Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help. My Comp Has Adware.digitalnames


  • This topic is locked This topic is locked
3 replies to this topic

#1 brevmita

brevmita

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 25 February 2008 - 08:39 PM

Hi. I scanned using Ad-Aware and it found 2 files with Adware.DigitalNames. I have quarantined these two files. I might have gotten infected because sometimes my Comodo firewall won't run on startup and I have to manually start it and using Firefox seems a little slow.
Please have a look at my Hijackthis log file and Ad-Aware log file.


Hijackthis log file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:56 AM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\Utorrent\utorrent.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185130847687
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F304667-5216-4FEE-8262-1A3E375D30CD}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4479 bytes

_____________________________________________________________________________________________


Ad-Aware log file:


Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, February 26, 2008 8:33:57 AM
Using definitions file:SE1R222 25.02.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.DigitalNames(TAC index:6):2 total references
MRU List(TAC index:0):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R222 25.02.2008
Internal build : 267
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 2598971 Bytes
Total size : 9471083 Bytes
Signature data size : 9414367 Bytes
Reference data size : 56204 Bytes
Signatures total : 240315
CSI Fingerprints total : 12660
CSI data size : 867173 Bytes
Target categories : 15
Target families : 1843


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:53 %
Total physical memory:1047220 kb
Available physical memory:553820 kb
Total page file size:2519904 kb
Available on page file:2007384 kb
Total virtual memory:2097024 kb
Available virtual memory:1988420 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Log Ad-Aware events
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include info about ignored objects in log file, if detected in scan
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include alternate data stream details in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


2-26-2008 8:33:57 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Steph\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-823518204-1645522239-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-823518204-1645522239-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-823518204-1645522239-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-823518204-1645522239-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-823518204-1645522239-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 2-26-2008 12:28:05 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 2-26-2008 12:28:08 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 2-26-2008 12:28:11 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 2-26-2008 12:28:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 2-26-2008 12:28:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 2-26-2008 12:28:12 AM
BasePriority : Normal
FileVersion : 6.14.10.4176
ProductVersion : 6.14.10.4176
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2007 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 2-26-2008 12:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 2-26-2008 12:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 984
ThreadCreationTime : 2-26-2008 12:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 2-26-2008 12:28:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 2-26-2008 12:28:13 AM
BasePriority : Normal
FileVersion : 6.14.10.4176
ProductVersion : 6.14.10.4176
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2007 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 2-26-2008 12:28:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1192
ThreadCreationTime : 2-26-2008 12:28:13 AM
BasePriority : Normal
FileVersion : 4, 7, 1098, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! Antivirus updating service
InternalName : aswUpdSv.exe
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswUpdSv.exe

#:14 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1304
ThreadCreationTime : 2-26-2008 12:28:14 AM
BasePriority : High
FileVersion : 4, 7, 1098, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1376
ThreadCreationTime : 2-26-2008 12:28:14 AM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 2-26-2008 12:28:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1628
ThreadCreationTime : 2-26-2008 12:28:19 AM
BasePriority : Normal
FileVersion : 1, 0, 1, 1
ProductVersion : 1, 0, 1, 1
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002-03
OriginalFilename : CtHelper.EXE

#:18 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1636
ThreadCreationTime : 2-26-2008 12:28:19 AM
BasePriority : Normal
FileVersion : 4, 7, 1098, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswDisp.exe

#:19 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1644
ThreadCreationTime : 2-26-2008 12:28:19 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe

#:20 [cpf.exe]
FilePath : C:\Program Files\Comodo\Firewall\
ProcessID : 1656
ThreadCreationTime : 2-26-2008 12:28:20 AM
BasePriority : Normal
FileVersion : 2.4.0.58
ProductVersion : 2.4.0.0
ProductName : COMODO Firewall Pro
CompanyName : COMODO
FileDescription : COMODO Firewall Pro
InternalName : cpf.exe
LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved
OriginalFilename : cpf.exe

#:21 [pg2.exe]
FilePath : C:\Program Files\PeerGuardian2\
ProcessID : 1664
ThreadCreationTime : 2-26-2008 12:28:20 AM
BasePriority : Normal
FileVersion : 1, 0, 6, 4
ProductVersion : 2, 0, 6, 4
ProductName : PeerGuardian 2
CompanyName : Methlabs
FileDescription : PeerGuardian 2
InternalName : PG2
LegalCopyright : Copyright © 2004-2005 Cory Nelson
OriginalFilename : pg2.exe
Comments : http://peerguardian.sourceforge.net

#:22 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 1676
ThreadCreationTime : 2-26-2008 12:28:20 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:23 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 1684
ThreadCreationTime : 2-26-2008 12:28:20 AM
BasePriority : Idle
FileVersion : 1, 5, 2, 16
ProductVersion : 1, 5, 2, 0
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:24 [setpoint.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 1720
ThreadCreationTime : 2-26-2008 12:28:21 AM
BasePriority : Normal
FileVersion : 4.00.121
ProductVersion : 4.00.121
ProductName : Logitech SetPoint
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint Event Manager (UNICODE)
InternalName : SetPoint
LegalCopyright : © 1998-2007 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
OriginalFilename : SetPoint.exe
Comments : Created by the Productivity Software team

#:25 [khalmnpr.exe]
FilePath : C:\Program Files\Common Files\Logitech\KhalShared\
ProcessID : 1880
ThreadCreationTime : 2-26-2008 12:28:27 AM
BasePriority : Normal
FileVersion : 4.00.101
ProductVersion : 4.00.101
ProductName : Logitech SetPoint
CompanyName : Logitech Inc.
FileDescription : Logitech KHAL Main Process
InternalName : KHAL
LegalCopyright : © 1998-2007 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.EXE
Comments : Created by the Productivity Software team

#:26 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 268
ThreadCreationTime : 2-26-2008 12:28:33 AM
BasePriority : Normal
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe

#:27 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 296
ThreadCreationTime : 2-26-2008 12:28:33 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 22
ProductVersion : 7, 5, 1, 22
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : guard.exe

#:28 [cmdagent.exe]
FilePath : C:\Program Files\Comodo\Firewall\
ProcessID : 312
ThreadCreationTime : 2-26-2008 12:28:33 AM
BasePriority : Normal
FileVersion : 2.4.0.20
ProductVersion : 2.4.0.1
ProductName : Comodo Firewall
CompanyName : COMODO
FileDescription : Comodo Agent Service
InternalName : cmdagent
LegalCopyright : Copyright © 2005-2007 COMODO ®. All rights reserved
LegalTrademarks : Copyright © 2005-2007 COMODO ®. All rights reserved
OriginalFilename : cmdagent.exe

#:29 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 2-26-2008 12:28:54 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:30 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 2-26-2008 12:29:03 AM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 2-26-2008 12:29:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 2-26-2008 12:29:05 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:33 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2288
ThreadCreationTime : 2-26-2008 12:29:14 AM
BasePriority : Normal


#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2672
ThreadCreationTime : 2-26-2008 12:29:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2896
ThreadCreationTime : 2-26-2008 12:29:57 AM
BasePriority : Normal


#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3228
ThreadCreationTime : 2-26-2008 12:33:36 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.DigitalNames Object Recognized!
Type : File
Data : mpclauncher.exe
TAC Rating : 6
Category : Adware
Comment :
Object : C:\Program Files\Real Alternative\
FileVersion : 51.46.0.0
ProductVersion : 0.0.0.0
ProductName : Inno Setup
FileDescription : Setup/Uninstall
LegalCopyright : Copyright © 1997-2007 Jordan Russell. Portions Copyright © 2000-2007 Martijn Laan.


Adware.DigitalNames Object Recognized!
Type : File
Data : settings.exe
TAC Rating : 6
Category : Adware
Comment :
Object : C:\Program Files\Real Alternative\
FileVersion : 51.46.0.0
ProductVersion : 0.0.0.0
ProductName : Inno Setup
FileDescription : Setup/Uninstall
LegalCopyright : Copyright © 1997-2007 Jordan Russell. Portions Copyright © 2000-2007 Martijn Laan.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
16759 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

8:46:06 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:08.891
Objects scanned:227814
Objects identified:2
Objects ignored:0
New critical objects:2

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:24 AM

Posted 06 March 2008 - 12:49 PM

Hello brevmita and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

What AdAware is finding is part of Real Alternative (a Real player alternatinve that allows you to play Real media files without installing the Real Player). Being a free software, it includes an advertising component. It is not harmful but if it is not wanted simply uninstall it and it will be gone.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 brevmita

brevmita
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 07 March 2008 - 01:01 PM

Thank you. This is good news for me because this would mean that my current security setup is still working and I don't have to change or try any new software. Again thank you for taking the time to look at my log files. Bye for now.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:24 AM

Posted 08 March 2008 - 06:53 AM

You are very welcome brevmita, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users