Help - Search - Members - Calendar
Full Version: Hijack This Log
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
sjs
Dec 6 2006, 03:54 PM
After downloading and running adaware se for the first time in awhile I had it freeze up on me during the deepscanning registry. Using the custom settings with deep scanning unselected I managed to run the test fine. I couldn't run the full scan however even after trying all the suggestions in the freezeing up section.

I haven't had any experience with using hijackthis log files before (although I'm reasonably computer literate) so any help would be greatly appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 8:08:46 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165377246671
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B9642B-9460-44C7-9B5F-0C408F361C77}: NameServer = 85.255.115.59,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0E20919-6C11-4B48-A0C9-EB794E1AE717}: NameServer = 85.255.115.59,85.255.112.126
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B9642B-9460-44C7-9B5F-0C408F361C77}: NameServer = 85.255.115.59,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.59 85.255.112.126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, 7 December 2006 8:09:59 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R137 06.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CometSystems(TAC index:8):1 total references
MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-12-2006 8:09:59 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 7-12-2006 10:04:46 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 7-12-2006 10:04:48 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 7-12-2006 10:04:54 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 7-12-2006 10:04:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 7-12-2006 10:04:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 7-12-2006 10:04:55 AM
BasePriority : Normal
FileVersion : 6.14.10.4131
ProductVersion : 6.14.10.4131.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 7-12-2006 10:04:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 7-12-2006 10:04:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 980
ThreadCreationTime : 7-12-2006 10:04:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 7-12-2006 10:04:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1144
ThreadCreationTime : 7-12-2006 10:04:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1288
ThreadCreationTime : 7-12-2006 10:04:57 AM
BasePriority : Normal
FileVersion : 6.14.10.4131
ProductVersion : 6.14.10.4131.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1364
ThreadCreationTime : 7-12-2006 10:04:58 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 7-12-2006 10:04:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1752
ThreadCreationTime : 7-12-2006 10:05:00 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe

#:16 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1808
ThreadCreationTime : 7-12-2006 10:05:01 AM
BasePriority : Normal


#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1820
ThreadCreationTime : 7-12-2006 10:05:01 AM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1844
ThreadCreationTime : 7-12-2006 10:05:02 AM
BasePriority : Normal
FileVersion : 7.5.0.418
ProductVersion : 7.5.0.418
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1856
ThreadCreationTime : 7-12-2006 10:05:02 AM
BasePriority : Normal


#:20 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 1864
ThreadCreationTime : 7-12-2006 10:05:02 AM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright © 1995-2003 ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

OriginalFilename : OPWARE12.EXE

#:21 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1880
ThreadCreationTime : 7-12-2006 10:05:02 AM
BasePriority : Normal


#:22 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1892
ThreadCreationTime : 7-12-2006 10:05:03 AM
BasePriority : Normal
FileVersion : 7.0.0.70
ProductVersion : 7.0.0.70
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1948
ThreadCreationTime : 7-12-2006 10:05:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [ctltray.exe]
FilePath : C:\Program Files\Creative\SBAudigy\TaskBar\
ProcessID : 1968
ThreadCreationTime : 7-12-2006 10:05:03 AM
BasePriority : Normal
FileVersion : 1.00.00.24
ProductVersion : 1.00.00.24
ProductName : Creative TaskTray
CompanyName : Creative Technology Ltd.
FileDescription : Creative TaskTray
InternalName : Taskbar
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CTLTray.exe
Comments : Creative TaskTray

#:25 [ctltask.exe]
FilePath : C:\Program Files\Creative\SBAudigy\TaskBar\
ProcessID : 2004
ThreadCreationTime : 7-12-2006 10:05:03 AM
BasePriority : Normal
FileVersion : 1.00.00.32
ProductVersion : 1.00.00.32
ProductName : Creative Taskbar
CompanyName : Creative Technology Ltd
FileDescription : Creative Taskbar
InternalName : Taskbar
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CTLTask.exe

#:26 [mum.exe]
FilePath : C:\PROGRA~1\INTERN~2\
ProcessID : 148
ThreadCreationTime : 7-12-2006 10:05:04 AM
BasePriority : Normal
FileVersion : 6.22.1.58
CompanyName : Angus Johnson
FileDescription : Internode Monthly Usage Meter
InternalName : mum
LegalCopyright : Copyright © 2002-2004 Angus Johnson
OriginalFilename : mum.exe
Comments : Freeware

#:27 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 324
ThreadCreationTime : 7-12-2006 10:05:06 AM
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:28 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 488
ThreadCreationTime : 7-12-2006 10:05:08 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:29 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 512
ThreadCreationTime : 7-12-2006 10:05:08 AM
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:30 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 684
ThreadCreationTime : 7-12-2006 10:05:08 AM
BasePriority : Normal
FileVersion : 7.5.0.432
ProductVersion : 7.5.0.432
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:31 [uzqkst.exe]
FilePath : C:\Program Files\UltimateZip\
ProcessID : 116
ThreadCreationTime : 7-12-2006 10:05:08 AM
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0
ProductName : UltimateZip Quick Start
CompanyName : SWE von Schleusen
FileDescription : UltimateZip Quick Start Executable
InternalName : Quick Start
LegalCopyright : Copyright © SWE von Schleusen.
OriginalFilename : uzqkst.exe

#:32 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 7-12-2006 10:05:08 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:33 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 1008
ThreadCreationTime : 7-12-2006 10:05:09 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:34 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1132
ThreadCreationTime : 7-12-2006 10:05:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 7-12-2006 10:05:12 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:36 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1616
ThreadCreationTime : 7-12-2006 10:05:12 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:37 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2176
ThreadCreationTime : 7-12-2006 10:05:14 AM
BasePriority : Normal
FileVersion : 7.0.0.70
ProductVersion : 7.0.0.70
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:38 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2320
ThreadCreationTime : 7-12-2006 10:05:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:39 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 7-12-2006 10:05:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:40 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3136
ThreadCreationTime : 7-12-2006 10:05:18 AM
BasePriority : Normal


#:41 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 3160
ThreadCreationTime : 7-12-2006 10:05:19 AM
BasePriority : Normal


#:42 [mozilla.exe]
FilePath : C:\Program Files\mozilla.org\Mozilla\
ProcessID : 3332
ThreadCreationTime : 7-12-2006 10:05:24 AM
BasePriority : Normal


#:43 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3768
ThreadCreationTime : 7-12-2006 10:05:58 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:44 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3920
ThreadCreationTime : 7-12-2006 10:06:13 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3628
ThreadCreationTime : 7-12-2006 10:09:45 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\ss\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\ss\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-606747145-796845957-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ss@virginmoneyaustralia.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ss@virginmoneyaustralia.122.2o7.net/
Expires : 5-12-2011 4:43:54 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ss@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ss@ads.revsci.net/adserver
Expires : 29-11-2038 5:39:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ss@e-2dj6wjnysodzglp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ss@e-2dj6wjnysodzglp.stats.esomniture.com/
Expires : 5-12-2011 4:46:32 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 41



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\$VAULT$.AVG\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\ATI\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\Config.Msi\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\DeusEx\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\DirectX\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\Documents and Settings\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\Media\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\NVIDIA\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Disk Scan Result for C:\RECYCLER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

CometSystems Object Recognized!
Type : File
Data : A0148217.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B71B8E17-9E79-4AE8-A311-080E65A7D1AB}\RP447\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ScreensaversInstaller Module
FileDescription : ScreensaversInstaller Module
InternalName : ScreensaversInstaller
LegalCopyright : Copyright 2004
OriginalFilename : ScreensaversInst.DLL


Disk Scan Result for C:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42

Disk Scan Result for C:\UT2004\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42

Disk Scan Result for C:\WINDOWS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42

8:18:31 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:31.953
Objects scanned:143814
Objects identified:4
Objects ignored:0
New critical objects:4
spike-nz
Dec 7 2006, 10:35 AM
Hi sjs,

Two things, please - firstly edit your HijackThis log to include the header - should look something lke this:
QUOTE
Logfile of HijackThis v1.99.1
Secondly, would you please also post an Ad-Aware scan-log (custom scan, leaving out deep-scanning registry if need be).

Should you require them, log posting instructions are included in this Topic: Infected ??, found this

Once the logs are posted, please do not "bump" your Topic (ie: add extra posts) as logs are answered from oldest to newest - we will endeavour to respond as soon as possible.

Regards,

Spike

NB: To edit your post, click on the "Edit" button at the bottom-right, selecting "Full Edit":

Click to view attachment
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.