Win32.Trojan.Downloader ?

JudE · April 16, 2006, 07:50:05 PM

Hello,
Ad-Aware SE Personal says I have Win32.Trojan.Downloader, and C:/windows/Last Good/Downloaded Program Files/popcaploader.dll. Lavasoft's TAC is a 10. The online scanner X-Cleaner at spywareinfo.com says I have popcaploader with 16 registry keys but under "more info" it only says its being investigated, no longer a threat, or (something else). No description. I have not fixed any of this. In a search I saw that it is related to Pop Cap games, which I have played online--Zuma, Bejeweled2, etc. I have been playing PopCap games for a veerry long time and this is the first time this treat has ever shown up on my computer. Spybot does not find it. Kaspersky online found nothing. Symantec Antivirus Corporate Edition found nothing.
Is this really dangerous or not? Following is my Ad-Aware log. (Pentium 4,
WindowsXP SP1, Spybot S&D, Ad-Aware SE, Free ZoneAlarm, Cookiewall, CCleaner)

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, April 16, 2006 11:06:31 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R103 10.04.2006
Internal build : 120
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 603709 Bytes
Total size : 1990340 Bytes
Signature data size : 1976427 Bytes
Reference data size : 13401 Bytes
Signatures total : 54120
CSI Fingerprints total : 2301
CSI data size : 73588 Bytes
Target categories : 15
Target families : 870

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:33 %
Total physical memory:260592 kb
Available physical memory:83488 kb
Total page file size:640912 kb
Available on page file:371556 kb
Total virtual memory:2097024 kb
Available virtual memory:2026204 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

4-16-2006 11:06:31 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 564
ThreadCreationTime : 4-16-2006 2:18:32 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 4-16-2006 2:18:34 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 4-16-2006 2:18:35 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 4-16-2006 2:18:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 4-16-2006 2:18:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 4-16-2006 2:18:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 924
ThreadCreationTime : 4-16-2006 2:18:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 4-16-2006 2:18:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1132
ThreadCreationTime : 4-16-2006 2:18:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1244
ThreadCreationTime : 4-16-2006 2:18:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1344
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:12 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:13 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1392
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:14 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 1424
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT

#:15 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1456
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1504
ThreadCreationTime : 4-16-2006 2:18:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\
ProcessID : 1544
ThreadCreationTime : 4-16-2006 2:18:39 PM
BasePriority : Normal
FileVersion : 6.1.737.000
ProductVersion : 6.1.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:18 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 1676
ThreadCreationTime : 4-16-2006 2:18:40 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 332
ThreadCreationTime : 4-16-2006 2:18:47 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [imgicon.exe]
FilePath : C:\Program Files\Iomega\DriveIcons\
ProcessID : 1176
ThreadCreationTime : 4-16-2006 2:19:02 PM
BasePriority : Normal

#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1600
ThreadCreationTime : 4-16-2006 2:19:09 PM
BasePriority : Normal
FileVersion : 6.1.737.000
ProductVersion : 6.1.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:22 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1840
ThreadCreationTime : 4-16-2006 2:19:14 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002

#:23 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1828
ThreadCreationTime : 4-16-2006 2:19:15 PM
BasePriority : Normal
FileVersion : 3,0,0,1715
ProductVersion : 7,0,0,1715
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:24 [adusermon.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 200
ThreadCreationTime : 4-16-2006 2:19:17 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe

#:25 [cookie.exe]
FilePath : C:\Program Files\AnalogX\CookieWall\
ProcessID : 212
ThreadCreationTime : 4-16-2006 2:19:19 PM
BasePriority : Normal

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 244
ThreadCreationTime : 4-16-2006 2:19:22 PM
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe

#:27 [weather.exe]
FilePath : C:\Program Files\AWS\WeatherBug\
ProcessID : 1764
ThreadCreationTime : 4-16-2006 2:19:28 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 18
ProductVersion : 3, 0, 0, 18
ProductName : AWS, Inc.WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2002
LegalTrademarks : WeatherBug, WeatherNet, WeatherNet+, InstaCAM
OriginalFilename : WeatherBug.exe
Comments : World Largest Weather Network

#:28 [ibackup.exe]
FilePath : C:\Program Files\Iomega\Iomega Automatic Backup\
ProcessID : 1928
ThreadCreationTime : 4-16-2006 2:19:31 PM
BasePriority : Normal
FileVersion : Build 54
ProductVersion : 1, 0, 2, 54
ProductName : Iomega Automatic Backup
CompanyName : Iomega Corporation
LegalCopyright : Copyright © 2002
LegalTrademarks : Iomega® Automatic Backup Patent Pending. iomega, the stylized "i" logo, and the Iomega Automatic Backup brand block are registered trademarks or trademarks of Iomega Corporation in the U.S. and/or other countries.
Comments : Go to http://www.iomega.com/software for more Iomega software!

#:29 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 108
ThreadCreationTime : 4-16-2006 2:19:41 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:30 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1596
ThreadCreationTime : 4-16-2006 2:19:46 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:31 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 760
ThreadCreationTime : 4-16-2006 2:19:51 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:32 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 1876
ThreadCreationTime : 4-16-2006 2:20:02 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:33 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2192
ThreadCreationTime : 4-16-2006 2:20:22 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:34 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 2208
ThreadCreationTime : 4-16-2006 2:20:26 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:35 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 2216
ThreadCreationTime : 4-16-2006 2:20:26 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:36 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2328
ThreadCreationTime : 4-16-2006 2:20:49 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:37 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2436
ThreadCreationTime : 4-16-2006 2:21:21 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:38 [taskpanl.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\
ProcessID : 2520
ThreadCreationTime : 4-16-2006 2:22:02 PM
BasePriority : Normal
FileVersion : 2005.2.98.0
ProductVersion : 2005.2.98.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.

#:39 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3376
ThreadCreationTime : 4-16-2006 2:26:18 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1900
ThreadCreationTime : 4-16-2006 3:34:25 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0108687.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL

Win32.Trojan.Downloader Object Recognized!
Type : File
Data : popcaploader.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\LastGood\Downloaded Program Files\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

11:21:28 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:56.421
Objects scanned:153154
Objects identified:2
Objects ignored:0
New critical objects:2

GR@PH;<'S · April 16, 2006, 08:09:38 PM

JudE,
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like ;)
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,

QuoteDefault IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack

Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack

GR@PH;<'S :breakkie:

JudE · April 16, 2006, 10:34:31 PM

Ok. Sorry it took so long GR@PH;<'S. Had to download new ver. ccleaner. Then the object in system restore wouldn't die & I had to scan again. I thought I set the AAW SE setting you told me, but I don't see it. Here's the new log.
Thanks for your help.

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, April 16, 2006 5:10:49 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R103 10.04.2006
Internal build : 120
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 603709 Bytes
Total size : 1990340 Bytes
Signature data size : 1976427 Bytes
Reference data size : 13401 Bytes
Signatures total : 54120
CSI Fingerprints total : 2301
CSI data size : 73588 Bytes
Target categories : 15
Target families : 870

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:16 %
Total physical memory:260592 kb
Available physical memory:40760 kb
Total page file size:640912 kb
Available on page file:395404 kb
Total virtual memory:2097024 kb
Available virtual memory:2046040 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

4-16-2006 5:10:49 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 568
ThreadCreationTime : 4-16-2006 10:06:41 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 4-16-2006 10:06:43 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 4-16-2006 10:06:44 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 4-16-2006 10:06:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 4-16-2006 10:06:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 4-16-2006 10:06:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 924
ThreadCreationTime : 4-16-2006 10:06:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 4-16-2006 10:06:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1132
ThreadCreationTime : 4-16-2006 10:06:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1244
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1344
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:12 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:13 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1392
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:14 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 1420
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT

#:15 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1456
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1504
ThreadCreationTime : 4-16-2006 10:06:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\
ProcessID : 1544
ThreadCreationTime : 4-16-2006 10:06:48 PM
BasePriority : Normal
FileVersion : 6.1.737.000
ProductVersion : 6.1.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:18 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 1612
ThreadCreationTime : 4-16-2006 10:06:48 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 320
ThreadCreationTime : 4-16-2006 10:06:58 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [imgicon.exe]
FilePath : C:\Program Files\Iomega\DriveIcons\
ProcessID : 1176
ThreadCreationTime : 4-16-2006 10:07:11 PM
BasePriority : Normal

#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1804
ThreadCreationTime : 4-16-2006 10:07:18 PM
BasePriority : Normal
FileVersion : 6.1.737.000
ProductVersion : 6.1.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:22 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1832
ThreadCreationTime : 4-16-2006 10:07:24 PM
BasePriority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002

#:23 [usrprmpt.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 140
ThreadCreationTime : 4-16-2006 10:07:25 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Helper
InternalName : UsrPrmpt.dll
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : UsrPrmpt.dll

#:24 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 160
ThreadCreationTime : 4-16-2006 10:07:26 PM
BasePriority : Normal
FileVersion : 3,0,0,1715
ProductVersion : 7,0,0,1715
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:25 [adusermon.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 204
ThreadCreationTime : 4-16-2006 10:07:29 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe

#:26 [cookie.exe]
FilePath : C:\Program Files\AnalogX\CookieWall\
ProcessID : 220
ThreadCreationTime : 4-16-2006 10:07:30 PM
BasePriority : Normal

#:27 [ibackup.exe]
FilePath : C:\Program Files\Iomega\Iomega Automatic Backup\
ProcessID : 1956
ThreadCreationTime : 4-16-2006 10:07:42 PM
BasePriority : Normal
FileVersion : Build 54
ProductVersion : 1, 0, 2, 54
ProductName : Iomega Automatic Backup
CompanyName : Iomega Corporation
LegalCopyright : Copyright © 2002
LegalTrademarks : Iomega® Automatic Backup Patent Pending. iomega, the stylized "i" logo, and the Iomega Automatic Backup brand block are registered trademarks or trademarks of Iomega Corporation in the U.S. and/or other countries.
Comments : Go to http://www.iomega.com/software for more Iomega software!

#:28 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1580
ThreadCreationTime : 4-16-2006 10:07:46 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [hpobnz08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 492
ThreadCreationTime : 4-16-2006 10:07:47 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:30 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 520
ThreadCreationTime : 4-16-2006 10:07:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:31 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 268
ThreadCreationTime : 4-16-2006 10:07:51 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:32 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 1068
ThreadCreationTime : 4-16-2006 10:08:04 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:33 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2040
ThreadCreationTime : 4-16-2006 10:08:16 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:34 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 2056
ThreadCreationTime : 4-16-2006 10:08:18 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:35 [konfabulator.exe]
FilePath : C:\Program Files\Pixoria\Konfabulator\
ProcessID : 2064
ThreadCreationTime : 4-16-2006 10:08:18 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : Konfabulator
CompanyName : Yahoo, Inc.
FileDescription : Konfabulator
InternalName : Konfabulator
LegalCopyright : Copyright (C) 2004-2005 Yahoo! Inc.
OriginalFilename : Konfabulator.exe

#:36 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2196
ThreadCreationTime : 4-16-2006 10:08:25 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:37 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2372
ThreadCreationTime : 4-16-2006 10:09:16 PM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2580
ThreadCreationTime : 4-16-2006 10:10:24 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0

5:28:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:47.969
Objects scanned:152399
Objects identified:0
Objects ignored:0
New critical objects:0

GR@PH;<'S · April 17, 2006, 12:48:41 PM

JudE,
I see you have

QuoteMicrosoft Windows XP Home Edition Service Pack 1

I highly recommend that you up date your PC to SP2 (Service Pack 2)

Quoteyou could always order the CD: for service pack 2... Also please remember after you install SP 2 you are still going to a long way from being right up to date you will probably need to up date on line the patches that have come out since service pack 2 was released..

http://www.microsoft.com/windowsxp/sp2/default.mspx

The latest Service Pack for Windows XP—Service Pack 2 (SP2)—is all about security, and it's one of ...

If you cannot download SP2 via Microsoft Update, you can order it on CD.
Order link...
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx

GR@PH;<'S :breakkie:

SpiritWind · April 17, 2006, 09:33:16 PM

:) Hi JudE :

I noticed Hewlett - Packard Digital Imaging in your Ad-Aware logfile ; there has
been recent news that Microsoft Update KB908531 released a few days ago has
been causing problems with those having that !? Have you experienced any such
problem(s) !?

In addition, I noticed "Weatherbug" ; some consider this to be adware at a
minimum . Would encourage you to read the info at :
www.searchlores.org/weatherbug.htm &
www.pchell.com/support/weatherbug.shtml .
The pchell site recommends the safer & "cleaner" Weatherpulse, which is at :
http://tropicdesigns.net/weatherpulse.php .
I have put Weatherpulse on my computer & very pleased with it .

JudE · April 18, 2006, 02:03:45 AM

Thanks Graph. I have the CD and 3.telus.net Installation Checklist, and all the M$ instructions bookmarked. I'm just a big chicken. I know I'll have programs broken. Not good I know. Cluck cluck. :)

Hi SpiritWind. I learned a long time ago to wait with the updates. I'm still reading about all the problems on support.microsoft, cnet, sunbeltblog, etc., and the manuvers you have to go thru to get websites to work. I saw the problems with the HP items too. Also problems with AV programs. KB908531 failed when I tried it any how, luckily(?). Ad-Aware or Spybot killed the mini-bug/transponder, whatever it was, in my old ver.3 a long time ago and I haven't updated it. But I will bookmark your site for future use. Thank you for the tip. :thumbsup:

Corrine · April 18, 2006, 12:28:50 PM

Hi, JudE.

I would suggest that you first scan with ewido (See http://www.landzdown.com/index.php?topic=1133.0 for instructions). Following removal of any detected objects with ewido, create a new restore point. Next install Service Pack 2. The issue with "broken programs" and Service Pack 2 was a very long time ago. You are jeopardizing your computer not updating to SP2.

JudE · April 18, 2006, 01:49:29 PM

Thank you Corine. I will make note of this.

WhiteSpirit, just received a M$ advisory for 908531, perhaps you have to. It has HP as known issues on HP and a resolution. http://support.microsoft.com/kb/918165. It mentions share-to-web but possibly it could help the Digital imaging(?) Just a thought. :)

JudE · April 18, 2006, 02:15:42 PM

I am so sorry, SpiritWind, I got your name wrong. Please forgive. :wink:

SpiritWind · April 18, 2006, 05:47:24 PM

:) Hi JudE :

I sent someone to this forum that was having problems and it turned out to be
KB908531; SpyDie here on landzdown has developed a "workaround" which he
calls a "VBS file"; info can be found in ramblinrose's thread in HJT forum .

SpyDie · April 18, 2006, 08:14:46 PM

Quote from: SpiritWind on April 18, 2006, 05:47:24 PM
:) Hi JudE :

I sent someone to this forum that was having problems and it turned out to be
KB908531; SpyDie here on landzdown has developed a "workaround" which he
calls a "VBS file"; info can be found in ramblinrose's thread in HJT forum .

I wouldn't call it a workaround, maybe just more of a simpler way of implementing what Microsoft asks in that article. :) (It isn't a hack of any sort, FYI, merely the information added to the registry is based on MS's article)

JudE · April 19, 2006, 01:13:12 AM

Hi SpiritWind :D
Thanks for pointing me SpyDie's file. I makes me nervous messing with the registry. Wow, Ramblinrose sure had problems. I'm worn out just reading it.

Thanks so much SpyDie for that file. :Yahoo:

SpyDie · April 19, 2006, 07:13:40 PM

You're welcome, glad to help :)