Here it is:


Ad-Aware SE Build 1.05
Logfile Created on:donderdag 12 mei 2005 16:49:00
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):5 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):30 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:22 %
Total physical memory:196080 kb
Available physical memory:41380 kb
Total page file size:366260 kb
Available on page file:109860 kb
Total virtual memory:2097024 kb
Available virtual memory:2042100 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


12-5-2005 16:49:00 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 488
ThreadCreationTime : 12-5-2005 13:14:50
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 12-5-2005 13:14:51
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 560
ThreadCreationTime : 12-5-2005 13:14:52
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 12-5-2005 13:14:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 12-5-2005 13:14:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 768
ThreadCreationTime : 12-5-2005 13:14:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 828
ThreadCreationTime : 12-5-2005 13:14:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 916
ThreadCreationTime : 12-5-2005 13:14:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 12-5-2005 13:14:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1084
ThreadCreationTime : 12-5-2005 13:14:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1280
ThreadCreationTime : 12-5-2005 13:14:58
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1324
ThreadCreationTime : 12-5-2005 13:14:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1332
ThreadCreationTime : 12-5-2005 13:14:59
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1620
ThreadCreationTime : 12-5-2005 13:15:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:15 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
ProcessID : 1764
ThreadCreationTime : 12-5-2005 13:15:07
BasePriority : Normal
FileVersion : 4.20.020
ProductVersion : 4.20.020 Windows NT 2002/12/10
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:16 [fsgk32st.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
ProcessID : 1804
ThreadCreationTime : 12-5-2005 13:15:07
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler

#:17 [fsm32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSM32.EXE
Command Line : "C:\PROGRAM FILES\F-SECURE\COMMON\FSM32.EXE" /SPLASH
ProcessID : 1824
ThreadCreationTime : 12-5-2005 13:15:07
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE

#:18 [fsgk32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
Command Line : "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" /service /stopevent=28
ProcessID : 1836
ThreadCreationTime : 12-5-2005 13:15:07
BasePriority : Normal
FileVersion : 5, 40, 8480, 0
ProductVersion : 5, 40, 8480, 0
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2002
OriginalFilename : fsgk32.exe

#:19 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1852
ThreadCreationTime : 12-5-2005 13:15:07
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:20 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 1924
ThreadCreationTime : 12-5-2005 13:15:08
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1940
ThreadCreationTime : 12-5-2005 13:15:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1960
ThreadCreationTime : 12-5-2005 13:15:09
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [fssm32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" 3 1836 1832 1828
ProcessID : 1980
ThreadCreationTime : 12-5-2005 13:15:09
BasePriority : Normal
FileVersion : 5, 40, 8480, 0
ProductVersion : 5, 40, 8480, 0
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2002
OriginalFilename : fssm32.exe
Comments : F-Secure Scanner Manager

#:24 [vcssecs.exe]
ModuleName : C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Command Line : "C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe"
ProcessID : 2000
ThreadCreationTime : 12-5-2005 13:15:09
BasePriority : Normal
FileVersion : 4, 3, 0, 1
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Security Service
InternalName : VCSSecS
LegalCopyright : Copyright © 2001 by H+H Software GmbH
OriginalFilename : VCSSecS.exe

#:25 [fsma32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMA32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FSMA32.EXE"
ProcessID : 184
ThreadCreationTime : 12-5-2005 13:15:09
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE

#:26 [fsmb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMB32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.23
ProcessID : 408
ThreadCreationTime : 12-5-2005 13:15:10
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE

#:27 [fch32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FCH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.15
ProcessID : 508
ThreadCreationTime : 12-5-2005 13:15:11
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE

#:28 [fameh32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FAMEH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.18
ProcessID : 872
ThreadCreationTime : 12-5-2005 13:15:12
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE

#:29 [fnrb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FNRB32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FNRB32.EXE"
ProcessID : 1152
ThreadCreationTime : 12-5-2005 13:15:27
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE

#:30 [fih32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FIH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.20
ProcessID : 2220
ThreadCreationTime : 12-5-2005 13:15:57
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE

#:31 [fsav32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
Command Line : 1.3.6.1.4.1.2213.12
ProcessID : 2288
ThreadCreationTime : 12-5-2005 13:15:58
BasePriority : Normal
FileVersion : 5.41.8450
ProductVersion : 5.41.8450
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2002, F-Secure Corporation
OriginalFilename : FSAV32.exe

#:32 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2612
ThreadCreationTime : 12-5-2005 13:16:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [btdownloadgui.exe]
ModuleName : C:\Program Files\BitTornado\btdownloadgui.exe
Command Line : "C:\Program Files\BitTornado\btdownloadgui.exe" --responsefile "C:\Documents and Settings\Sammie\Local Settings\Temporary Internet Files\Content.IE5\AXX5K4ZS\Lost.S01E22.HDTV.XviD-LOL[1].torrent"
ProcessID : 3240
ThreadCreationTime : 12-5-2005 14:27:40
BasePriority : Normal


#:34 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
ProcessID : 1368
ThreadCreationTime : 12-5-2005 14:31:10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : IEXPLORE.EXE

#:35 [winamp.exe]
ModuleName : C:\Program Files\Winamp\winamp.exe
Command Line : "C:\Program Files\Winamp\winamp.exe"
ProcessID : 3180
ThreadCreationTime : 12-5-2005 14:39:11
BasePriority : Normal
FileVersion : 5.05
ProductVersion : 5.05
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2004, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.

#:36 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 896
ThreadCreationTime : 12-5-2005 14:42:47
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUL3a5stSSChckin

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sammie@adserver.adremedy[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:sammie@adserver.adremedy.com/
Expires : 10-5-2015 16:28:24
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sammie@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:sammie@maxserving.com/
Expires : 10-5-2015 16:27:40
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sammie@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:sammie@jcdcover.cjt1.net/HTM/751/0
Expires : 12-5-2006 16:17:10
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sammie@0[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:sammie@j.2004cms.com/HTM/751/0
Expires : 12-5-2006 16:17:12
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 34



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gast@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Gast\Cookies\gast@atdmt[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 35




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 36

17:16:01 Scan Complete

Summary Of This Scan






//

Hope someone can help me :-\
Thanks in advance!

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

I did as was told above (thank you very much btw). Ran Ad-Aware on Safe Mode (deleted the stuff that came out of it) and then after rebooting on Normal Mode as well, without being connected to the internet. Then, while scanning, my ant-virus (F-secure) popped up saying that I have Trojan.Win32.Agent.cp virus in the C:\System Volume Information\restory...A0043791.exe . I deleted this and continued the scan.

Now I'm connected to the internet and my anti-virus popped up again with the message of having the same Trojan virus in C:\Windows.System32.Poller.exe

With this said, here follows my log file:

--------------------------------------



Ad-Aware SE Build 1.05
Logfile Created on:vrijdag 13 mei 2005 0:47:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
VX2(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:13 %
Total physical memory:196080 kb
Available physical memory:24792 kb
Total page file size:366260 kb
Available on page file:184928 kb
Total virtual memory:2097024 kb
Available virtual memory:2042560 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


13-5-2005 0:47:50 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 472
ThreadCreationTime : 12-5-2005 22:45:26
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 12-5-2005 22:45:28
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 560
ThreadCreationTime : 12-5-2005 22:45:29
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 12-5-2005 22:45:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 12-5-2005 22:45:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 768
ThreadCreationTime : 12-5-2005 22:45:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 12-5-2005 22:45:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 852
ThreadCreationTime : 12-5-2005 22:45:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 900
ThreadCreationTime : 12-5-2005 22:45:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 964
ThreadCreationTime : 12-5-2005 22:45:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1152
ThreadCreationTime : 12-5-2005 22:45:37
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1188
ThreadCreationTime : 12-5-2005 22:45:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1196
ThreadCreationTime : 12-5-2005 22:45:38
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [cdac11ba.exe]
ModuleName : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Command Line : C:\WINDOWS\system32\drivers\CDAC11BA.EXE
ProcessID : 1336
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 4.20.020
ProductVersion : 4.20.020 Windows NT 2002/12/10
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:15 [fsgk32st.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
ProcessID : 1368
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler

#:16 [fsgk32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
Command Line : "C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE" /service /stopevent=28
ProcessID : 1392
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 5, 40, 8480, 0
ProductVersion : 5, 40, 8480, 0
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2002
OriginalFilename : fsgk32.exe

#:17 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 1440
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:18 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1460
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1476
ThreadCreationTime : 12-5-2005 22:45:39
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [fssm32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
Command Line : "C:\Program Files\F-Secure\Anti-Virus\fssm32.exe" 3 1836 1832 1828
ProcessID : 1496
ThreadCreationTime : 12-5-2005 22:45:40
BasePriority : Normal
FileVersion : 5, 40, 8480, 0
ProductVersion : 5, 40, 8480, 0
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2002
OriginalFilename : fssm32.exe
Comments : F-Secure Scanner Manager

#:21 [vcssecs.exe]
ModuleName : C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Command Line : "C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe"
ProcessID : 1516
ThreadCreationTime : 12-5-2005 22:45:40
BasePriority : Normal
FileVersion : 4, 3, 0, 1
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Security Service
InternalName : VCSSecS
LegalCopyright : Copyright © 2001 by H+H Software GmbH
OriginalFilename : VCSSecS.exe

#:22 [fsma32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMA32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FSMA32.EXE"
ProcessID : 1584
ThreadCreationTime : 12-5-2005 22:45:40
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE

#:23 [fsmb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSMB32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.23
ProcessID : 1748
ThreadCreationTime : 12-5-2005 22:45:40
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE

#:24 [fch32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FCH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.15
ProcessID : 1816
ThreadCreationTime : 12-5-2005 22:45:42
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE

#:25 [fameh32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FAMEH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.18
ProcessID : 1908
ThreadCreationTime : 12-5-2005 22:45:43
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE

#:26 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 252
ThreadCreationTime : 12-5-2005 22:45:46
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:27 [fnrb32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FNRB32.EXE
Command Line : "C:\Program Files\F-Secure\Common\FNRB32.EXE"
ProcessID : 344
ThreadCreationTime : 12-5-2005 22:45:49
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE

#:28 [fsav32.exe]
ModuleName : C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
Command Line : 1.3.6.1.4.1.2213.12
ProcessID : 520
ThreadCreationTime : 12-5-2005 22:45:57
BasePriority : Normal
FileVersion : 5.41.8450
ProductVersion : 5.41.8450
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2002, F-Secure Corporation
OriginalFilename : FSAV32.exe

#:29 [fih32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FIH32.EXE
Command Line : 1.3.6.1.4.1.2213.11.1.20
ProcessID : 284
ThreadCreationTime : 12-5-2005 22:45:57
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE

#:30 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2052
ThreadCreationTime : 12-5-2005 22:46:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [fsm32.exe]
ModuleName : C:\Program Files\F-Secure\Common\FSM32.EXE
Command Line : "C:\PROGRAM FILES\F-SECURE\COMMON\FSM32.EXE" /SPLASH
ProcessID : 2120
ThreadCreationTime : 12-5-2005 22:46:12
BasePriority : Normal
FileVersion : 5.00.5420
ProductVersion : 5.00 Build 5420
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2002 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE

#:32 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2256
ThreadCreationTime : 12-5-2005 22:46:22
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:33 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[354]SUSDSa76b0329109d684381d0e81f906a998d
ProcessID : 2372
ThreadCreationTime : 12-5-2005 22:46:48
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:34 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2692
ThreadCreationTime : 12-5-2005 22:47:19
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2005823831-2065252687-3608660013-1005\software\aurora
Value : AUC3n5tFyl

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 20




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20

1:03:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Anyone?