Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Random Problems Encountered

Started by Sparky Tin Can Man , Aug 18 2005 02:14 PM

  • This topic is locked This topic is locked
60 replies to this topic

#1 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 18 August 2005 - 02:14 PM

I'm having a problem with random programs attempting to start and windows popping up saying that it has encountered a problem with the randomly named program and must close, do I want to send a report to Microsoft. The error messages start before I even log on as application errors at "0x00414d77"
This is real pain in the @#$ because I use this laptop for machine programming.


Logfile of HijackThis v1.99.1
Scan saved at 9:54:27 AM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\OpcEnum.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\webshots.scr
C:\DOCUME~1\DHENLE~1.MOD\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silgancon...s.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\Software\..\Telephony: DomainName = modestodoh.silganmfg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Software - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Edited by Sparky Tin Can Man, 18 August 2005 - 02:17 PM.

    Advertisements

Register to Remove

#2 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 30 August 2005 - 01:37 PM

Hello and welcome to the forums. Sorry for the delay in responding, but we have been pretty busy here lately. Since your log might have changed since your last posting, I would like to see a new log. If you could please post a new log, I will be glad to review it.

#3 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 30 August 2005 - 02:03 PM

thanks for getting back to me. I'm quite aware of all the evil gremlins that lurk in machines now days. It shouldn't be that way. There are enough of them in life.

My new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:58:24 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\OpcEnum.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\webshots.scr
C:\DOCUME~1\DHENLE~1.MOD\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silgancon...s.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\Software\..\Telephony: DomainName = modestodoh.silganmfg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Software - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#4 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 30 August 2005 - 02:31 PM

Please run HijackThis and click "Scan." Place checks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM

Close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Reboot your computer and post a new HJT log.

#5 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 30 August 2005 - 03:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:11:22 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\OpcEnum.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\webshots.scr
\Wh_appssrv1\HLPSTRCS\SCAN\HpAudit.exe
C:\DOCUME~1\DHENLE~1.MOD\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silgancon...s.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\Software\..\Telephony: DomainName = modestodoh.silganmfg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Software - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#6 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 30 August 2005 - 03:47 PM

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper:
  • Open it click >Options over to the left then >Program Options >Uncheck "load at windows startup".
  • Over to the left click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck "automatically restore default without notification".
Then, try to remove the items again as suggested.

#7 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 30 August 2005 - 04:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:16:25 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\OpcEnum.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\webshots.scr
\Wh_appssrv1\HLPSTRCS\SCAN\HpAudit.exe
C:\Documents and Settings\DHENLEY.MODESTODOH\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.silgancon...s.com/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\Software\..\Telephony: DomainName = modestodoh.silganmfg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = modestodoh.silganmfg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\System32\OpcEnum.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Software - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#8 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 31 August 2005 - 09:07 AM

Ok, that took care of it. I assume that you are still experiencing the random problems as I would be surprised if what we removed with HJT would have caused the problems you were experiencing. Are things running any better?

#9 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 September 2005 - 07:24 AM

Sorry for not getting back to you yesterday. I was stuck in project meetings all day and was unable to get back to my desk. Yes the random attempted program starts are still plaguing my machine

#10 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 01 September 2005 - 09:29 AM

Ok, let's try some scans. Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeek...ownload506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.


Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeek...ad.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Let me know how the scans go and if anything cannot be removed.

    Advertisements

Register to Remove

#11 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 September 2005 - 12:15 PM

Okay, Ad-Aware didn't find anything and Spybot found and removed 58 entries of BackWeb lite and 1 entries of comet cursor. The problem still lives. :(

#12 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 September 2005 - 12:16 PM

Ad-Aware SE Build 1.06r1 Logfile Created on:Thursday, September 01, 2005 10:18:38 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R64 31.08.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):24 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R47 24.05.2005 Internal build : 55 File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref File size : 476246 Bytes Total size : 1439523 Bytes Signature data size : 1408291 Bytes Reference data size : 30720 Bytes Signatures total : 40174 CSI Fingerprints total : 886 CSI data size : 30371 Bytes Target categories : 15 Target families : 679 9-1-2005 9:45:37 AM Performing WebUpdate... Installing Update... Definitions File Loaded: Reference Number : SE1R64 31.08.2005 Internal build : 74 File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref File size : 515383 Bytes Total size : 1551653 Bytes Signature data size : 1518542 Bytes Reference data size : 32599 Bytes Signatures total : 43185 CSI Fingerprints total : 1032 CSI data size : 36709 Bytes Target categories : 15 Target families : 740 9-1-2005 9:45:53 AM Success Update successfully downloaded and installed. Memory + processor status: ========================== Number of processors : 1 Processor architecture : Non Intel Memory available:50 % Total physical memory:1047784 kb Available physical memory:520168 kb Total page file size:2521988 kb Available on page file:2221236 kb Total virtual memory:2097024 kb Available virtual memory:2028744 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 9-1-2005 10:18:38 AM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 464 ThreadCreationTime : 8-30-2005 9:57:41 PM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 852 ThreadCreationTime : 8-30-2005 9:57:51 PM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 912 ThreadCreationTime : 8-30-2005 9:57:53 PM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 956 ThreadCreationTime : 8-30-2005 9:57:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 968 ThreadCreationTime : 8-30-2005 9:57:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 1156 ThreadCreationTime : 8-30-2005 9:57:54 PM BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 1168 ThreadCreationTime : 8-30-2005 9:57:54 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 1260 ThreadCreationTime : 8-30-2005 9:57:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 1400 ThreadCreationTime : 8-30-2005 9:57:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1460 ThreadCreationTime : 8-30-2005 9:57:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1660 ThreadCreationTime : 8-30-2005 9:57:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1988 ThreadCreationTime : 8-30-2005 9:57:56 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [scardsvr.exe] ModuleName : C:\WINDOWS\System32\SCardSvr.exe Command Line : C:\WINDOWS\System32\SCardSvr.exe ProcessID : 2024 ThreadCreationTime : 8-30-2005 9:57:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Smart Card Resource Management Server InternalName : SCardSvr.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SCardSvr.exe #:14 [basfipm.exe] ModuleName : C:\WINDOWS\System32\basfipm.exe Command Line : C:\WINDOWS\System32\basfipm.exe ProcessID : 1372 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 6.0.3 ProductVersion : 6.0.3 ProductName : Broadcom ASF IP monitoring service CompanyName : Broadcom Corp. FileDescription : Broadcom ASF IP monitoring service InternalName : BAsfIpM LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved OriginalFilename : BAsfIpM.EXE #:15 [crypserv.exe] ModuleName : C:\WINDOWS\system32\crypserv.exe Command Line : crypserv.exe ProcessID : 1440 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : High FileVersion : 5.4.0 ProductVersion : 5.4 ProductName : CrypKey Software Licensing System CompanyName : Kenonic Controls Ltd. FileDescription : CrypKey NT Service InternalName : crypserv LegalCopyright : Copyright © 2000 LegalTrademarks : CrypKey OriginalFilename : crypserv.exe Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths #:16 [rsobserv.exe] ModuleName : C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE Command Line : C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE ProcessID : 1568 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 1, 19, 10, 0 ProductVersion : 1, 19, 10, 0 ProductName : Rockwell Sofware Hamony services CompanyName : Rockwell Software Inc. FileDescription : Harmony Object Server InternalName : RSObServ LegalCopyright : Copyright © 1995-2003 Rockwell Software Inc. OriginalFilename : RSObServ.exe Comments : Harmony extendible service manager #:17 [kodakccs.exe] ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe ProcessID : 1608 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 1.1.4700.0 ProductVersion : 4.3.0.0 ProductName : Kodak DC File System Driver (Win32) CompanyName : Eastman Kodak Company FileDescription : Kodak DC Ring 3 Conduit (Win32) InternalName : DcFsSvc.exe LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003 OriginalFilename : DcFsSvc.exe #:18 [mdm.exe] ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" ProcessID : 1632 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:19 [ntrtscan.exe] ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" ProcessID : 1788 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 7.0.0.1067 ProductVersion : 7.0 ProductName : Trend Micro OfficeScan CompanyName : Trend Micro Inc. FileDescription : Ntrtscan.exe LegalCopyright : Copyright © 1999-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. #:20 [opcenum.exe] ModuleName : C:\WINDOWS\System32\OpcEnum.exe Command Line : C:\WINDOWS\System32\OpcEnum.exe ProcessID : 1816 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal FileVersion : 1.10.1.20 ProductVersion : 1.10.1.20 ProductName : OPC Server Enumerator 1.10 CompanyName : OPC Foundation FileDescription : OPC Server Enumerator 1.10 InternalName : OpcEnum LegalCopyright : Copyright © 1998-2003 OPC Foundation OriginalFilename : OpcEnum.exe #:21 [rnadiagnosticssrv.exe] ModuleName : C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe Command Line : "C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe" ProcessID : 1896 ThreadCreationTime : 8-30-2005 9:59:25 PM BasePriority : Normal #:22 [rslinx.exe] ModuleName : C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE Command Line : C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE /SERVICE ProcessID : 672 ThreadCreationTime : 8-30-2005 9:59:37 PM BasePriority : Normal FileVersion : 2.43.22.0 ProductVersion : 2.43.22.0 ProductName : RSLinx CompanyName : Rockwell Software, Inc. FileDescription : RSLinx Communications Server InternalName : RSLinx LegalCopyright : Copyright © 1996-2000 Rockwell Software, Inc. OriginalFilename : RSLinx Comments : RSLinx Communications Server #:23 [scsiaccess.exe] ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE Command Line : C:\WINDOWS\System32\ScsiAccess.EXE ProcessID : 740 ThreadCreationTime : 8-30-2005 9:59:46 PM BasePriority : Normal #:24 [wrsssdk.exe] ModuleName : C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Command Line : "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ProcessID : 768 ThreadCreationTime : 8-30-2005 9:59:46 PM BasePriority : Normal FileVersion : 1,0,4,289 ProductVersion : 1, 0 ProductName : Spy Sweeper SDK CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper SDK LegalCopyright : Copyright © 2002 - 2004, All Rights Reserved. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. OriginalFilename : SpySweeper.exe #:25 [tmlisten.exe] ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" ProcessID : 888 ThreadCreationTime : 8-30-2005 9:59:51 PM BasePriority : Normal FileVersion : 7.0.0.1067 ProductVersion : 7.0 ProductName : Trend Micro OfficeScan CompanyName : Trend Micro Inc. LegalCopyright : Copyright © 1999-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. #:26 [wdfmgr.exe] ModuleName : C:\WINDOWS\System32\wdfmgr.exe Command Line : C:\WINDOWS\System32\wdfmgr.exe ProcessID : 1344 ThreadCreationTime : 8-30-2005 9:59:56 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:27 [wltrysvc.exe] ModuleName : C:\WINDOWS\System32\WLTRYSVC.EXE Command Line : C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1500 ThreadCreationTime : 8-30-2005 9:59:57 PM BasePriority : Normal #:28 [bcmwltry.exe] ModuleName : C:\WINDOWS\System32\bcmwltry.exe Command Line : C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1624 ThreadCreationTime : 8-30-2005 9:59:58 PM BasePriority : Normal FileVersion : 3.20.23.0 ProductVersion : 3.20.23.0 ProductName : Wireless Network Tray Applet CompanyName : Broadcom Corporation FileDescription : Wireless Network Tray Applet InternalName : bcmwltry.exe LegalCopyright : 1998-2002, Broadcom Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe #:29 [ofcpfwsvc.exe] ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe" ProcessID : 1844 ThreadCreationTime : 8-30-2005 10:00:02 PM BasePriority : Normal FileVersion : 7.0.0.1040 ProductVersion : 7.0 ProductName : Trend Micro OfficeScan CompanyName : Trend Micro Inc. FileDescription : OfcPfwSvc InternalName : OfcPfwSvc LegalCopyright : Copyright © 1999-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : OfcPfwSvc.exe Comments : OFC PFW Service #:30 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3168 ThreadCreationTime : 8-30-2005 10:00:11 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:31 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 3296 ThreadCreationTime : 8-30-2005 10:14:14 PM BasePriority : Normal #:32 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 3412 ThreadCreationTime : 8-30-2005 10:14:14 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:33 [pccntmon.exe] ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow ProcessID : 3784 ThreadCreationTime : 8-30-2005 10:14:25 PM BasePriority : Normal FileVersion : 7.0.0.1067 ProductVersion : 7.0 ProductName : Trend Micro OfficeScan CompanyName : Trend Micro Inc. FileDescription : I/O Monitor InternalName : PCCNTMON LegalCopyright : Copyright © 1999-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : PCCNTMON.EXE #:34 [logi_mwx.exe] ModuleName : C:\WINDOWS\Logi_MwX.Exe Command Line : "C:\WINDOWS\Logi_MwX.Exe" ProcessID : 556 ThreadCreationTime : 8-30-2005 10:14:26 PM BasePriority : Normal FileVersion : 9.78.033 ProductVersion : 9.78.033 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Launcher Application InternalName : Logi_MWX LegalCopyright : © 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Logi_MWX.exe Comments : Created by the MouseWare team #:35 [ftmsfltu.exe] ModuleName : C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE Command Line : "C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE" ProcessID : 3796 ThreadCreationTime : 8-30-2005 10:14:26 PM BasePriority : Normal FileVersion : V1.9L38 ProductVersion : V1.9 ProductName : Fujitsu Touch Panel (USB) CompanyName : Fujitsu Component Limited FileDescription : Fujitsu Touch Panel Message Notifier InternalName : FTMSFLTU LegalCopyright : Copyright © 1999-2003 Fujitsu Component Limited. All rights reserved. LegalTrademarks : Fujitsu Component Limited OriginalFilename : FTMSFLTU.exe #:36 [quickset.exe] ModuleName : C:\Program Files\Dell\QuickSet\Quickset.exe Command Line : "C:\Program Files\Dell\QuickSet\Quickset.exe" ProcessID : 1208 ThreadCreationTime : 8-30-2005 10:14:26 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : QuickSet Application FileDescription : QuickSet MFC Application InternalName : direct LegalCopyright : Copyright © 2001 OriginalFilename : direct.EXE #:37 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 3824 ThreadCreationTime : 8-30-2005 10:14:27 PM BasePriority : Normal FileVersion : 6.14.10.5028 ProductVersion : 6.14.10.5028 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:38 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 3924 ThreadCreationTime : 8-30-2005 10:14:27 PM BasePriority : Normal FileVersion : 5.4.101.118 ProductVersion : 5.4.101.118 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:39 [directcd.exe] ModuleName : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe Command Line : "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" ProcessID : 3224 ThreadCreationTime : 8-30-2005 10:14:27 PM BasePriority : Normal FileVersion : 5.3.4.21 ProductVersion : 5.3.4.21 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:40 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 432 ThreadCreationTime : 8-30-2005 10:14:30 PM BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:41 [ctfmon.exe] ModuleName : C:\WINDOWS\system32\ctfmon.exe Command Line : "C:\WINDOWS\system32\ctfmon.exe" ProcessID : 3912 ThreadCreationTime : 8-30-2005 10:14:33 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:42 [backweb-7288971.exe] ModuleName : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" ProcessID : 1600 ThreadCreationTime : 8-30-2005 10:14:35 PM BasePriority : Normal #:43 [rainlendar.exe] ModuleName : C:\Program Files\Rainlendar\Rainlendar.exe Command Line : "C:\Program Files\Rainlendar\Rainlendar.exe" ProcessID : 1392 ThreadCreationTime : 8-30-2005 10:14:35 PM BasePriority : Normal #:44 [webshots.scr] ModuleName : C:\WINDOWS\webshots.scr Command Line : C:\WINDOWS\webshots.scr /t ProcessID : 524 ThreadCreationTime : 8-30-2005 10:14:38 PM BasePriority : Normal FileVersion : 2.0.0.4324 ProductVersion : 2.0.0.4324 ProductName : The Webshots Desktop CompanyName : Webshots.com FileDescription : Webshots Photo Manager InternalName : Webshots2 LegalCopyright : Copyright © 2003 OriginalFilename : Webshots2.EXE #:45 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" ProcessID : 3476 ThreadCreationTime : 9-1-2005 4:35:29 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:46 [ad-aware.exe] ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +483832 ProcessID : 3064 ThreadCreationTime : 9-1-2005 4:45:11 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : C:\Documents and Settings\DHENLEY.MODESTODOH\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\DHENLEY.MODESTODOH\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-3371356600-3094292995-114774077-1118\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 684 entries scanned. New critical objects:0 Objects found so far: 24 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 24 10:34:04 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:15:25.791 Objects scanned:166531 Objects identified:0 Objects ignored:0 New critical objects:0

#13 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 September 2005 - 12:19 PM

Unable to post spybot log "too long"

#14 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 01 September 2005 - 01:19 PM

Ok, I didn't need to see those logs anyway. Let's try another scan. Please download the trial version of Ewido Security Suite here. Install it, and update the definitions to the newest files. Run the scan and allow it fix what it finds. Please post the log for me to review.

#15 Sparky Tin Can Man

Sparky Tin Can Man

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 01 September 2005 - 02:13 PM

--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:09:55 PM, 9/1/2005 + Report-Checksum: D869C9AB + Scan result: No infected objects found. ::Report End

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·