I am using a windows XP program. and i have been affected by adware and popups when i accidently click on a popup.
I have tried everything and really feel hopeless.
Some of the names of the popups are MP MEDIA HOLDINGS and FIRSTADSOLUTION
I have attached a copy of the log file.
Everytime i scan and delete a threat, when i rescan it , theres always something else.
Pls help me...
Thank you sooo much
Full Version: Please help me, Pop ups are everywhere
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Pasting in your log for easier reading. I'll be back with a response after I have a chance to review it. 
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 30, 2006 10:38:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R120 24.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):7 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-30-2006 10:38:13 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\ivan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 660
ThreadCreationTime : 8-31-2006 2:15:40 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 8-31-2006 2:15:42 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 8-31-2006 2:15:59 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 8-31-2006 2:16:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 8-31-2006 2:16:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 8-31-2006 2:16:02 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 8-31-2006 2:16:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 8-31-2006 2:16:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1200
ThreadCreationTime : 8-31-2006 2:16:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1264
ThreadCreationTime : 8-31-2006 2:16:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1440
ThreadCreationTime : 8-31-2006 2:16:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1520
ThreadCreationTime : 8-31-2006 2:16:08 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1988
ThreadCreationTime : 8-31-2006 2:16:10 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 188
ThreadCreationTime : 8-31-2006 2:16:11 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 324
ThreadCreationTime : 8-31-2006 2:16:11 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 8-31-2006 2:16:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:17 [atkkbservice.exe]
FilePath : C:\WINDOWS\
ProcessID : 712
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : ASUS Keyboard Service
CompanyName : ASUSTeK COMPUTER INC.
FileDescription : ASUS Keyboard Service
InternalName : ATKKBService
LegalCopyright : Copyright © 2004 @ASUSTeK COMPUTER INC.
OriginalFilename : ATKKBService.exe
#:18 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 732
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [btwdins.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\bin\
ProcessID : 996
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 4.0.1.700
ProductVersion : 4.0.1.700
ProductName : Bluetooth Software 4.0.1.700
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright 2000-2004, Broadcom Corporation.
OriginalFilename : BTWDIns.EXE
#:21 [ghosts~2.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~3\
ProcessID : 1144
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe
#:22 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1180
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:23 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ProcessID : 1252
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:24 [savscan.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ProcessID : 1456
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:25 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\
ProcessID : 1580
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll
#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1632
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:27 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1652
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:28 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1680
ThreadCreationTime : 8-31-2006 2:16:21 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:29 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1780
ThreadCreationTime : 8-31-2006 2:16:22 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:30 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 8-31-2006 2:16:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:31 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2156
ThreadCreationTime : 8-31-2006 2:16:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:32 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2724
ThreadCreationTime : 8-31-2006 2:17:13 AM
BasePriority : Normal
FileVersion : 5.1.0.33
ProductVersion : 5.1.0.33
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:33 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 2820
ThreadCreationTime : 8-31-2006 2:17:15 AM
BasePriority : Normal
FileVersion : 2.20.243
ProductVersion : 2.20.243
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:34 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2840
ThreadCreationTime : 8-31-2006 2:17:17 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:35 [em_exec.exe]
FilePath : C:\Program Files\Logitech\MouseWare\system\
ProcessID : 2848
ThreadCreationTime : 8-31-2006 2:17:17 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:36 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2892
ThreadCreationTime : 8-31-2006 2:17:19 AM
BasePriority : Normal
#:37 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2988
ThreadCreationTime : 8-31-2006 2:17:23 AM
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:38 [taskswitch.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3008
ThreadCreationTime : 8-31-2006 2:17:24 AM
BasePriority : Normal
#:39 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3016
ThreadCreationTime : 8-31-2006 2:17:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:40 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 3076
ThreadCreationTime : 8-31-2006 2:17:27 AM
BasePriority : Normal
#:41 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3108
ThreadCreationTime : 8-31-2006 2:17:29 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:42 [win32102020658620.exe]
FilePath : C:\WINDOWS\
ProcessID : 3116
ThreadCreationTime : 8-31-2006 2:17:30 AM
BasePriority : Normal
FileVersion : 1.00.0022
ProductVersion : 1.00.0022
ProductName : tapeG22
InternalName : tapeG22
OriginalFilename : tapeG22.exe
#:43 [duce6.exe]
FilePath : C:\WINDOWS\
ProcessID : 3124
ThreadCreationTime : 8-31-2006 2:17:31 AM
BasePriority : Normal
FileVersion : 1.00.0006
ProductVersion : 1.00.0006
ProductName : Doc06
InternalName : Doc06
OriginalFilename : Doc06.exe
#:44 [robotaskbaricon.exe]
FilePath : C:\Program Files\Siber Systems\AI RoboForm\
ProcessID : 3196
ThreadCreationTime : 8-31-2006 2:17:33 AM
BasePriority : Normal
#:45 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3212
ThreadCreationTime : 8-31-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:46 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3256
ThreadCreationTime : 8-31-2006 2:17:34 AM
BasePriority : Normal
#:47 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ProcessID : 3364
ThreadCreationTime : 8-31-2006 2:17:38 AM
BasePriority : Normal
FileVersion : 4.0.1.700
ProductVersion : 4.0.1.700
ProductName : Bluetooth Software 4.0.1.700
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2004, Broadcom Corporation.
OriginalFilename : BTTray.exe
#:48 [cinetray.exe]
FilePath : C:\Program Files\Common Files\Sonic Shared\
ProcessID : 3380
ThreadCreationTime : 8-31-2006 2:17:40 AM
BasePriority : Below Normal
FileVersion : 2.1.00.0041
ProductVersion : 2.1.00.0000
ProductName : CineTray 2.1
CompanyName : Sonic Solutions
FileDescription : Sonic CinePlayer® Tray Application
InternalName : CineTray
LegalCopyright : Copyright © 2002-2004 Sonic Solutions
OriginalFilename : CineTray.exe
Comments : Developed by Sonic Solutions Engineering
#:49 [avant.exe]
FilePath : C:\Program Files\Avant Browser\
ProcessID : 1380
ThreadCreationTime : 8-31-2006 2:21:52 AM
BasePriority : Normal
FileVersion : 10.2.0.39
ProductVersion : 10.0
ProductName : Avant Browser
FileDescription : Avant Browser
#:50 [aolmediaplaybackcontrol.exe]
FilePath : C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\
ProcessID : 1916
ThreadCreationTime : 8-31-2006 2:22:32 AM
BasePriority : Normal
#:51 [aolmediaplaybackcontrol.exe]
FilePath : C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\
ProcessID : 608
ThreadCreationTime : 8-31-2006 2:22:32 AM
BasePriority : Normal
#:52 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3896
ThreadCreationTime : 8-31-2006 2:36:44 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:53 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4032
ThreadCreationTime : 8-31-2006 2:38:01 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : media-motor.net
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ivan@atdmt.com/
Expires : 8-29-2011 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:ivan@2o7.net/
Expires : 8-29-2011 10:37:24 PM
LastSync : Hits:25
UseCount : 0
Hits : 25
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ivan@doubleclick.net/
Expires : 8-29-2009 10:22:32 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ivan@ads.addynamix.com/
Expires : 8-31-2006 10:33:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:ivan@advertising.com/
Expires : 8-29-2011 10:37:24 PM
LastSync : Hits:30
UseCount : 0
Hits : 30
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
10:54:25 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:11.844
Objects scanned:282805
Objects identified:5
Objects ignored:0
New critical objects:5
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 30, 2006 10:38:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R120 24.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):7 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-30-2006 10:38:13 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\ivan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1708537768-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 660
ThreadCreationTime : 8-31-2006 2:15:40 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 8-31-2006 2:15:42 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 8-31-2006 2:15:59 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 8-31-2006 2:16:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 8-31-2006 2:16:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 8-31-2006 2:16:02 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 8-31-2006 2:16:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 8-31-2006 2:16:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1200
ThreadCreationTime : 8-31-2006 2:16:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1264
ThreadCreationTime : 8-31-2006 2:16:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1440
ThreadCreationTime : 8-31-2006 2:16:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1520
ThreadCreationTime : 8-31-2006 2:16:08 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1988
ThreadCreationTime : 8-31-2006 2:16:10 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 188
ThreadCreationTime : 8-31-2006 2:16:11 AM
BasePriority : Normal
FileVersion : 6.14.10.4112
ProductVersion : 6.14.10.4112.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 324
ThreadCreationTime : 8-31-2006 2:16:11 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 8-31-2006 2:16:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:17 [atkkbservice.exe]
FilePath : C:\WINDOWS\
ProcessID : 712
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : ASUS Keyboard Service
CompanyName : ASUSTeK COMPUTER INC.
FileDescription : ASUS Keyboard Service
InternalName : ATKKBService
LegalCopyright : Copyright © 2004 @ASUSTeK COMPUTER INC.
OriginalFilename : ATKKBService.exe
#:18 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 732
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 8-31-2006 2:16:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [btwdins.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\bin\
ProcessID : 996
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 4.0.1.700
ProductVersion : 4.0.1.700
ProductName : Bluetooth Software 4.0.1.700
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright 2000-2004, Broadcom Corporation.
OriginalFilename : BTWDIns.EXE
#:21 [ghosts~2.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~3\
ProcessID : 1144
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe
#:22 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1180
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:23 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ProcessID : 1252
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:24 [savscan.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Antivirus\
ProcessID : 1456
ThreadCreationTime : 8-31-2006 2:16:19 AM
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:25 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\
ProcessID : 1580
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll
#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1632
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:27 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1652
ThreadCreationTime : 8-31-2006 2:16:20 AM
BasePriority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:28 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1680
ThreadCreationTime : 8-31-2006 2:16:21 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:29 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1780
ThreadCreationTime : 8-31-2006 2:16:22 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:30 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 8-31-2006 2:16:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:31 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2156
ThreadCreationTime : 8-31-2006 2:16:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:32 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2724
ThreadCreationTime : 8-31-2006 2:17:13 AM
BasePriority : Normal
FileVersion : 5.1.0.33
ProductVersion : 5.1.0.33
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:33 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 2820
ThreadCreationTime : 8-31-2006 2:17:15 AM
BasePriority : Normal
FileVersion : 2.20.243
ProductVersion : 2.20.243
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:34 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2840
ThreadCreationTime : 8-31-2006 2:17:17 AM
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:35 [em_exec.exe]
FilePath : C:\Program Files\Logitech\MouseWare\system\
ProcessID : 2848
ThreadCreationTime : 8-31-2006 2:17:17 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:36 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2892
ThreadCreationTime : 8-31-2006 2:17:19 AM
BasePriority : Normal
#:37 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2988
ThreadCreationTime : 8-31-2006 2:17:23 AM
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:38 [taskswitch.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3008
ThreadCreationTime : 8-31-2006 2:17:24 AM
BasePriority : Normal
#:39 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3016
ThreadCreationTime : 8-31-2006 2:17:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:40 [msgplus.exe]
FilePath : C:\Program Files\MessengerPlus! 3\
ProcessID : 3076
ThreadCreationTime : 8-31-2006 2:17:27 AM
BasePriority : Normal
#:41 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3108
ThreadCreationTime : 8-31-2006 2:17:29 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:42 [win32102020658620.exe]
FilePath : C:\WINDOWS\
ProcessID : 3116
ThreadCreationTime : 8-31-2006 2:17:30 AM
BasePriority : Normal
FileVersion : 1.00.0022
ProductVersion : 1.00.0022
ProductName : tapeG22
InternalName : tapeG22
OriginalFilename : tapeG22.exe
#:43 [duce6.exe]
FilePath : C:\WINDOWS\
ProcessID : 3124
ThreadCreationTime : 8-31-2006 2:17:31 AM
BasePriority : Normal
FileVersion : 1.00.0006
ProductVersion : 1.00.0006
ProductName : Doc06
InternalName : Doc06
OriginalFilename : Doc06.exe
#:44 [robotaskbaricon.exe]
FilePath : C:\Program Files\Siber Systems\AI RoboForm\
ProcessID : 3196
ThreadCreationTime : 8-31-2006 2:17:33 AM
BasePriority : Normal
#:45 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3212
ThreadCreationTime : 8-31-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:46 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3256
ThreadCreationTime : 8-31-2006 2:17:34 AM
BasePriority : Normal
#:47 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ProcessID : 3364
ThreadCreationTime : 8-31-2006 2:17:38 AM
BasePriority : Normal
FileVersion : 4.0.1.700
ProductVersion : 4.0.1.700
ProductName : Bluetooth Software 4.0.1.700
CompanyName : Broadcom Corporation.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2004, Broadcom Corporation.
OriginalFilename : BTTray.exe
#:48 [cinetray.exe]
FilePath : C:\Program Files\Common Files\Sonic Shared\
ProcessID : 3380
ThreadCreationTime : 8-31-2006 2:17:40 AM
BasePriority : Below Normal
FileVersion : 2.1.00.0041
ProductVersion : 2.1.00.0000
ProductName : CineTray 2.1
CompanyName : Sonic Solutions
FileDescription : Sonic CinePlayer® Tray Application
InternalName : CineTray
LegalCopyright : Copyright © 2002-2004 Sonic Solutions
OriginalFilename : CineTray.exe
Comments : Developed by Sonic Solutions Engineering
#:49 [avant.exe]
FilePath : C:\Program Files\Avant Browser\
ProcessID : 1380
ThreadCreationTime : 8-31-2006 2:21:52 AM
BasePriority : Normal
FileVersion : 10.2.0.39
ProductVersion : 10.0
ProductName : Avant Browser
FileDescription : Avant Browser
#:50 [aolmediaplaybackcontrol.exe]
FilePath : C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\
ProcessID : 1916
ThreadCreationTime : 8-31-2006 2:22:32 AM
BasePriority : Normal
#:51 [aolmediaplaybackcontrol.exe]
FilePath : C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\
ProcessID : 608
ThreadCreationTime : 8-31-2006 2:22:32 AM
BasePriority : Normal
#:52 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3896
ThreadCreationTime : 8-31-2006 2:36:44 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:53 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4032
ThreadCreationTime : 8-31-2006 2:38:01 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : media-motor.net
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ivan@atdmt.com/
Expires : 8-29-2011 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:ivan@2o7.net/
Expires : 8-29-2011 10:37:24 PM
LastSync : Hits:25
UseCount : 0
Hits : 25
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:ivan@doubleclick.net/
Expires : 8-29-2009 10:22:32 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ivan@ads.addynamix.com/
Expires : 8-31-2006 10:33:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ivan@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:30
Value : Cookie:ivan@advertising.com/
Expires : 8-29-2011 10:37:24 PM
LastSync : Hits:30
UseCount : 0
Hits : 30
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 12
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Not Avaliable
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
10:54:25 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:11.844
Objects scanned:282805
Objects identified:5
Objects ignored:0
New critical objects:5
I see some signs of a worm. Could you please create a diagnostic log from this free tool called HijackThis
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.