444
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:24 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1452
ThreadCreationTime : 7-23-2006 3:53:15 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 1512
ThreadCreationTime : 7-23-2006 3:53:16 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:26 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1768
ThreadCreationTime : 7-23-2006 3:53:16 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:27 [swupdtmr.exe]
FilePath : c:\toshiba\ivp\swupdate\
ProcessID : 1868
ThreadCreationTime : 7-23-2006 3:53:16 PM
BasePriority : Normal


#:28 [scards32.exe]
FilePath : C:\WINDOWS\
ProcessID : 1928
ThreadCreationTime : 7-23-2006 3:53:16 PM
BasePriority : Normal
FileVersion : V2.14.38
ProductVersion : V2.14
ProductName : CHIPDRIVE IFD Drivers
CompanyName : Towitoko AG
FileDescription : SCARD 32-Bit 95/98-ServerProcess / NT-Service
InternalName : SCARDS32
LegalCopyright : © 1998-2002, Towitoko AG
OriginalFilename : SCARDS32.EXE

#:29 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2024
ThreadCreationTime : 7-23-2006 3:53:20 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:30 [00thotkey.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1776
ThreadCreationTime : 7-23-2006 3:53:29 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 6, 0, 2, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2003
OriginalFilename : THotkey.exe

#:31 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1792
ThreadCreationTime : 7-23-2006 3:53:29 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:32 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1816
ThreadCreationTime : 7-23-2006 3:53:29 PM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:33 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 1904
ThreadCreationTime : 7-23-2006 3:53:30 PM
BasePriority : Normal
FileVersion : 1.69
ProductVersion : 1.69
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2002
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE

#:34 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1508
ThreadCreationTime : 7-23-2006 3:53:30 PM
BasePriority : Normal
FileVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08
ProductVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:35 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 2004
ThreadCreationTime : 7-23-2006 3:53:31 PM
BasePriority : Normal
FileVersion : 6.0.2.171
ProductVersion : 6.0.2.171
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:36 [touched.exe]
FilePath : C:\Program Files\TOSHIBA\TouchED\
ProcessID : 2052
ThreadCreationTime : 7-23-2006 3:53:31 PM
BasePriority : Normal
FileVersion : 2, 5, 0, 0
ProductVersion : 2, 5, 0, 0
ProductName : TouchPad On/Off Utility
CompanyName : TOSHIBA Corporation
FileDescription : TouchPad On/Off Utility
InternalName : TouchED
LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TouchED.exe

#:37 [tfnf5.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2064
ThreadCreationTime : 7-23-2006 3:53:32 PM
BasePriority : Normal
FileVersion : 2, 4, 1, 0
ProductVersion : 2, 4, 1, 0
ProductName : TOSHIBA Hotkey Utility for Display Devices
CompanyName : TOSHIBA Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © 2001-2003
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:38 [padexe.exe]
FilePath : C:\Program Files\TOSHIBA\PadTouch\
ProcessID : 2072
ThreadCreationTime : 7-23-2006 3:53:32 PM
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : PadTouch
CompanyName : TOSHIBA
FileDescription : PadTouch Main
InternalName : PadExe
LegalCopyright : Copyright © 2003 TOSHIBA Corporation
OriginalFilename : PadExe.exe

#:39 [tpsmain.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2088
ThreadCreationTime : 7-23-2006 3:53:32 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSMain
LegalCopyright : Copyright © 1998-2003 TOSHIBA Corporation
OriginalFilename : TPSMain.EXE

#:40 [tfncky.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\
ProcessID : 2112
ThreadCreationTime : 7-23-2006 3:53:34 PM
BasePriority : Normal
FileVersion : 3.01.01
ProductVersion : 3.01.01
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 2001-2003 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:41 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2132
ThreadCreationTime : 7-23-2006 3:53:34 PM
BasePriority : Normal


#:42 [bsclip.exe]
FilePath : C:\PROGRA~1\B'SCLI~1\Win2K\
ProcessID : 2180
ThreadCreationTime : 7-23-2006 3:53:35 PM
BasePriority : Normal


#:43 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2220
ThreadCreationTime : 7-23-2006 3:53:36 PM
BasePriority : Normal
FileVersion : 6.3
ProductVersion : QuickTime 6.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:44 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2232
ThreadCreationTime : 7-23-2006 3:53:36 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:45 [toscdspd.exe]
FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
ProcessID : 2256
ThreadCreationTime : 7-23-2006 3:53:37 PM
BasePriority : Normal


#:46 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2292
ThreadCreationTime : 7-23-2006 3:53:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:47 [tpsbattm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2308
ThreadCreationTime : 7-23-2006 3:53:38 PM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright © 1998-2003 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:48 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 2344
ThreadCreationTime : 7-23-2006 3:53:42 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:49 [ramasst.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2564
ThreadCreationTime : 7-23-2006 3:53:50 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
ProductVersion : 1, 0, 9, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : RAMASST.EXE

#:50 [wg111cfg.exe]
FilePath : C:\Program Files\NETGEAR\WG111 Configuration Utility\
ProcessID : 2684
ThreadCreationTime : 7-23-2006 3:53:55 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 7
ProductVersion : 2, 0, 2, 7
ProductName : NETGEAR WG111 Smart Wizard-Wireless Assistance
FileDescription : NETGEAR WG111 Smart Wizard-Wireless Assistance
InternalName : Wg111.exe
LegalCopyright : 2004, Netgear, Inc. All Rights Reserved
OriginalFilename : Wg111.exe

#:51 [popupblocker.exe]
FilePath : C:\Program Files\CoffeeCup Software\PopUp Blocker\
ProcessID : 2756
ThreadCreationTime : 7-23-2006 3:53:59 PM
BasePriority : Normal


#:52 [hotsync.exe]
FilePath : C:\Program Files\palmOne\
ProcessID : 2920
ThreadCreationTime : 7-23-2006 3:54:24 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:53 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3156
ThreadCreationTime : 7-23-2006 3:54:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:54 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 1272
ThreadCreationTime : 7-23-2006 3:55:00 PM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:55 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3168
ThreadCreationTime : 7-23-2006 3:55:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:56 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 1592
ThreadCreationTime : 7-23-2006 3:58:49 PM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:57 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2960
ThreadCreationTime : 7-23-2006 4:17:25 PM
BasePriority : Normal


#:58 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3292
ThreadCreationTime : 7-23-2006 4:21:20 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:59 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2468
ThreadCreationTime : 7-23-2006 4:44:41 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:60 [hijackthis.exe]
FilePath : C:\Program Files\Hijackthis\
ProcessID : 2980
ThreadCreationTime : 7-23-2006 6:25:55 PM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}
Value :

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
Value :

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
Value :

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2
Value :

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})
Rootkey : HKEY_CLASSES_ROOT
Object : PopCapLoader.PopCapLoaderCtrl2.1
Value :

Adware.Pop Object Recognized!
Type : Regkey
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : .Owner

Adware.Pop Object Recognized!
Type : RegValue
Data :
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll
Value : {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Adware.Pop Object Recognized!
Type : File
Data : /windows/downloaded program files/popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL


Adware.Pop Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 16

MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Womack\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Claudia Womack\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

#6 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 July 2006 - 04:59 PM

And the rest of it:

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@adrevolver[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@ads.addynamix[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@ads.addynamix[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@as-us.falkag[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@as-us.falkag[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@bilbo.counted[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@bilbo.counted[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@bravenet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@bravenet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@citi.bridgetrack[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@citi.bridgetrack[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@excite[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@excite[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@media.fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@media.fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@reduxads.valuead[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@reduxads.valuead[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@server.iad.liveperson[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@tradedoubler[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@vdn.valuead[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@vdn.valuead[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : claudia womack@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia womack@zedo[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 27
Objects found so far: 69


Disk Scan Result for C:\BJPrinter\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\C_DILLA\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\Config.Msi\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\DOCS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\Documents and Settings\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\gfx\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\KB822624.temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\MSOCache\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\NETGEAR\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\RECYCLER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Disk Scan Result for C:\TOSHIBA\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69

Adware.Pop Object Recognized!
Type : File
Data : popcaploader.dll
Category : Possible Browser Hijack attempt
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL


Disk Scan Result for C:\WINDOWS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70

Disk Scan Result for C:\WORKSSETUP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70

Disk Scan Result for C:\WUTemp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 70




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70

1:04:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:48.0
Objects scanned:188618
Objects identified:44
Objects ignored:0
New critical objects:44

#7 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 25 July 2006 - 05:16 PM

Thanks, now I see it.

It is this item in your HijackThis log:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...aploader_v6.cab

That's a downloaded program file (via activeX) which appears to be for a game. If you choose to download that popcaploader for chuzzle on purpose, you can safely ignore those entries. It's simply alerting you to it's presence in case it is an Adware program you did NOT want on your system. Although some people do use it and enjoy it. It's not harmful to your computer.

Edit to add: If you rightclick on the items in the adaware scan list, you can get more details on what it has found to help decide if it is something you wish to keep or delete. When you rightclick you get this popup. Just choose *Item details* to see more info on an item. It will give you a link to the Threat Assessment Chart (TAC) so you can be more informed about what it is and does and can decide if that is something that needs to be deleted or not.

Attached Thumbnails

  • ItemDetails.gif

Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#8 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 July 2006 - 05:50 PM

Thanks, again. I did download that game and allowed the activeX. But is that what's causing my Ad-Aware program to stop and just sit there when it gets to the system volume file? And would that keep my defrag from being able to defrag that file?

#9 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 25 July 2006 - 06:03 PM

No, that would not cause the stall at the System Volume Information directory. That's a different issue.

So, you can ignore the item you did download for the game.

As for the System Volume Information (which is really your system restore backups) and defrag problems. Try resetting your System Restore as follows:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
...............
Another thing I notice is that you have an old build of Adaware SE.
See here on how to update to the newer version:
Ad-Aware Latest Version
http://www.lavasofts...?showtopic=1163
(that is linked at the very top of this forum)

Let me know if those two steps resolve the problem.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#10 Lacey

Lacey

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 July 2006 - 07:04 PM

Yep! That worked! My defrag AND my Ad-Aware made it all the way through without a problem.

As for the old version, it let me know I needed the upgrade, but I couldn't find my reference # to get it. I finally found it and sent an email to get the upgrade info.

Thanks so much for your help!! You are much appreciated!!!!!!

#11 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 25 July 2006 - 07:06 PM

Hooray! I'm so glad we were able to get it resolved for you. :D

I'll go ahead and archive this thread to the read-only Resolved Area. If you should encounter any further issues, please feel free to start a new topic.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users