• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Lacey0ne

Adaware hangs at system volume info

Recommended Posts

Good morning. I am trying to run my Adaware program and it stops at system volume info\_restore.......

My computer is also running slow. I am using Windows XP and Norton antivirus. Here is my hijackthis log. I'd appreciate any help! Thanks in advance!!! Also....Adaware found several items before it stopped, 9 of which were registry items. It would not finish, so I could not fix them! And by hanging I mean, it just stops going any further. It says its running, but it never goes beyond that point. Oh yeah...and when I defragged, it could not defrag 2 files. They are: Files that cannot be defragmented

2 292 KB \System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP331\A0034921.rbf

6 290 KB \Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat

 

Logfile of HijackThis v1.99.1

Scan saved at 11:26:20 AM, on 7/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\toshiba\ivp\swupdate\swupdtmr.exe

C:\WINDOWS\SCARDS32.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe

C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CoffeeCup Software Popup Blocker - {49E0E0F0-5C30-11D4-945D-010002000012} - C:\PROGRA~1\COFFEE~1\POPUPB~1\CCPOPB~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: CoffeeCup Popup Blocker.lnk = C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab

O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) -

O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) - http://rapprinter.rapmls.com/RapattoniMlsPDFCreator_001.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/chuzzle/popcaploader_v6.cab

O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

Share this post


Link to post
Share on other sites

I set my Ad-Aware program to skip the system volume files and got it to finish scanning and removed the regristry files that were a problem. Here is my new hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:35:00 PM, on 7/23/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\toshiba\ivp\swupdate\swupdtmr.exe

C:\WINDOWS\SCARDS32.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe

C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CoffeeCup Software Popup Blocker - {49E0E0F0-5C30-11D4-945D-010002000012} - C:\PROGRA~1\COFFEE~1\POPUPB~1\CCPOPB~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [b'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: CoffeeCup Popup Blocker.lnk = C:\Program Files\CoffeeCup Software\PopUp Blocker\PopupBlocker.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab

O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) -

O16 - DPF: {9EF34803-43A8-487A-BC9E-C23FACCDBDBE} (PDFConvert.Converter) - http://rapprinter.rapmls.com/RapattoniMlsPDFCreator_001.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/chuzzle/popcaploader_v6.cab

O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE

Share this post


Link to post
Share on other sites

Hi Lacey,

 

I don't see any problems in either your before or after HijackThis logs, so I doubt you had any active infections going.

 

Can you post the results of the Adaware Scan log for review so I can see what it found?

 

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

Share this post


Link to post
Share on other sites

Hi Jane. Thanks for the help! Here's my log:

 

 

Ad-Aware SE Build 1.05

Logfile Created on:Sunday, July 23, 2006 12:45:40 PM

Using definitions file:SE1R115 18.07.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Pop(TAC index:3):17 total references

MRU List(TAC index:0):26 total references

Tracking Cookie(TAC index:3):27 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

7-23-2006 12:45:40 PM - Scan started. (Custom mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 624

ThreadCreationTime : 7-23-2006 3:52:47 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 688

ThreadCreationTime : 7-23-2006 3:52:51 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 712

ThreadCreationTime : 7-23-2006 3:52:53 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 756

ThreadCreationTime : 7-23-2006 3:52:54 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 768

ThreadCreationTime : 7-23-2006 3:52:54 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 920

ThreadCreationTime : 7-23-2006 3:52:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1000

ThreadCreationTime : 7-23-2006 3:52:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1092

ThreadCreationTime : 7-23-2006 3:52:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1152

ThreadCreationTime : 7-23-2006 3:52:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1300

ThreadCreationTime : 7-23-2006 3:52:58 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1596

ThreadCreationTime : 7-23-2006 3:53:00 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:12 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1612

ThreadCreationTime : 7-23-2006 3:53:00 PM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:13 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1676

ThreadCreationTime : 7-23-2006 3:53:02 PM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:14 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 296

ThreadCreationTime : 7-23-2006 3:53:03 PM

BasePriority : Normal

FileVersion : 6.0.3.303

ProductVersion : 6.0

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002 - 2006 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:15 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 316

ThreadCreationTime : 7-23-2006 3:53:03 PM

BasePriority : Normal

FileVersion : 2.1.0.4

ProductVersion : 2.1.0.4

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:16 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 448

ThreadCreationTime : 7-23-2006 3:53:03 PM

BasePriority : Normal

FileVersion : 1.9.1.762

ProductVersion : 1.9.1.762

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:17 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 652

ThreadCreationTime : 7-23-2006 3:53:08 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:18 [scardsvr.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 836

ThreadCreationTime : 7-23-2006 3:53:09 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Smart Card Resource Management Server

InternalName : SCardSvr.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : SCardSvr.exe

 

#:19 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 1220

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 3.0.0.166

ProductVersion : 3.0.0.166

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:20 [cdac11ba.exe]

FilePath : C:\WINDOWS\System32\drivers\

ProcessID : 1248

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 4.11.050

ProductVersion : 4.11.050 Windows NT 2001/07/12

ProductName : SafeCast Windows NT

CompanyName : C-Dilla Ltd

FileDescription : C-Dilla RTS Service

InternalName : CDANTSRV

LegalCopyright : Copyright © Macrovision 1993-2001

OriginalFilename : CDANTSRV.EXE

Comments : StringFileInfo: U.S. English

 

#:21 [cfsvcs.exe]

FilePath : C:\Program Files\TOSHIBA\ConfigFree\

ProcessID : 1284

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 3, 0, 0, 12

ProductVersion : 3, 0, 0, 10

ProductName : ConfigFree

CompanyName : TOSHIBA CORPORATION

FileDescription : Service of ConfigFree.

InternalName : CFSvcs.exe

LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.

LegalTrademarks : ConfigFree

OriginalFilename : CFSvcs.exe

Comments : Service of ConfigFree.

 

#:22 [dvdramsv.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 808

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 2, 0, 7, 0

ProductVersion : 2, 0, 7, 0

CompanyName : Matsushita Electric Industrial Co., Ltd.

FileDescription : Service of RAMAsst for Windows XP

LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003

OriginalFilename : DVDRAMSV.EXE

 

#:23 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ProcessID : 1444

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:24 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 1452

ThreadCreationTime : 7-23-2006 3:53:15 PM

BasePriority : Normal

FileVersion : 12.2.0.13

ProductVersion : 12.2.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:25 [npfmntor.exe]

FilePath : C:\Program Files\Norton AntiVirus\IWP\

ProcessID : 1512

ThreadCreationTime : 7-23-2006 3:53:16 PM

BasePriority : Normal

FileVersion : 12.2.0.13

ProductVersion : 12.2.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Firewall Install Monitor

InternalName : NPFMonitor

LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : NPFMonitor.EXE

 

#:26 [smagent.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 1768

ThreadCreationTime : 7-23-2006 3:53:16 PM

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

 

#:27 [swupdtmr.exe]

FilePath : c:\toshiba\ivp\swupdate\

ProcessID : 1868

ThreadCreationTime : 7-23-2006 3:53:16 PM

BasePriority : Normal

 

 

#:28 [scards32.exe]

FilePath : C:\WINDOWS\

ProcessID : 1928

ThreadCreationTime : 7-23-2006 3:53:16 PM

BasePriority : Normal

FileVersion : V2.14.38

ProductVersion : V2.14

ProductName : CHIPDRIVE IFD Drivers

CompanyName : Towitoko AG

FileDescription : SCARD 32-Bit 95/98-ServerProcess / NT-Service

InternalName : SCARDS32

LegalCopyright : © 1998-2002, Towitoko AG

OriginalFilename : SCARDS32.EXE

 

#:29 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2024

ThreadCreationTime : 7-23-2006 3:53:20 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:30 [00thotkey.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1776

ThreadCreationTime : 7-23-2006 3:53:29 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 21

ProductVersion : 6, 0, 2, 0

ProductName : TOSHIBA THotkey

CompanyName : TOSHIBA Corp.

FileDescription : THotkey

InternalName : THotkey

LegalCopyright : Copyright © 1999 -2003

OriginalFilename : THotkey.exe

 

#:31 [igfxtray.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1792

ThreadCreationTime : 7-23-2006 3:53:29 PM

BasePriority : Normal

FileVersion : 3,0,0,2104

ProductVersion : 7,0,0,2104

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:32 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1816

ThreadCreationTime : 7-23-2006 3:53:29 PM

BasePriority : Normal

FileVersion : 3,0,0,2104

ProductVersion : 7,0,0,2104

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:33 [ltmoh.exe]

FilePath : C:\Program Files\ltmoh\

ProcessID : 1904

ThreadCreationTime : 7-23-2006 3:53:30 PM

BasePriority : Normal

FileVersion : 1.69

ProductVersion : 1.69

ProductName : LtMoh Application

CompanyName : Agere Systems

FileDescription : LtMoh MFC Application

InternalName : LtMoh

LegalCopyright : Agere Copyright © 2001-2002

LegalTrademarks : LT

OriginalFilename : LtMoh.EXE

 

#:34 [agrsmmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 1508

ThreadCreationTime : 7-23-2006 3:53:30 PM

BasePriority : Normal

FileVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08

ProductVersion : 2.1.28.2 2.1.28.2 04/18/2003 11:20:08

ProductName : Agere SoftModem Messaging Applet

CompanyName : Agere Systems

FileDescription : SoftModem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © Agere Systems 1998-2000

OriginalFilename : smdmstat.exe

 

#:35 [apoint.exe]

FilePath : C:\Program Files\Apoint2K\

ProcessID : 2004

ThreadCreationTime : 7-23-2006 3:53:31 PM

BasePriority : Normal

FileVersion : 6.0.2.171

ProductVersion : 6.0.2.171

ProductName : Alps Pointing-device Driver

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver

InternalName : Alps Pointing-device Driver

LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.

OriginalFilename : Apoint.exe

 

#:36 [touched.exe]

FilePath : C:\Program Files\TOSHIBA\TouchED\

ProcessID : 2052

ThreadCreationTime : 7-23-2006 3:53:31 PM

BasePriority : Normal

FileVersion : 2, 5, 0, 0

ProductVersion : 2, 5, 0, 0

ProductName : TouchPad On/Off Utility

CompanyName : TOSHIBA Corporation

FileDescription : TouchPad On/Off Utility

InternalName : TouchED

LegalCopyright : Copyright 1998-2002 TOSHIBA Corporation. All rights reserved.

OriginalFilename : TouchED.exe

 

#:37 [tfnf5.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2064

ThreadCreationTime : 7-23-2006 3:53:32 PM

BasePriority : Normal

FileVersion : 2, 4, 1, 0

ProductVersion : 2, 4, 1, 0

ProductName : TOSHIBA Hotkey Utility for Display Devices

CompanyName : TOSHIBA Corp.

FileDescription : TFnF5

InternalName : TFnF5

LegalCopyright : Copyright © 2001-2003

OriginalFilename : TFnF5.Exe

Comments : Hotkey (Fn+F5) for Display Devices

 

#:38 [padexe.exe]

FilePath : C:\Program Files\TOSHIBA\PadTouch\

ProcessID : 2072

ThreadCreationTime : 7-23-2006 3:53:32 PM

BasePriority : Normal

FileVersion : 1, 2, 0, 0

ProductVersion : 1, 2, 0, 0

ProductName : PadTouch

CompanyName : TOSHIBA

FileDescription : PadTouch Main

InternalName : PadExe

LegalCopyright : Copyright © 2003 TOSHIBA Corporation

OriginalFilename : PadExe.exe

 

#:39 [tpsmain.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2088

ThreadCreationTime : 7-23-2006 3:53:32 PM

BasePriority : Normal

FileVersion : 1, 0, 9, 0

ProductVersion : 7, 0, 0, 0

ProductName : TOSHIBA Power Saver

CompanyName : TOSHIBA Corporation

InternalName : TPSMain

LegalCopyright : Copyright © 1998-2003 TOSHIBA Corporation

OriginalFilename : TPSMain.EXE

 

#:40 [tfncky.exe]

FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\

ProcessID : 2112

ThreadCreationTime : 7-23-2006 3:53:34 PM

BasePriority : Normal

FileVersion : 3.01.01

ProductVersion : 3.01.01

ProductName : TFncKy

CompanyName : TOSHIBA Corporation

FileDescription : TFncKy

InternalName : TFncKy

LegalCopyright : Copyright 2001-2003 TOSHIBA Corporation. All rights reserved.

OriginalFilename : TFncKy.EXE

 

#:41 [ezsp_px.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2132

ThreadCreationTime : 7-23-2006 3:53:34 PM

BasePriority : Normal

 

 

#:42 [bsclip.exe]

FilePath : C:\PROGRA~1\B'SCLI~1\Win2K\

ProcessID : 2180

ThreadCreationTime : 7-23-2006 3:53:35 PM

BasePriority : Normal

 

 

#:43 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2220

ThreadCreationTime : 7-23-2006 3:53:36 PM

BasePriority : Normal

FileVersion : 6.3

ProductVersion : QuickTime 6.3

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2003

OriginalFilename : QTTask.exe

 

#:44 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2232

ThreadCreationTime : 7-23-2006 3:53:36 PM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:45 [toscdspd.exe]

FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\

ProcessID : 2256

ThreadCreationTime : 7-23-2006 3:53:37 PM

BasePriority : Normal

 

 

#:46 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2292

ThreadCreationTime : 7-23-2006 3:53:38 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:47 [tpsbattm.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2308

ThreadCreationTime : 7-23-2006 3:53:38 PM

BasePriority : Normal

FileVersion : 1, 0, 2, 0

ProductVersion : 7, 0, 0, 0

ProductName : TOSHIBA Power Saver

CompanyName : TOSHIBA Corporation

InternalName : TPSBattM

LegalCopyright : Copyright © 1998-2003 TOSHIBA Corporation

OriginalFilename : TPSBattM.exe

 

#:48 [apntex.exe]

FilePath : C:\Program Files\Apoint2K\

ProcessID : 2344

ThreadCreationTime : 7-23-2006 3:53:42 PM

BasePriority : Normal

FileVersion : 5.0.1.15

ProductVersion : 5.0.1.15

ProductName : Alps Pointing-device Driver for Windows NT/2000/XP

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP

InternalName : Alps Pointing-device Driver for Windows NT/2000/XP

LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.

OriginalFilename : ApntEx.exe

 

#:49 [ramasst.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2564

ThreadCreationTime : 7-23-2006 3:53:50 PM

BasePriority : Normal

FileVersion : 1, 0, 9, 0

ProductVersion : 1, 0, 9, 0

CompanyName : Matsushita Electric Industrial Co., Ltd.

FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive

LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003

OriginalFilename : RAMASST.EXE

 

#:50 [wg111cfg.exe]

FilePath : C:\Program Files\NETGEAR\WG111 Configuration Utility\

ProcessID : 2684

ThreadCreationTime : 7-23-2006 3:53:55 PM

BasePriority : Normal

FileVersion : 2, 0, 2, 7

ProductVersion : 2, 0, 2, 7

ProductName : NETGEAR WG111 Smart Wizard-Wireless Assistance

FileDescription : NETGEAR WG111 Smart Wizard-Wireless Assistance

InternalName : Wg111.exe

LegalCopyright : 2004, Netgear, Inc. All Rights Reserved

OriginalFilename : Wg111.exe

 

#:51 [popupblocker.exe]

FilePath : C:\Program Files\CoffeeCup Software\PopUp Blocker\

ProcessID : 2756

ThreadCreationTime : 7-23-2006 3:53:59 PM

BasePriority : Normal

 

 

#:52 [hotsync.exe]

FilePath : C:\Program Files\palmOne\

ProcessID : 2920

ThreadCreationTime : 7-23-2006 3:54:24 PM

BasePriority : Normal

FileVersion : 4.0.4

ProductVersion : 4.1.0

ProductName : HotSync® Manager, Palm Desktop

CompanyName : Palm, Inc.

FileDescription : HotSync® Manager Application

InternalName : HotSync®

LegalCopyright : Copyright © 1995-2001 Palm, Inc.

LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.

OriginalFilename : Hotsync.exe

 

#:53 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3156

ThreadCreationTime : 7-23-2006 3:54:34 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:54 [nscsrvce.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\

ProcessID : 1272

ThreadCreationTime : 7-23-2006 3:55:00 PM

BasePriority : Normal

FileVersion : 2006.1.5.17

ProductVersion : 2006.1.5

ProductName : Norton Security Console

CompanyName : Symantec Corporation

FileDescription : Norton Security Console Norton Protection Center Service

InternalName : NSCService

LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : NSCSrvce.exe

 

#:55 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3168

ThreadCreationTime : 7-23-2006 3:55:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:56 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 1592

ThreadCreationTime : 7-23-2006 3:58:49 PM

BasePriority : Normal

FileVersion : 6.2.0.207

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:57 [ypager.exe]

FilePath : C:\Program Files\Yahoo!\Messenger\

ProcessID : 2960

ThreadCreationTime : 7-23-2006 4:17:25 PM

BasePriority : Normal

 

 

#:58 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 3292

ThreadCreationTime : 7-23-2006 4:21:20 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:59 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 2468

ThreadCreationTime : 7-23-2006 4:44:41 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:60 [hijackthis.exe]

FilePath : C:\Program Files\Hijackthis\

ProcessID : 2980

ThreadCreationTime : 7-23-2006 6:25:55 PM

BasePriority : Normal

FileVersion : 1.99.0001

ProductVersion : 1.99.0001

ProductName : HijackThis

CompanyName : Soeperman Enterprises Ltd.

FileDescription : HijackThis

InternalName : HijackThis

LegalCopyright : Freeware

OriginalFilename : HijackThis.exe

Comments : Version history is in Help section

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{df780f87-ff2b-4df8-92d0-73db16a1543a}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 7

Objects found so far: 7

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2.1

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment : ({DF780F87-FF2B-4DF8-92D0-73DB16A1543A})

Rootkey : HKEY_CLASSES_ROOT

Object : PopCapLoader.PopCapLoaderCtrl2.1

Value :

 

Adware.Pop Object Recognized!

Type : Regkey

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

Value : .Owner

 

Adware.Pop Object Recognized!

Type : RegValue

Data :

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll

Value : {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

 

Adware.Pop Object Recognized!

Type : File

Data : /windows/downloaded program files/popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Object : c:\

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : PopCapLoader Module

CompanyName : PopCap Games

FileDescription : PopCapLoader Module

InternalName : PopCapLoader

LegalCopyright : Copyright 2003

OriginalFilename : PopCapLoader.DLL

 

 

Adware.Pop Object Recognized!

Type : RegValue

Data : C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs

Value : C:\WINDOWS\Downloaded Program Files\popcaploader.dll

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 8

Objects found so far: 16

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Claudia Womack\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Claudia Womack\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\settings

Description : last save as directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\clip organizer\search\last query

Description : last query in microsoft clip organizer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\office\10.0\publisher\recent file list

Description : list of recent files used by microsoft publisher

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2580138605-3240177949-3290935501-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Share this post


Link to post
Share on other sites

And the rest of it:

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][3].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][1].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : claudia [email protected][2].txt

Category : Data Miner

Comment :

Value : C:\Documents and Settings\Claudia Womack\Cookies\claudia [email protected][2].txt

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 27

Objects found so far: 69

 

 

Disk Scan Result for C:\BJPrinter\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\C_DILLA\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\Config.Msi\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\DOCS\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\Documents and Settings\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\gfx\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\KB822624.temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\MSOCache\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\NETGEAR\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\Program Files\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\RECYCLER\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Disk Scan Result for C:\TOSHIBA\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 69

 

Adware.Pop Object Recognized!

Type : File

Data : popcaploader.dll

Category : Possible Browser Hijack attempt

Comment :

Object : C:\WINDOWS\Downloaded Program Files\

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

ProductName : PopCapLoader Module

CompanyName : PopCap Games

FileDescription : PopCapLoader Module

InternalName : PopCapLoader

LegalCopyright : Copyright 2003

OriginalFilename : PopCapLoader.DLL

 

 

Disk Scan Result for C:\WINDOWS\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 70

 

Disk Scan Result for C:\WORKSSETUP\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 70

 

Disk Scan Result for C:\WUTemp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 70

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 70

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 70

 

1:04:28 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:18:48.0

Objects scanned:188618

Objects identified:44

Objects ignored:0

New critical objects:44

Share this post


Link to post
Share on other sites

Thanks, now I see it.

 

It is this item in your HijackThis log:

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/chuzzle/popcaploader_v6.cab

 

That's a downloaded program file (via activeX) which appears to be for a game. If you choose to download that popcaploader for chuzzle on purpose, you can safely ignore those entries. It's simply alerting you to it's presence in case it is an Adware program you did NOT want on your system. Although some people do use it and enjoy it. It's not harmful to your computer.

 

Edit to add: If you rightclick on the items in the adaware scan list, you can get more details on what it has found to help decide if it is something you wish to keep or delete. When you rightclick you get this popup. Just choose *Item details* to see more info on an item. It will give you a link to the Threat Assessment Chart (TAC) so you can be more informed about what it is and does and can decide if that is something that needs to be deleted or not.

post-65-1153844599_thumb.jpg

Share this post


Link to post
Share on other sites

Thanks, again. I did download that game and allowed the activeX. But is that what's causing my Ad-Aware program to stop and just sit there when it gets to the system volume file? And would that keep my defrag from being able to defrag that file?

Share this post


Link to post
Share on other sites

No, that would not cause the stall at the System Volume Information directory. That's a different issue.

 

So, you can ignore the item you did download for the game.

 

As for the System Volume Information (which is really your system restore backups) and defrag problems. Try resetting your System Restore as follows:

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

...............

Another thing I notice is that you have an old build of Adaware SE.

See here on how to update to the newer version:

Ad-Aware Latest Version

http://www.lavasoftsupport.com/index.php?showtopic=1163

(that is linked at the very top of this forum)

 

Let me know if those two steps resolve the problem.

Share this post


Link to post
Share on other sites

Yep! That worked! My defrag AND my Ad-Aware made it all the way through without a problem.

 

As for the old version, it let me know I needed the upgrade, but I couldn't find my reference # to get it. I finally found it and sent an email to get the upgrade info.

 

Thanks so much for your help!! You are much appreciated!!!!!!

Share this post


Link to post
Share on other sites

Hooray! I'm so glad we were able to get it resolved for you. :D

 

I'll go ahead and archive this thread to the read-only Resolved Area. If you should encounter any further issues, please feel free to start a new topic.

Share this post


Link to post
Share on other sites
Sign in to follow this