phil66

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About phil66

  • Rank
    Newbie
  1. Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, May 21, 2007 9:08:20 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R171 21.05.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):9 total references Win32.Backdoor.Cakl(TAC index:10):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-21-2007 9:08:20 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 396 ThreadCreationTime : 5-22-2007 12:24:14 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 444 ThreadCreationTime : 5-22-2007 12:24:15 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 468 ThreadCreationTime : 5-22-2007 12:24:16 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 5-22-2007 12:24:17 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 524 ThreadCreationTime : 5-22-2007 12:24:17 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 680 ThreadCreationTime : 5-22-2007 12:24:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 756 ThreadCreationTime : 5-22-2007 12:24:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 796 ThreadCreationTime : 5-22-2007 12:24:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 856 ThreadCreationTime : 5-22-2007 12:24:18 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 956 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1100 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 7.5.0.453 ProductVersion : 7.5.0.453 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:12 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1112 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 7.5.0.420 ProductVersion : 7.5.0.420 ProductName : AVG 7.5 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2006 GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:13 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1128 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 7.5.0.460 ProductVersion : 7.5.0.460 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:14 [bocore.exe] FilePath : C:\Program Files\Comodo\CBOClean\ ProcessID : 1284 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 4.23.001 ProductVersion : 4.23 ProductName : COMODO BOClean - Anti-Malware CompanyName : COMODO FileDescription : COMODO BOClean - Anti-Malware InternalName : BOCore LegalCopyright : Copyright © 2007 COMODO ®. All rights reserved OriginalFilename : BOCore.exe #:15 [cmdagent.exe] FilePath : C:\Program Files\Comodo\Firewall\ ProcessID : 1308 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 2.4.0.20 ProductVersion : 2.4.0.1 ProductName : Comodo Firewall CompanyName : COMODO FileDescription : Comodo Agent Service InternalName : cmdagent LegalCopyright : Copyright © 2005-2007 COMODO ®. All rights reserved LegalTrademarks : Copyright © 2005-2007 COMODO ®. All rights reserved OriginalFilename : cmdagent.exe #:16 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1400 ThreadCreationTime : 5-22-2007 12:24:19 AM BasePriority : Normal FileVersion : 6.14.10.8440 ProductVersion : 6.14.10.8440 ProductName : NVIDIA Driver Helper Service, Version 84.40 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 84.40 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:17 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1436 ThreadCreationTime : 5-22-2007 12:24:20 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:18 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1444 ThreadCreationTime : 5-22-2007 12:24:20 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:19 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2008 ThreadCreationTime : 5-22-2007 12:24:21 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:20 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 372 ThreadCreationTime : 5-22-2007 12:24:22 AM BasePriority : Normal FileVersion : 7.5.0.460 ProductVersion : 7.5.0.460 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:21 [cpf.exe] FilePath : C:\Program Files\Comodo\Firewall\ ProcessID : 324 ThreadCreationTime : 5-22-2007 12:24:22 AM BasePriority : Normal FileVersion : 2.4.0.58 ProductVersion : 2.4.0.0 ProductName : COMODO Firewall Pro CompanyName : COMODO FileDescription : COMODO Firewall Pro InternalName : cpf.exe LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved OriginalFilename : cpf.exe #:22 [winpatrol.exe] FilePath : C:\Program Files\BillP Studios\WinPatrol\ ProcessID : 384 ThreadCreationTime : 5-22-2007 12:24:22 AM BasePriority : Normal FileVersion : 11, 3, 2007, 0 ProductVersion : 11.3.2007 ProductName : WinPatrol Monitor CompanyName : BillP Studios FileDescription : WinPatrol System Monitor InternalName : WinPatrol Monitor LegalCopyright : Copyright © 1997- 2007 BillP Studios OriginalFilename : Scotty Comments : Let Scotty the Windows Watchdog patrol your system. #:23 [boc423.exe] FilePath : C:\PROGRA~1\Comodo\CBOClean\ ProcessID : 416 ThreadCreationTime : 5-22-2007 12:24:22 AM BasePriority : Normal FileVersion : 4.23.001 ProductVersion : 4.23 ProductName : COMODO BOClean - Anti-Malware CompanyName : COMODO FileDescription : COMODO BOClean - Anti-Malware InternalName : COMODO BOClean - Anti-Malware LegalCopyright : Copyright © 2007 COMODO ®. All rights reserved #:24 [ypops.exe] FilePath : C:\Program Files\YPOPs\ ProcessID : 432 ThreadCreationTime : 5-22-2007 12:24:22 AM BasePriority : Normal FileVersion : 0.8.8 ProductVersion : 0.8.8 ProductName : YPOPs! CompanyName : http://yahoopops.sourceforge.net FileDescription : Free POP3/SMTP access to Yahoo! Mail InternalName : YPOPs! LegalCopyright : Copyright © 2002,2005, The YPOPs! Team LegalTrademarks : This software is released under GPL (version 2 or later). Yahoo! Mail is a trademark of Yahoo!. This program is not a product of Yahoo!. Portions of YPOPs! is based on FetchYahoo OriginalFilename : ypops.exe Comments : YPOPs! is released under GPL v2 #:25 [firefox.exe] FilePath : C:\Program Files\Mozilla Firefox\ ProcessID : 1664 ThreadCreationTime : 5-22-2007 1:24:19 AM BasePriority : Normal #:26 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1052 ThreadCreationTime : 5-22-2007 2:06:38 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Backdoor.Cakl Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7621f6d4-b28a-422e-d153-1855c15d59db}\inprocserver32 Win32.Backdoor.Cakl Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7621f6d4-b28a-422e-d153-1855c15d59db}\inprocserver32 Value : ThreadingModel Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: New scan with update 171 Microsoft says these are needed key and value for os Thanks Ray
  2. Downloaded se120 build 125 and ran a full system scan Bps Spyware Remover no longer a critical object Thanks to Jane and Stoffe for the update this has fix the problem Again Thanks Ray
  3. The two key and there values: HKCR Interface 47a738f1-7fb1-11d0-b148-00a0c922e820 Its value is iad0dc When you open the + there are three enteries Proxy stub clsid with a value default reg_sz {00020424-0000-0000-c000-0000000000046} Proxy stub clsid32 this have same value as the first one Type lib defaul reg_sz {67397aa1-7fb1-11do-b148-00a0c922e820} Version reg_sz 6.0 hkcr interface 67397aa2-7fb1-11d0-b148-00a0c922e820 value is dadodc events The three subs are the same as the first key listed above. Ray
  4. Ad-Aware SE Build 1.06r1 Logfile Created on:Thursday, August 24, 2006 8:47:31 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R120 24.08.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BPS SpywareRemover(TAC index:3):2 total references MRU List(TAC index:0):7 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 8-24-2006 8:47:31 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Ray\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2140036967-1204197688-2730079746-1006\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2140036967-1204197688-2730079746-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2140036967-1204197688-2730079746-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2140036967-1204197688-2730079746-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2140036967-1204197688-2730079746-1006\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 376 ThreadCreationTime : 8-25-2006 1:05:05 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 436 ThreadCreationTime : 8-25-2006 1:05:05 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 460 ThreadCreationTime : 8-25-2006 1:05:07 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 504 ThreadCreationTime : 8-25-2006 1:05:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 516 ThreadCreationTime : 8-25-2006 1:05:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 772 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 812 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 860 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 912 ThreadCreationTime : 8-25-2006 1:05:08 AM BasePriority : Normal FileVersion : 6.5.722.000 ProductVersion : 6.5.722.000 ProductName : TrueVector Service CompanyName : Zone Labs, LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : vsmon.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1104 ThreadCreationTime : 8-25-2006 1:05:09 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1308 ThreadCreationTime : 8-25-2006 1:05:10 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [guard.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 1408 ThreadCreationTime : 8-25-2006 1:05:10 AM BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:15 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1436 ThreadCreationTime : 8-25-2006 1:05:10 AM BasePriority : Normal FileVersion : 6.14.10.8440 ProductVersion : 6.14.10.8440 ProductName : NVIDIA Driver Helper Service, Version 84.40 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 84.40 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:16 [pcctlcom.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1452 ThreadCreationTime : 8-25-2006 1:05:10 AM BasePriority : Normal FileVersion : 12.70.0.1017 ProductVersion : 12.70.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PcCtlCom Module InternalName : PcCtlCom LegalCopyright : Copyright © 1995-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PcCtlCom.EXE #:17 [tmntsrv.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1528 ThreadCreationTime : 8-25-2006 1:05:11 AM BasePriority : Normal FileVersion : 12.70.0.1017 ProductVersion : 12.70.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright © 1995-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:18 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1772 ThreadCreationTime : 8-25-2006 1:05:11 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:19 [tmpfw.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 388 ThreadCreationTime : 8-25-2006 1:05:12 AM BasePriority : Normal FileVersion : 2.0.0.1135 ProductVersion : 1.0.0 ProductName : Trend Network Security Component 1.0 CompanyName : Trend Micro Inc. FileDescription : TmPfw InternalName : TmPfw LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmPfw.exe #:20 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1788 ThreadCreationTime : 8-25-2006 1:05:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:21 [pccguide.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 2072 ThreadCreationTime : 8-25-2006 1:05:17 AM BasePriority : Normal FileVersion : 12.70.0.1017 ProductVersion : 12.70.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright © 1995-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright © Trend Micro Incorporated. OriginalFilename : PCCGuide #:22 [rtdcpl.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2108 ThreadCreationTime : 8-25-2006 1:05:17 AM BasePriority : Normal FileVersion : 1.0.0.11 ProductVersion : 1.0.0.11 ProductName : Realtek AC97 Audio Control Panel CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek AC97 Audio Control Panel LegalCopyright : Copyright © 2005 Realtek Semiconductor Corp. OriginalFilename : RTDCPL.EXE #:23 [winpatrol.exe] FilePath : C:\PROGRA~1\BILLPS~1\WINPAT~1\ ProcessID : 2152 ThreadCreationTime : 8-25-2006 1:05:17 AM BasePriority : Normal FileVersion : 10, 0, 1, 0 ProductVersion : 10.0.1.0 ProductName : WinPatrol Monitor CompanyName : BillP Studios FileDescription : WinPatrol System Monitor InternalName : WinPatrol Monitor LegalCopyright : Copyright © 1997- 2006 BillP Studios OriginalFilename : Scotty Comments : Let Scotty the Windows Watchdog patrol your system. #:24 [zlclient.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ProcessID : 2160 ThreadCreationTime : 8-25-2006 1:05:17 AM BasePriority : Normal FileVersion : 6.5.722.000 ProductVersion : 6.5.722.000 ProductName : Zone Labs Client CompanyName : Zone Labs, LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC OriginalFilename : zlclient.exe #:25 [tmas_oemon.exe] FilePath : C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\ ProcessID : 2168 ThreadCreationTime : 8-25-2006 1:05:17 AM BasePriority : Normal FileVersion : 3.5.0.1113 ProductVersion : 3.5 ProductName : SpamBuster CompanyName : Trend Micro Inc. FileDescription : Trend Micro Anti-Spam for OE monitor InternalName : TMAS_OEMon LegalCopyright : Copyright © 2004-2005 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Trend Micro is a registered trademark of Trend Micro Incorporated. OriginalFilename : TMAS_OEMon.EXE #:26 [ypops.exe] FilePath : C:\Program Files\YPOPs\ ProcessID : 2240 ThreadCreationTime : 8-25-2006 1:05:18 AM BasePriority : Normal FileVersion : 0.8.2 ProductVersion : 0.8.2 ProductName : YPOPs! CompanyName : http://yahoopops.sourceforge.net FileDescription : Free POP3/SMTP access to Yahoo! Mail InternalName : YPOPs! LegalCopyright : Copyright © 2002,2005, The YPOPs! Team LegalTrademarks : This software is released under GPL (version 2 or later). Yahoo! Mail is a trademark of Yahoo!. This program is not a product of Yahoo!. Portions of YPOPs! is based on FetchYahoo OriginalFilename : ypops.exe Comments : YPOPs! is released under GPL v2 #:27 [tmproxy.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1404 ThreadCreationTime : 8-25-2006 1:14:18 AM BasePriority : Normal FileVersion : 1.0.0.1135 ProductVersion : 1.0.0 ProductName : Trend Micro Network Security Components 1.0 CompanyName : Trend Micro Inc. FileDescription : TmProxy.exe InternalName : TmProxy.exe LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright © Trend Micro Inc. OriginalFilename : TmProxy.exe #:28 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1176 ThreadCreationTime : 8-25-2006 1:47:00 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BPS SpywareRemover Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{47a738f1-7faf-11d0-b148-00a0c922e820} BPS SpywareRemover Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{67397aa2-7fb1-11d0-b148-00a0c922e820} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 9 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 9 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 8:52:34 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:03.609 Objects scanned:133253 Objects identified:2 Objects ignored:0 New critical objects:2 Jane Requested logfile Ray
  5. AdAware se 140 build144/bps spyware remover Windows Xp SP2 Updated Ad Aware se to 120/build144 and ran scan. critical registry keys related to BPS spyware remover. No signs of Bps in registry but the keys are existing. 47a738f7-7faf-11d0-b148-00a0c922e820 the value is "Iadodc" 67397aaz-7fb1-11d0-b148-00a0c922e820 the value is "Dadodc events" Microsoft knowledge base confusing "Method recordset of object Iadodc failed error message Ado data" sympthon "Runtime error" Dadodc is in foreign language. Google of BPS Spyware remover is all bad software. Never downloaded by this computer. Do I remove keys or is this another Ad Aware problem. Thanks for the help Ray