Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [FIXED] Library of Spyware and Adware on my PC

[Fixed] Hijackthis! Logs - [FIXED] Library of Spyware and Adware on my PC posted in the Security & Safety forums; Oops , i didn't read youre post good enough. I thought you had problems with downloading that uninstaller. And youre log is clean. Either it doesn't have anything running or ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 6 of 9 « First < 2 3 4 5 6 7 8 9 >
  #36  
Old 09-25-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC


Oops , i didn't read youre post good enough. I thought you had problems with downloading that uninstaller.


And youre log is clean. Either it doesn't have anything running or its part of one of the many IBM entry's in youre log.
Ill see if i can find anything else.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #37  
Old 09-25-2005
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
I just ran adaware and it jsut found some stuff. I don't know if it is that important, but the Ist bar is the thing that popped out to me. here is the log
ProcessID : 528
ThreadCreationTime : 9-25-2005 2:53:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 9-25-2005 2:53:21 PM
BasePriority : Normal


#:7 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 9-25-2005 2:53:21 PM
BasePriority : Normal
FileVersion : 6.14.10.4115
ProductVersion : 6.14.10.4115.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright ? 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 9-25-2005 2:53:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 816
ThreadCreationTime : 9-25-2005 2:53:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 9-25-2005 2:53:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 936
ThreadCreationTime : 9-25-2005 2:53:22 PM
BasePriority : Normal
FileVersion : 4, 3, 7, 3
ProductVersion : 4, 3, 7, 3
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1056
ThreadCreationTime : 9-25-2005 2:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 9-25-2005 2:53:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1304
ThreadCreationTime : 9-25-2005 2:53:23 PM
BasePriority : Normal
FileVersion : 103.5.4.3
ProductVersion : 103.5.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:15 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1344
ThreadCreationTime : 9-25-2005 2:53:23 PM
BasePriority : Normal
FileVersion : 103.5.4.3
ProductVersion : 103.5.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 9-25-2005 2:53:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1892
ThreadCreationTime : 9-25-2005 2:53:32 PM
BasePriority : Normal
FileVersion : 10.0.1.1000
ProductVersion : 10.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:18 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1924
ThreadCreationTime : 9-25-2005 2:53:32 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright ? 2004
OriginalFilename : ewidoctrl.exe

#:19 [rrpcsb.exe]
FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
ProcessID : 1944
ThreadCreationTime : 9-25-2005 2:53:32 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1968
ThreadCreationTime : 9-25-2005 2:53:32 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft? Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 164
ThreadCreationTime : 9-25-2005 2:53:33 PM
BasePriority : Normal
FileVersion : 10.0.1.1000
ProductVersion : 10.0.1.1000
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:22 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 316
ThreadCreationTime : 9-25-2005 2:53:33 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright ? 2002
OriginalFilename : SMAgent.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 352
ThreadCreationTime : 9-25-2005 2:53:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 376
ThreadCreationTime : 9-25-2005 2:53:33 PM
BasePriority : Normal
FileVersion : 10.0.1.1000
ProductVersion : 10.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

#:25 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 428
ThreadCreationTime : 9-25-2005 2:53:34 PM
BasePriority : Normal


#:26 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 9-25-2005 2:53:34 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1684
ThreadCreationTime : 9-25-2005 2:53:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1932
ThreadCreationTime : 9-25-2005 2:53:41 PM
BasePriority : Normal
FileVersion : 6.14.10.4115
ProductVersion : 6.14.10.4115.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright ? 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:29 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 492
ThreadCreationTime : 9-25-2005 2:53:42 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [tpshocks.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2132
ThreadCreationTime : 9-25-2005 2:53:46 PM
BasePriority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : n/a TpShocks
CompanyName : IBM Corp.
FileDescription : IBM Active Protection System
InternalName : TpShocks
LegalCopyright : Copyright (C) IBM Corp. 2003-2005
OriginalFilename : TpShocks.exe

#:31 [tpscrlk.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2176
ThreadCreationTime : 9-25-2005 2:53:47 PM
BasePriority : Normal


#:32 [tphkmgr.exe]
FilePath : C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\
ProcessID : 2212
ThreadCreationTime : 9-25-2005 2:53:47 PM
BasePriority : Above Normal


#:33 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2232
ThreadCreationTime : 9-25-2005 2:53:48 PM
BasePriority : Normal
FileVersion : 7.5.17.13 08Nov04
ProductVersion : 7.5.17.13 08Nov04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:34 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2292
ThreadCreationTime : 9-25-2005 2:53:48 PM
BasePriority : Normal
FileVersion : 7.5.17.13 08Nov04
ProductVersion : 7.5.17.13 08Nov04
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:35 [tponscr.exe]
FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY\
ProcessID : 2320
ThreadCreationTime : 9-25-2005 2:53:48 PM
BasePriority : Normal


#:36 [tpscrex.exe]
FilePath : C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\
ProcessID : 2328
ThreadCreationTime : 9-25-2005 2:53:48 PM
BasePriority : Normal
FileVersion : 1.14
ProductVersion : 1.14
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright (C) IBM Corp. 2000,2005
OriginalFilename : TpScrEx.exe

#:37 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ProcessID : 2424
ThreadCreationTime : 9-25-2005 2:53:49 PM
BasePriority : Normal


#:38 [lxbtbmgr.exe]
FilePath : C:\Program Files\Lexmark 5200 series\
ProcessID : 2568
ThreadCreationTime : 9-25-2005 2:53:50 PM
BasePriority : Normal
FileVersion : 1.0.8.2
ProductVersion : 1.0.8.2
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Manager
InternalName : lxbtbmgr.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmgr.exe

#:39 [ibmprc.exe]
FilePath : C:\IBMTOOLS\UTILS\
ProcessID : 2580
ThreadCreationTime : 9-25-2005 2:53:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright (C) 2004 IBM
OriginalFilename : ibmprc.exe

#:40 [ezejmnap.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 2592
ThreadCreationTime : 9-25-2005 2:53:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright (C) IBM Corp. 2002,2005.
OriginalFilename : EzEjMnAp.EXE

#:41 [lxbtbmon.exe]
FilePath : C:\Program Files\Lexmark 5200 series\
ProcessID : 2608
ThreadCreationTime : 9-25-2005 2:53:51 PM
BasePriority : Normal
FileVersion : 1.0.8.2
ProductVersion : 1.0.8.2
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Monitor
InternalName : lxbtbmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmon.exe

#:42 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2616
ThreadCreationTime : 9-25-2005 2:53:51 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright ? 2004 Sonic Solutions

#:43 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2648
ThreadCreationTime : 9-25-2005 2:53:51 PM
BasePriority : Normal
FileVersion : 5, 0, 1, 57
ProductVersion : 5, 0, 1, 57
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:44 [smax4.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2676
ThreadCreationTime : 9-25-2005 2:53:52 PM
BasePriority : Normal
FileVersion : 5, 0, 2, 4
ProductVersion : 5, 0, 2, 4
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright ? 2002-2004, Analog Devices
OriginalFilename : SMax4.EXE

#:45 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2732
ThreadCreationTime : 9-25-2005 2:53:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:46 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2828
ThreadCreationTime : 9-25-2005 2:53:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:47 [qcwlicon.exe]
FilePath : C:\Program Files\ThinkPad\ConnectUtilities\
ProcessID : 2884
ThreadCreationTime : 9-25-2005 2:53:54 PM
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
LegalCopyright : Copyright (C) IBM Corp. 2001, 2005
OriginalFilename : QCWLIcon.exe
Comments : IBM Access Connections Component.

#:48 [pronomgr.exe]
FilePath : C:\Program Files\Intel\PROSetWired\NCS\PROSet\
ProcessID : 2932
ThreadCreationTime : 9-25-2005 2:53:55 PM
BasePriority : Normal
FileVersion : 6.4.3.8
ProductVersion : 6.4.3.8
ProductName : Intel(R) Network Configuration Services
CompanyName : Intel(R) Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright(C) 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:49 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2944
ThreadCreationTime : 9-25-2005 2:53:55 PM
BasePriority : Normal
FileVersion : 5.0.0.35
ProductVersion : 5.0.0.35
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : ? 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:50 [qttask.exe]
FilePath : C:\program files\chemistry 11l programs\quicktime\
ProcessID : 3004
ThreadCreationTime : 9-25-2005 2:53:57 PM
BasePriority : Normal
FileVersion : 7.0.2
ProductVersion : QuickTime 7.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:51 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3096
ThreadCreationTime : 9-25-2005 2:53:57 PM
BasePriority : Normal
FileVersion : 5.0.0.35
ProductVersion : 5.0.0.35
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : ? 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:52 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3168
ThreadCreationTime : 9-25-2005 2:53:58 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright ? RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:53 [qctray.exe]
FilePath : C:\PROGRA~1\ThinkPad\CONNEC~1\
ProcessID : 3224
ThreadCreationTime : 9-25-2005 2:53:58 PM
BasePriority : Normal
FileVersion : 3, 7, 1, 0
ProductVersion : 3, 7, 1, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Taskbar Application.
InternalName : QCTray
LegalCopyright : Copyright (C) IBM Corp. 2001, 2005
OriginalFilename : QCTray.exe
Comments : IBM Access Connections Component.

#:54 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3340
ThreadCreationTime : 9-25-2005 2:53:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:55 [mssysmgr.exe]
FilePath : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\
ProcessID : 3400
ThreadCreationTime : 9-25-2005 2:54:00 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright ? 2004 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:56 [acs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3540
ThreadCreationTime : 9-25-2005 2:54:01 PM
BasePriority : Normal


#:57 [afscreds.exe]
FilePath : C:\Program Files\OpenAFS\Client\Program\
ProcessID : 3644
ThreadCreationTime : 9-25-2005 2:54:02 PM
BasePriority : Normal


#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3212
ThreadCreationTime : 9-25-2005 3:04:11 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright ? Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
??????????????????????????????????????
New critical objects: 0
Objects found so far: 10


Started registry scan
??????????????????????????????????????

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2491644285-426764551-501881172-1017\software\microsoft\internet explorer\toolbar\webbrowser
Value : {86227D9C-0EFE-4f8a-AA55-30386A3F5686}

Registry Scan result:
??????????????????????????????????????
New critical objects: 1
Objects found so far: 11


Started deep registry scan
??????????????????????????????????????

Deep registry scan result:
??????????????????????????????????????
New critical objects: 0
Objects found so far: 11


Started Tracking Cookie scan
??????????????????????????????????????


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nikhilp@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:nikhilp@valueclick.net/
Expires : 9-19-2030 10:20:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
??????????????????????????????????????
New critical objects: 1
Objects found so far: 12



Deep scanning and examining files (C
??????????????????????????????????????

Disk Scan Result for C:\
??????????????????????????????????????
New critical objects: 0
Objects found so far: 12


Deep scanning and examining files (D
??????????????????????????????????????

Disk Scan Result for D:\
??????????????????????????????????????
New critical objects: 0
Objects found so far: 12


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
?????????????????????????????????????????????????? ??????????????????????????

Hosts file scan result:
??????????????????????????????????????
1 entries scanned.
New critical objects:0
Objects found so far: 12




Performing conditional scans...
??????????????????????????????????????

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : File
Data : data
TAC Rating : 7
Category : Malware
Comment :
Object : c:\



Conditional scan result:
??????????????????????????????????????
New critical objects: 3
Objects found so far: 15

11:19:55 AM Scan Complete

Summary Of This Scan
??????????????????????????????????????
Total scanning time:00:15:29.947
Objects scanned:130304
Objects identified:5
Objects ignored:0
New critical objects:5
  #38  
Old 09-25-2005
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
I used HJT in the misc tools screen to delete The Best Offers from my Add Remove list. I engaged all the popup blockers that I have and so far, I haven't gotten one. I am now going to put my computer back on system restore and to hide hidden files. Is this ok? Thanks for ALL your help.


  #39  
Old 09-25-2005
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
Well, I have Adaware3 on my computer with which I run scans continuously. While it used to come up with a long list of things, now it is limited to three which I think are the source of the pop-up ads I am getting. They are the reg keys of PeopleOnPage.AproposMedia

HKEY_LOCAL_MACHINE\Software\aprps
HKEY_LOCAL_MACHINE\Software\aprps\Client
HKEY_LOCAL_MACHINE\Software\aprps\Client : PartnerID

What should I do? I delete these Reg keys, but they reappear in a few moments.
  #40  
Old 09-25-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC


Removal
Go to the Control Panel?s Add/Remove Programs feature. Select and remove ?AM Server? and ?POP? for the POP variant, or ?SysAI? (SysAI variant) or CtxPls (CxtPls variant). These entries seem often to be missing, necessitating manual removal.
See if you have any of these entry's in youre add and remove programs list or if not , then see here for manuall removal instructions:

This is the variant that you have i think:

POP variant
Open the registry, by clicking ?Start?, choosing ?Run? and entering ?regedit?. Open the ?CLSID? key inside ?HKEY_CLASSES_ROOT? and delete the following subkeys:

{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}
{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}
{8023A3E7-AB95-4C23-8313-0BE9842CC70E}
{976C4E11-B9C5-4B2B-97EF-F7D06BA4242F}
{B3BE5046-8197-48FB-B89F-7C767316D03C}
Next, open the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run and delete the ?AutoUpdater? and ?POP? entries.

You can also delete HKEY_CLASSES_ROOT\POP.Server[.1], HKEY_CLASSES_ROOT\POPAd.Server[.1], HKEY_LOCAL_MACHINE\Software\POP and HKEY_CURRENT_USER\Software\POP to clean up.


Restart the computer and you should be able to delete the ?AutoUpdate? folder in ?Program Files? (on the C: drive, even if your Program Files are normally elsewhere), along with the folder ?POP? (POP variant), ?SysAI? (SysAI variant) or ?CxtPls? (CxtPls variant).

In the System folder you can also delete the two semi-randomly-named EXE files referred to by the registry entries of the SysAI and CxtPls variants, and, if you have them, auto_update_uninstall.exe and auto_update_uninstall.log.






Or if that doesnt work try this:



SysAI and CxtPls variants
Open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run. Delete the ?AutoUpdater? entry. There is also one other entry that must be deleted. Its name will be a nonsensical string of eight random alphanumeric characters, and its value will be a single EXE filename, which is semi-random.

If you are not sure you have the right entry, open the System folder (inside the Windows folder, called ?System32? under Windows NT/2000/XP/2003) and load the EXE file it refers to into a text editor. The guilty file will have the string ?WinGenerics? inside it somewhere.

Now open the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run and there should be a similar eight-character random entry pointing to another semi-random EXE in the System folder. Delete this too.

You can also delete the registry keys HKEY_LOCAL_MACHINE\SOFTWARE\Envolo, HKEY_LOCAL_MACHINE\SOFTWARE\AutoUpdate and HKEY_CURRENT_USER\Software\Apropos to clean up.

SysAI variant
Open a Command Prompt window (from Start->Programs->Accessories) and enter the following commands:

cd %WinDir%\System
regsvr32 /u "C:\Program Files\SysAI\AproposPlugin.dll"
CxtPls variant
Open a Command Prompt window (from Start->Programs->Accessories) and enter the following commands:

cd %WinDir%\System
regsvr32 /u "C:\Program Files\CxtPls\CxtPls.dll"
All variants
Restart the computer and you should be able to delete the ?AutoUpdate? folder in ?Program Files? (on the C: drive, even if your Program Files are normally elsewhere), along with the folder ?POP? (POP variant), ?SysAI? (SysAI variant) or ?CxtPls? (CxtPls variant).

In the System folder you can also delete the two semi-randomly-named EXE files referred to by the registry entries of the SysAI and CxtPls variants, and, if you have them, auto_update_uninstall.exe and auto_update_uninstall.log.




__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #41  
Old 09-25-2005
Bronze Member
  
Join Date: Sep 2005
Posts: 25
Tigereye1786 - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
Literally NONE of the reg keys,files, or programs were on my computer except for auto_update_uninstall.log. However the three reg keys I told you about are still there.
  #42  
Old 10-02-2005
Silver Member
  
Join Date: Oct 2005
Location: St Ives, Cornwall
Posts: 104
PC Experience: PC Illiterate
Mere_Mortal - See this Members User comments on their Profile page
Default Re: Library of Spyware and Adware on my PC
Hi there

Give a try to Symantec's tool for removing Apropos, which can be downloaded from [here]

Failing that, it might be worthwhile seeing if SilentRunners exposes anything that might have been missed by other scans. The VBS file is attached (compressed). If you do not have anything to extract the file, [WinRAR] is free and easy to use. Once extracted, simply execute the script and a textfile will open once it has competed its process, for which myself or another advisor will analyze.

Regards,
M_M