Scan initialized on 2004-09-04 10:16:34 ======================================== Started memory scan ==================== Running processes: 1: \SystemRoot\System32\smss.exe 2: \??\C:\WINNT\system32\csrss.exe 3: \??\C:\WINNT\system32\winlogon.exe 4: C:\WINNT\system32\services.exe 5: C:\WINNT\system32\lsass.exe 6: C:\WINNT\system32\svchost.exe 7: C:\WINNT\system32\spoolsv.exe 8: C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe 9: C:\WINNT\system32\drivers\CDAC11BA.EXE 10: C:\WINNT\system32\drivers\dcfssvc.exe 11: C:\WINNT\System32\svchost.exe 12: C:\WINNT\system32\hidserv.exe 13: C:\WINNT\system32\nvsvc32.exe 14: C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe 15: C:\WINNT\system32\regsvc.exe 16: C:\WINNT\system32\MSTask.exe 17: C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe 18: C:\WINNT\System32\tcpsvcs.exe 19: C:\WINNT\system32\Smartscaps.exe 20: C:\WINNT\System32\snmp.exe 21: C:\WINNT\system32\stisvc.exe 22: C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe 23: C:\WINNT\system32\svchost.exe 24: C:\WINNT\System32\svchost.exe 25: C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe 26: C:\WINNT\System32\WBEM\WinMgmt.exe 27: C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe 28: C:\WINNT\System32\SCardSvr.exe 29: C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe 30: C:\WINNT\Explorer.EXE 31: C:\WINNT\system32\RUNDLL32.EXE 32: C:\Program Files\DELL\AccessDirect\dadapp.exe 33: C:\WINNT\system32\PRPCUI.exe 34: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 35: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 36: C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe 37: C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe 38: C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe 39: C:\iclogin1.2.exe 40: C:\Program Files\Real\RealPlayer\RealPlay.exe 41: C:\Program Files\QuickTime\qttask.exe 42: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe 43: C:\Program Files\SpyKiller\spykiller.exe 44: C:\Program Files\BestPopUpKiller\BestPopupKiller.exe 45: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe 46: C:\Program Files\C Technologies\C-Pen 10\CPen10.exe 47: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe 48: C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe 49: C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe 50: C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe Memory scan result: Total modules found:50 Suspicious modules found: 0 Started registry scan ==================== PCWeasel HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{917623D1-D8E5-11D2-BE8B-00104B06BDE3}\Contains\Files----C:\WINNT\Downloaded Program Files\ijl11.dll SEVERE - PC Weasel WinGuardian HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\348AD777E94C4D118BA80005B820A215--C?\Program Files\McAfee\McAfee VirusScan\Res00\WebScanX.dll--48DFEA78D0CB4D118B580005B820A215 SEVERE - Webroot Software Inc. WinGuardian HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5EE7FDF474F842F46B5445DE0D77DEF7--C:\Program Files\McAfee\McAfee VirusScan\WebScanX.exe--48DFEA78D0CB4D118B580005B820A215 SEVERE - Webroot Software Inc. WebHancer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8ABB3AD57CC65D112852000B0DB2A83C--C?\WINNT\System32\sporder.dll--097BF0E917953F141A3CC19F1E35FFA2 SEVERE - WebHancer Blazing Tools Perfect Keylogger HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB222D37B6F14D117A88000972BA5A0D--C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\udfrinst.exe--8CA7F906015C4D117A88000972BA5A0D SEVERE - BlazingTools Software Iambigbrother HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E38AD777E94C4D118BA80005B820A215--C?\Program Files\McAfee\McAfee VirusScan\Res00\Vshwin32.dll--48DFEA78D0CB4D118B580005B820A215 SEVERE - Tybee Software Inc. EmployeeWatcher HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-220523388-152049171-854245398-1000\Components\CB2D9695830457043A8E224A45603B2B--C:\Program Files\are\Start.exe--CFA2C486878CFCD43BE58BF86EBBB031 SEVERE - UserFriendlyProducts, Inc. WebHancer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--C:\WINNT\System32\sporder.dll SEVERE - WebHancer Iambigbrother HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--C:\Program Files\McAfee\McAfee VirusScan\Res00\Vshwin32.dll SEVERE - Tybee Software Inc. WinGuardian HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--C:\Program Files\McAfee\McAfee VirusScan\Res00\WebScanX.dll SEVERE - Webroot Software Inc. PCWeasel HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--C:\WINNT\Downloaded Program Files\ijl11.dll SEVERE - PC Weasel Registry scan result: Suspicious keys found: 11 Started folder scan ==================== Folder scan result: Folder processed: 0 Suspicious folders found: 0 Started file scan ==================== CoolWebSearch Variant C:\WINNT\wmsetup.log SEVERE - CoolWebSearch Variant FlashTrack C:\Program Files\Autodesk Architectural Desktop 2004\flt.dll SEVERE - FlashTrack File scan result: Suspicious files found: 15 Scanning finished ==================== Suspicious modules found: 0 Suspicious keys found: 11 Suspicious folders found: 0 Suspicious files found: 15 ==================== Components ignored:0 Total components found:26