Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Pop-ups driving me crazy! I need help.[RESOLVED]


  • This topic is locked This topic is locked

#1
Gattsryu

Gattsryu

    New Member

  • Member
  • Pip
  • 8 posts
UURGGHH! Last night I started getting all sorts of pop-ups. Some of them are browser pop-ups most of them are from "Aurora" I have run Ad-aware SE, Norton Anti Virus, Spybot SD and none of it seems to be fixing the problem. This is my first post on this site and after I registered it was recommended that I post a Ad-aware log first, so here it is.
-----------------------------------------------------------------------------------------------

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 7:12:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:27 %
Total physical memory:514124 kb
Available physical memory:134064 kb
Total page file size:1258048 kb
Available on page file:917396 kb
Total virtual memory:2097024 kb
Available virtual memory:2032476 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write protect system files after repair (Hosts file etc.)
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include Module list in log file
Set : Include Alternate Datastream details in log file
Set : Snap windows to desktop borders
Set : Play sound at scan completion if scan locates critical objects


5-2-2005 7:12:45 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 648
ThreadCreationTime : 5-1-2005 8:04:20 AM
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 696
ThreadCreationTime : 5-1-2005 8:04:21 AM
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 720
ThreadCreationTime : 5-1-2005 8:04:21 AM
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\serwvdrv.dll...
Scanning Module:C:\WINDOWS\system32\umdmxfrm.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\system32\wbem\fastprox.dll...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\igfxsrvc.dll...
Scanning Module:C:\WINDOWS\system32\hccutils.DLL...
Scanning Module:C:\WINDOWS\system32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rasman.dll...
Scanning Module:C:\WINDOWS\system32\TAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rtutils.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 764
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 776
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 944
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1012
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1108
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\hidserv.dll...
Scanning Module:c:\windows\system32\HID.DLL...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:C:\WINDOWS\system32\upnp.dll...
Scanning Module:C:\WINDOWS\system32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\msi.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\system32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\system32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\system32\msxml3.dll...
Scanning Module:C:\WINDOWS\System32\cryptnet.dll...
Scanning Module:C:\WINDOWS\System32\SensApi.dll...
Scanning Module:c:\windows\system32\appmgmts.dll...

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1204
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1308
ThreadCreationTime : 5-1-2005 8:04:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1368
ThreadCreationTime : 5-1-2005 8:04:23 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccL30.dll...
Scanning Module:C:\WINDOWS\system32\DBGHELP.DLL...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll...

#:12 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1388
ThreadCreationTime : 5-1-2005 8:04:23 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe...
Scanning Module:C:\WINDOWS\system32\SymNeti.DLL...

#:13 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1476
ThreadCreationTime : 5-1-2005 8:04:23 AM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSet.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll...

#:14 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1540
ThreadCreationTime : 5-1-2005 8:04:24 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVEVENT.DLL...

#:15 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1736
ThreadCreationTime : 5-1-2005 8:04:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\dlbxlmpm.DLL...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlbxPP5C.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxPrint2000.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...
Scanning Module:C:\WINDOWS\system32\DrPMon.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxUI5C.DLL...
Scanning Module:C:\WINDOWS\system32\mscms.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxSTRN.DLL...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxDR5C.DLL...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxPCFG.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxcfg.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxHPEC.DLL...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbxflib.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcomc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxpplc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxprox.dll...

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2040
ThreadCreationTime : 5-1-2005 8:04:29 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\system32\themeui.dll...
Scanning Module:C:\WINDOWS\system32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\system32\actxprxy.dll...
Scanning Module:C:\PROGRA~1\WINDOW~2\wmpband.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\shellextension.dll...
Scanning Module:C:\WINDOWS\system32\webcheck.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll...
Scanning Module:C:\WINDOWS\system32\stobject.dll...
Scanning Module:C:\WINDOWS\system32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\browselc.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll...
Scanning Module:C:\WINDOWS\system32\ATL71.DLL...
Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll...
Scanning Module:C:\Program Files\Spybot - Search & Destroy\SDHelper.dll...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\DUSER.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...
Scanning Module:C:\WINDOWS\system32\shdoclc.dll...
Scanning Module:C:\PROGRA~1\WINZIP\WZSHLSTB.DLL...
Scanning Module:C:\Program Files\PowerArchiver\PASHLEXT.DLL...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\NDRVEX.DLL...
Scanning Module:C:\WINDOWS\system32\mydocs.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\WINDOWS\system32\wmploc.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll...
Scanning Module:c:\windows\system32\jscript.dll...
Scanning Module:C:\WINDOWS\system32\wmvcore.dll...
Scanning Module:C:\WINDOWS\system32\WMASF.DLL...
Scanning Module:C:\WINDOWS\system32\msdmo.dll...
Scanning Module:C:\WINDOWS\system32\wmpshell.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll...
Scanning Module:C:\WINDOWS\system32\mlang.dll...
Scanning Module:C:\WINDOWS\system32\xpsp1res.dll...
Scanning Module:C:\WINDOWS\system32\igfxpph.dll...
Scanning Module:C:\WINDOWS\system32\igfxres.dll...
Scanning Module:C:\WINDOWS\system32\igfxdev.dll...
Scanning Module:C:\WINDOWS\system32\igfxress.dll...
Scanning Module:C:\WINDOWS\system32\CFGMGR32.dll...
Scanning Module:C:\WINDOWS\system32\OLEACC.DLL...
Scanning Module:C:\WINDOWS\system32\printui.dll...
Scanning Module:C:\WINDOWS\system32\mshtml.dll...
Scanning Module:C:\WINDOWS\system32\msls31.dll...
Scanning Module:c:\windows\system32\vbscript.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\WINDOWS\system32\DDRAW.dll...
Scanning Module:C:\WINDOWS\system32\DCIMAN32.dll...
Scanning Module:C:\WINDOWS\system32\ImgUtil.dll...
Scanning Module:C:\WINDOWS\Bolger.dll...

#:17 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 260
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
Scanning Module:C:\WINDOWS\system32\hkcmd.exe...
Scanning Module:C:\WINDOWS\system32\igfxhk.dll...

#:18 [dlbxmon.exe]
ModuleName : C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
Command Line : "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
ProcessID : 268
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxscw.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcfg.dll...

#:19 [msgplus.exe]
ModuleName : C:\Program Files\MessengerPlus! 3\MsgPlus.exe
Command Line : "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ProcessID : 292
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal

Scanning Module:C:\Program Files\MessengerPlus! 3\MsgPlus.exe...

#:20 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
ProcessID : 308
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 1.4.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe...
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.crl...
Scanning Module:C:\Program Files\Creative\Shared Files\CTTheme.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CtrlSrc.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CTIniF.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\GDICtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\RTXCtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\mxlib.dll...

#:21 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\Rundll32.exe
Command Line : "C:\WINDOWS\system32\Rundll32.exe" P17.dll,P17Helper
ProcessID : 352
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\system32\Rundll32.exe...
Scanning Module:C:\WINDOWS\system32\P17.dll...
Scanning Module:C:\WINDOWS\system32\DSOUND.dll...
Scanning Module:C:\WINDOWS\system32\KsUser.dll...

#:22 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccApp.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\CCIMSCAN.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\DEFALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\IWP\IWP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVAPW32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\apwutil.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\SAVRT32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVOPTRF.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\STATUSHP.DLL...
Scanning Module:C:\WINDOWS\system32\SYMREDIR.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccProSub.dll...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVTasks.dll...
Scanning Module:C:\WINDOWS\system32\mstask.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVError.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\ccAVMail.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\SymFWAgt.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSCR.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\apwcmdnt.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccLogin.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\ccFWSetg.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVOpts.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\N32Exclu.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\S32NAVO.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL...

#:23 [taskswitch.exe]
ModuleName : C:\WINDOWS\system32\taskswitch.exe
Command Line : "C:\WINDOWS\system32\taskswitch.exe"
ProcessID : 424
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\taskswitch.exe...

#:24 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 456
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe...

#:25 [mnyexpr.exe]
ModuleName : C:\Program Files\Microsoft Money\System\mnyexpr.exe
Command Line : "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ProcessID : 472
ThreadCreationTime : 5-1-2005 8:04:30 AM
BasePriority : Normal
FileVersion : 12.00.0613
ProductVersion : 12.00.0613
ProductName : Microsoft® MSN Money Deluxe
CompanyName : Microsoft Corp.
FileDescription : Microsoft Money Express
InternalName : mnyexpr
LegalCopyright : Copyright © Microsoft Corporation
OriginalFilename : mnyexpr.exe
Scanning Module:C:\Program Files\Microsoft Money\System\mnyexpr.exe...
Scanning Module:C:\Program Files\Microsoft Money\System\mscofd.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnysl.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\ofdutil.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnyui.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mspfctl0.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnyxml.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\pfcplan.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnylog.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnyutil.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\Olshared.DLL...
Scanning Module:C:\Program Files\Microsoft Money\System\misstub.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnyadv.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\taxutil.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\mnycore.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\msofd.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\MSISAM10.dll...
Scanning Module:C:\Program Files\Microsoft Money\System\msuni10.dll...

#:26 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 552
ThreadCreationTime : 5-1-2005 8:04:31 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe
Scanning Module:C:\Program Files\Digital Line Detect\DLG.exe...
Scanning Module:C:\Program Files\Digital Line Detect\BVRPDIAG.dll...
Scanning Module:C:\WINDOWS\system32\MdmXSdk.dll...

#:27 [ctsvccda.exe]
ModuleName : C:\WINDOWS\system32\CTsvcCDA.EXE
Command Line : C:\WINDOWS\system32\CTsvcCDA.EXE
ProcessID : 1140
ThreadCreationTime : 5-1-2005 8:04:32 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
Scanning Module:C:\WINDOWS\system32\CTsvcCDA.EXE...

#:28 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1240
ThreadCreationTime : 5-1-2005 8:04:32 AM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT32.DLL...

#:29 [npfmntor.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1344
ThreadCreationTime : 5-1-2005 8:04:32 AM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe...

#:30 [nprotect.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
Command Line : n/a
ProcessID : 1416
ThreadCreationTime : 5-1-2005 8:04:33 AM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NUMISC.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32KRNLL.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32UTILL.DLL...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\NPComSvr.DLL...

#:31 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Command Line : n/a
ProcessID : 2176
ThreadCreationTime : 5-1-2005 8:04:36 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\SDException.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SDOptions.dll...

#:32 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 2232
ThreadCreationTime : 5-1-2005 8:04:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:C:\WINDOWS\system32\WIAFBDRV.DLL...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxdrs.dll...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll...
Scanning Module:C:\WINDOWS\system32\sti.dll...

#:33 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 2272
ThreadCreationTime : 5-1-2005 8:04:36 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll...

#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 2304
ThreadCreationTime : 5-1-2005 8:04:36 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:35 [mspmspsv.exe]
ModuleName : C:\WINDOWS\system32\MsPMSPSv.exe
Command Line : C:\WINDOWS\system32\MsPMSPSv.exe
ProcessID : 2336
ThreadCreationTime : 5-1-2005 8:04:36 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
Scanning Module:C:\WINDOWS\system32\MsPMSPSv.exe...

#:36 [dlbxcoms.exe]
ModuleName : C:\WINDOWS\system32\dlbxcoms.exe
Command Line : C:\WINDOWS\system32\dlbxcoms.exe -service
ProcessID : 2572
ThreadCreationTime : 5-1-2005 8:04:41 AM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe
Scanning Module:C:\WINDOWS\system32\dlbxcoms.exe...
Scanning Module:C:\WINDOWS\system32\dlbxserv.dll...
Scanning Module:C:\WINDOWS\system32\dlbxusb1.dll...

#:37 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3124
ThreadCreationTime : 5-1-2005 8:04:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:38 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3104
ThreadCreationTime : 5-1-2005 8:09:33 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Scanning Module:C:\Program Files\Messenger\msmsgs.exe...
Scanning Module:C:\WINDOWS\system32\XPOB2RES.DLL...

#:39 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe"
ProcessID : 3512
ThreadCreationTime : 5-1-2005 8:09:55 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
Scanning Module:C:\Program Files\MSN Messenger\msnmsgr.exe...
Scanning Module:C:\Program Files\MSN Messenger\MSGSLANG.DLL...
Scanning Module:C:\Program Files\MSN Messenger\custsat.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\MsgPlusH.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\Resources\MsgPlusRes.dll...
Scanning Module:C:\WINDOWS\system32\Riched20.dll...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\Program Files\MessengerPlus! 3\Plugins\spellchecker.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\Plugins\FileServer.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\RichEdHook.dll...
Scanning Module:C:\WINDOWS\system32\devenum.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\libsndfile.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\lame_enc.dll...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\Ink\inkobj.dll...
Scanning Module:C:\WINDOWS\system32\USP10.dll...
Scanning Module:C:\Program Files\MessengerPlus! 3\Plugins\msnhandwriting.dll...

#:40 [dcbmkd.exe]
ModuleName : c:\windows\system32\dcbmkd.exe
Command Line : "c:\windows\system32\dcbmkd.exe" ahbnjdy
ProcessID : 3668
ThreadCreationTime : 5-2-2005 9:56:20 PM
BasePriority : Normal
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello there

Please could you complete your current logfile

Please could you find the rest of your logfile and complete posting it here.
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Opps, sorry. Here is part 2 of the log as requested
_________________________________________

FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Scanning Module:c:\windows\system32\dcbmkd.exe...

#:41 [firefox.exe]
ModuleName : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
Command Line : "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE"
ProcessID : 288
ThreadCreationTime : 5-2-2005 10:37:45 PM
BasePriority : Normal

Scanning Module:C:\PROGRA~1\MOZILL~1\FIREFOX.EXE...
Scanning Module:C:\PROGRA~1\MOZILL~1\js3250.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\nspr4.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\xpcom.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\plc4.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\plds4.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\smime3.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\nss3.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\softokn3.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\ssl3.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\xpcom_compat.dll...
Scanning Module:C:\WINDOWS\system32\msimtf.dll...
Scanning Module:C:\WINDOWS\system32\MSCTF.dll...
Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\NPOJI610.dll...
Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jpioji.dll...
Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jpinscp.dll...
Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jpishare.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\components\jar50.dll...
Scanning Module:C:\PROGRA~1\MOZILL~1\nssckbi.dll...
Scanning Module:C:\Program Files\SpywareGuard\spywareguard.dll...

#:42 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 3552
ThreadCreationTime : 5-2-2005 10:45:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
Scanning Module:C:\WINDOWS\system32\ntvdm.exe...
Scanning Module:C:\PROGRA~1\Symantec\S32EVNT1.DLL...
Scanning Module:C:\WINDOWS\system32\NTVDMD.DLL...
Scanning Module:C:\WINDOWS\system32\WOW32.dll...
Scanning Module:C:\WINDOWS\system32\tsappcmp.dll...

#:43 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\DOCUMENTS AND SETTINGS\JUSTIN\DESKTOP\hijackthis.log
ProcessID : 2316
ThreadCreationTime : 5-2-2005 11:03:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
Scanning Module:C:\WINDOWS\system32\NOTEPAD.EXE...

#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1948
ThreadCreationTime : 5-2-2005 11:04:10 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New Critical Objects:0
Objects found so far: 1




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1

7:16:24 PM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:38.828
Objects scanned:90853
Objects identified:1
Objects ignored:0
New Critical Objects:1
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Let's start with scans..
Try these online virus scans here;
- Trend Micro
- Panda Activescan

Post the results here.

- Rawe :tazz:
  • 0

#5
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok. I used Trend Micro Housecall. Here are the results from that.
__________________________________________________________

TROJ_NAIL.A (1) - c:\WINDOWS\Nail.exe
TROJ_BUDDY.F (1) - c:\WINDOWS\hadeyfyggck.exe
TROJ_AGENT.ABS (1) - c:\WINDOWS\system32\rdlulj.exe

"Housecall" cannot "Clean" these files.
__________________________________________________________

After completion of virus scan from Panda Activescan I got this report:


Incident Status Location

Virus:Trj/Agent.PF Disinfected Operating system
Adware:Adware/Transponder No disinfected c:\windows\system32\rdlulj.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/Transponder No disinfected c:\windows\system32\rdlulj.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\Bolger.dll
Virus:Trj/Agent.PF Disinfected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\65CXGR01\DrPMon[1].dll
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\G7YZCR2X\Bolger[2].dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\GPGHMXUN\svcproc[1].exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\svcproc.exe
Virus:Trj/Agent.PF Disinfected C:\WINDOWS\system32\DrPMon.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\rdlulj.exe
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again.
Download Trojan Hunter <--- 30 days free trial.
Scan with it, remove anything it finds, reboot, post a fresh Ad-aware log..

- Rawe :tazz:
  • 0

#7
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I downloaded TrojanHunter4... ran it and came up with this log.
__________________________________________________________

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
Found trojan running in memory: c:\windows\system32\pegaav.exe,PID:1192(Agent.167)<--This file keeps deleting itself upon termination and renames randomly.
File scan
Found trojan file:C:\WINDOWS\Nail.exe (Adware.BetterInternet)<--Trojan Hunter says it renames it and deleted it. Keeps reappearing.
Found trojan file:C:\WINDOWS\system32\gndroon.exe (Agent.180)<--*
Found trojan file: C:\WINDOWS\system32\xqdpxn.exe (Agent.180)<--*
4 trojan files found
*These keep deleting after termination and also rename themselves randomly.
_________________________________________________________________

Ad-Aware Log...

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 11:01:53 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:53 %
Total physical memory:514124 kb
Available physical memory:269960 kb
Total page file size:1258112 kb
Available on page file:1020116 kb
Total virtual memory:2097024 kb
Available virtual memory:2046200 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write protect system files after repair (Hosts file etc.)
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include Module list in log file
Set : Include Alternate Datastream details in log file
Set : Snap windows to desktop borders
Set : Play sound at scan completion if scan locates critical objects


5-4-2005 11:01:53 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 648
ThreadCreationTime : 5-4-2005 2:59:26 PM
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 696
ThreadCreationTime : 5-4-2005 2:59:27 PM
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 720
ThreadCreationTime : 5-4-2005 2:59:27 PM
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\serwvdrv.dll...
Scanning Module:C:\WINDOWS\system32\umdmxfrm.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 764
ThreadCreationTime : 5-4-2005 2:59:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 776
ThreadCreationTime : 5-4-2005 2:59:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 944
ThreadCreationTime : 5-4-2005 2:59:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1012
ThreadCreationTime : 5-4-2005 2:59:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1108
ThreadCreationTime : 5-4-2005 2:59:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\rtutils.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\hidserv.dll...
Scanning Module:c:\windows\system32\HID.DLL...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:C:\WINDOWS\System32\msi.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemcomn.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\system32\upnp.dll...
Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:c:\windows\system32\rasmans.dll...
Scanning Module:c:\windows\system32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\system32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\system32\wups.dll...

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1232
ThreadCreationTime : 5-4-2005 2:59:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1304
ThreadCreationTime : 5-4-2005 2:59:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1364
ThreadCreationTime : 5-4-2005 2:59:29 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccL30.dll...
Scanning Module:C:\WINDOWS\system32\DBGHELP.DLL...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll...

#:12 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1388
ThreadCreationTime : 5-4-2005 2:59:30 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe...
Scanning Module:C:\WINDOWS\system32\SymNeti.DLL...

#:13 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1480
ThreadCreationTime : 5-4-2005 2:59:30 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSet.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll...

#:14 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1532
ThreadCreationTime : 5-4-2005 2:59:30 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVEVENT.DLL...

#:15 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1804
ThreadCreationTime : 5-4-2005 2:59:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\dlbxlmpm.DLL...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\system32\DrPMon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlbxPP5C.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 2036
ThreadCreationTime : 5-4-2005 2:59:35 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.exe...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\system32\themeui.dll...
Scanning Module:C:\WINDOWS\system32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\system32\actxprxy.dll...
Scanning Module:C:\PROGRA~1\WINDOW~2\wmpband.dll...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\shellextension.dll...
Scanning Module:C:\WINDOWS\system32\OLEACC.DLL...
Scanning Module:C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll...
Scanning Module:C:\Program Files\TrojanHunter 4.2\THSec.dll...
Scanning Module:C:\WINDOWS\system32\webcheck.dll...
Scanning Module:C:\WINDOWS\system32\stobject.dll...
Scanning Module:C:\WINDOWS\system32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll...
Scanning Module:C:\WINDOWS\system32\asfsipc.dll...
Scanning Module:C:\WINDOWS\system32\MSISIP.DLL...
Scanning Module:C:\WINDOWS\system32\wshext.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll...

#:17 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 336
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
Scanning Module:C:\WINDOWS\system32\hkcmd.exe...
Scanning Module:C:\WINDOWS\system32\hccutils.DLL...
Scanning Module:C:\WINDOWS\system32\igfxdev.dll...
Scanning Module:C:\WINDOWS\system32\igfxsrvc.dll...
Scanning Module:C:\WINDOWS\system32\igfxhk.dll...
Scanning Module:C:\WINDOWS\system32\igfxres.dll...

#:18 [dlbxmon.exe]
ModuleName : C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
Command Line : "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
ProcessID : 344
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxscw.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcfg.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcomc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxpplc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxprox.dll...

#:19 [msgplus.exe]
ModuleName : C:\Program Files\MessengerPlus! 3\MsgPlus.exe
Command Line : "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ProcessID : 364
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal

Scanning Module:C:\Program Files\MessengerPlus! 3\MsgPlus.exe...

#:20 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 404
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasServ.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...

#:21 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
ProcessID : 424
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 1.4.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe...
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.crl...
Scanning Module:C:\Program Files\Creative\Shared Files\CTTheme.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CtrlSrc.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CTIniF.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\GDICtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\RTXCtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\mxlib.dll...

#:22 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\Rundll32.exe
Command Line : "C:\WINDOWS\system32\Rundll32.exe" P17.dll,P17Helper
ProcessID : 436
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\system32\Rundll32.exe...
Scanning Module:C:\WINDOWS\system32\P17.dll...
Scanning Module:C:\WINDOWS\system32\DSOUND.dll...

#:23 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccApp.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\CCIMSCAN.DLL...
Scanning Module:C:\WINDOWS\system32\ATL71.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\DEFALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\IWP\IWP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVAPW32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\apwutil.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\SAVRT32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVOPTRF.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\STATUSHP.DLL...
Scanning Module:C:\WINDOWS\system32\SYMREDIR.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVTasks.dll...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL...
Scanning Module:C:\WINDOWS\system32\mstask.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccProSub.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVError.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\ccAVMail.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\apwcmdnt.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSCR.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\SymFWAgt.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccLogin.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\ccFWSetg.dll...

#:24 [taskswitch.exe]
ModuleName : C:\WINDOWS\system32\taskswitch.exe
Command Line : "C:\WINDOWS\system32\taskswitch.exe"
ProcessID : 476
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\taskswitch.exe...

#:25 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 508
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe...

#:26 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 556
ThreadCreationTime : 5-4-2005 2:59:36 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe...
Scanning Module:C:\WINDOWS\system32\GCCollection.dll...
Scanning Module:C:\WINDOWS\system32\hashlib.dll...

#:27 [ctsvccda.exe]
ModuleName : C:\WINDOWS\system32\CTsvcCDA.EXE
Command Line : C:\WINDOWS\system32\CTsvcCDA.EXE
ProcessID : 1076
ThreadCreationTime : 5-4-2005 2:59:38 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
Scanning Module:C:\WINDOWS\system32\CTsvcCDA.EXE...

#:28 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1208
ThreadCreationTime : 5-4-2005 2:59:38 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT32.DLL...

#:29 [npfmntor.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1916
ThreadCreationTime : 5-4-2005 2:59:42 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe...

#:30 [nprotect.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
Command Line : n/a
ProcessID : 2068
ThreadCreationTime : 5-4-2005 2:59:42 PM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NUMISC.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32KRNLL.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32UTILL.DLL...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\NPComSvr.DLL...

#:31 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Command Line : n/a
ProcessID : 2228
ThreadCreationTime : 5-4-2005 2:59:42 PM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\SDException.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SDOptions.dll...

#:32 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 2284
ThreadCreationTime : 5-4-2005 2:59:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\system32\WIAFBDRV.DLL...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxdrs.dll...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll...

#:33 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 2380
ThreadCreationTime : 5-4-2005 2:59:43 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll...

#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 2408
ThreadCreationTime : 5-4-2005 2:59:44 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:35 [mspmspsv.exe]
ModuleName : C:\WINDOWS\system32\MsPMSPSv.exe
Command Line : C:\WINDOWS\system32\MsPMSPSv.exe
ProcessID : 2512
ThreadCreationTime : 5-4-2005 2:59:44 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
Scanning Module:C:\WINDOWS\system32\MsPMSPSv.exe...

#:36 [dlbxcoms.exe]
ModuleName : C:\WINDOWS\system32\dlbxcoms.exe
Command Line : C:\WINDOWS\system32\dlbxcoms.exe -service
ProcessID : 2796
ThreadCreationTime : 5-4-2005 2:59:47 PM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe
Scanning Module:C:\WINDOWS\system32\dlbxcoms.exe...
Scanning Module:C:\WINDOWS\system32\dlbxserv.dll...
Scanning Module:C:\WINDOWS\system32\dlbxusb1.dll...

#:37 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3340
ThreadCreationTime : 5-4-2005 2:59:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:38 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[454]SUSDS2d55eab0594db84bb0d873627a520b89
ProcessID : 4044
ThreadCreationTime : 5-4-2005 3:00:29 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Scanning Module:C:\WINDOWS\system32\wuauclt.exe...
Scanning Module:C:\WINDOWS\system32\wuaucpl.cpl...

#:39 [wmiprvse.exe]
ModuleName : C:\WINDOWS\system32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
ProcessID : 1456
ThreadCreationTime : 5-4-2005 3:00:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvse.exe...
Scanning Module:C:\WINDOWS\system32\wbem\cimwin32.dll...
Scanning Module:C:\WINDOWS\system32\wbem\framedyn.dll...

#:40 [vvoqdxh.exe]
ModuleName : c:\windows\system32\vvoqdxh.exe
Command Line : "c:\windows\system32\vvoqdxh.exe" kfkpvla
ProcessID : 2016
ThreadCreationTime : 5-4-2005 3:01:02 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Scanning Module:c:\windows\system32\vvoqdxh.exe...

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2272
ThreadCreationTime : 5-4-2005 3:01:31 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\system32\RICHED20.dll...

#:42 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 136
ThreadCreationTime : 5-4-2005 3:01:39 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Scanning Module:C:\Program Files\Messenger\msmsgs.exe...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...
Scanning Module:C:\WINDOWS\system32\XPOB2RES.DLL...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New Critical Objects:0
Objects found so far: 1




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1

11:05:32 AM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:39.687
Objects scanned:85139
Objects identified:1
Objects ignored:0
New Critical Objects:1
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#9
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok.

Downloading CCleaner...Done
Installing CCleaner...Done
Initializing Ad-Aware SE...Done
Updating...Done
Deselecting "Always try to unload modules before deletion"...Done
Closing Ad-Aware SE...Done
Disconnecting Cable Internet...Done
Restarting in SAFE MODE...Done
Initializing CCleaner...Done
Deselecting "Only delete files in Windows Temp folders older than 48 hours"...Done.
Creating Custom Folder Scan...c:\WINDOWS\Temp...Done
c:\Documents and Settings\*****1\Local Settings\Temporary Internet Files...Done
c:\Documents and Settings\*****1\Local Settings\Temp...Done
c:\Documents and Settings\*****2\Local Settings\Temporary Internet Files...Done
c:\Documents and Settings\*****2\Local Settings\Temp...Done
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files...Done
c:\Documents and Settings\Default User\Local Settings\Temp...Done
Emptying Recycle Bin...Done
Initializing Ad-Aware SE Via Command Line "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke...done
Scanning...Done
Deleting "Window"...Done
Rebooting Normal...Done
Initializing Ad-Aware SE...Done
Scanning...
...
...Done
Creating Log...Done

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 2:36:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:48 %
Total physical memory:514124 kb
Available physical memory:245628 kb
Total page file size:1258112 kb
Available on page file:1002688 kb
Total virtual memory:2097024 kb
Available virtual memory:2048220 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write protect system files after repair (Hosts file etc.)
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include Module list in log file
Set : Include Alternate Datastream details in log file
Set : Snap windows to desktop borders
Set : Play sound at scan completion if scan locates critical objects


5-4-2005 2:36:23 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 652
ThreadCreationTime : 5-4-2005 6:31:20 PM
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 700
ThreadCreationTime : 5-4-2005 6:31:21 PM
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 724
ThreadCreationTime : 5-4-2005 6:31:21 PM
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\serwvdrv.dll...
Scanning Module:C:\WINDOWS\system32\umdmxfrm.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\wldap32.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 768
ThreadCreationTime : 5-4-2005 6:31:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 780
ThreadCreationTime : 5-4-2005 6:31:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 928
ThreadCreationTime : 5-4-2005 6:31:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1008
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1048
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\rtutils.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\hidserv.dll...
Scanning Module:c:\windows\system32\HID.DLL...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:c:\windows\system32\msi.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemcomn.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\system32\netcfgx.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:c:\windows\system32\rasmans.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\system32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\system32\upnp.dll...
Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\system32\wups.dll...

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1148
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1172
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1224
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccL30.dll...
Scanning Module:C:\WINDOWS\system32\DBGHELP.DLL...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll...

#:12 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1244
ThreadCreationTime : 5-4-2005 6:31:23 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe...
Scanning Module:C:\WINDOWS\system32\SymNeti.DLL...

#:13 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1324
ThreadCreationTime : 5-4-2005 6:31:24 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSet.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll...

#:14 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1380
ThreadCreationTime : 5-4-2005 6:31:24 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVEVENT.DLL...

#:15 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1556
ThreadCreationTime : 5-4-2005 6:31:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\dlbxlmpm.DLL...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\system32\DrPMon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlbxPP5C.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...

#:16 [ctsvccda.exe]
ModuleName : C:\WINDOWS\system32\CTsvcCDA.EXE
Command Line : C:\WINDOWS\system32\CTsvcCDA.EXE
ProcessID : 1648
ThreadCreationTime : 5-4-2005 6:31:25 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
Scanning Module:C:\WINDOWS\system32\CTsvcCDA.EXE...

#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1724
ThreadCreationTime : 5-4-2005 6:31:25 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT32.DLL...

#:18 [npfmntor.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1760
ThreadCreationTime : 5-4-2005 6:31:25 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe...

#:19 [nprotect.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
Command Line : n/a
ProcessID : 1788
ThreadCreationTime : 5-4-2005 6:31:26 PM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\NUMISC.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32KRNLL.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\S32UTILL.DLL...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\NPComSvr.DLL...

#:20 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Command Line : n/a
ProcessID : 1900
ThreadCreationTime : 5-4-2005 6:31:26 PM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\SDException.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SDOptions.dll...

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1936
ThreadCreationTime : 5-4-2005 6:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\system32\WIAFBDRV.DLL...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxdrs.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcfg.dll...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxcnv4.dll...
Scanning Module:C:\WINDOWS\system32\actxprxy.dll...
Scanning Module:C:\WINDOWS\system32\sti.dll...

#:22 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 2000
ThreadCreationTime : 5-4-2005 6:31:26 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll...

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 2020
ThreadCreationTime : 5-4-2005 6:31:26 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:24 [mspmspsv.exe]
ModuleName : C:\WINDOWS\system32\MsPMSPSv.exe
Command Line : C:\WINDOWS\system32\MsPMSPSv.exe
ProcessID : 188
ThreadCreationTime : 5-4-2005 6:31:27 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
Scanning Module:C:\WINDOWS\system32\MsPMSPSv.exe...

#:25 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 464
ThreadCreationTime : 5-4-2005 6:31:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:26 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1676
ThreadCreationTime : 5-4-2005 6:31:59 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.exe...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\system32\themeui.dll...
Scanning Module:C:\WINDOWS\system32\MSIMG32.dll...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\shellextension.dll...
Scanning Module:C:\WINDOWS\system32\OLEACC.DLL...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...
Scanning Module:C:\PROGRA~1\WINDOW~2\wmpband.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\system32\webcheck.dll...
Scanning Module:C:\WINDOWS\system32\stobject.dll...
Scanning Module:C:\WINDOWS\system32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\igfxpph.dll...
Scanning Module:C:\WINDOWS\system32\hccutils.DLL...
Scanning Module:C:\WINDOWS\system32\igfxres.dll...
Scanning Module:C:\WINDOWS\system32\igfxsrvc.dll...
Scanning Module:C:\WINDOWS\system32\igfxdev.dll...
Scanning Module:C:\PROGRA~1\WINZIP\WZSHLSTB.DLL...
Scanning Module:C:\PROGRA~1\TROJAN~1.2\contmenu.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll...
Scanning Module:C:\WINDOWS\system32\ATL71.DLL...
Scanning Module:C:\Program Files\PowerArchiver\PASHLEXT.DLL...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton Utilities\NDRVEX.DLL...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\WINDOWS\system32\mydocs.dll...
Scanning Module:C:\WINDOWS\system32\browselc.dll...
Scanning Module:C:\WINDOWS\system32\DUSER.dll...
Scanning Module:C:\WINDOWS\system32\MLANG.dll...
Scanning Module:C:\WINDOWS\system32\asfsipc.dll...
Scanning Module:C:\WINDOWS\system32\MSISIP.DLL...
Scanning Module:C:\WINDOWS\system32\wshext.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrTrust.dll...

#:27 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 2352
ThreadCreationTime : 5-4-2005 6:32:04 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
Scanning Module:C:\WINDOWS\system32\hkcmd.exe...
Scanning Module:C:\WINDOWS\system32\igfxhk.dll...

#:28 [dlbxmon.exe]
ModuleName : C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
Command Line : "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
ProcessID : 2380
ThreadCreationTime : 5-4-2005 6:32:04 PM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe...
Scanning Module:C:\Program Files\Dell Photo AIO Printer 962\dlbxscw.dll...
Scanning Module:C:\WINDOWS\system32\dlbxcomc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxpplc.dll...
Scanning Module:C:\WINDOWS\system32\dlbxprox.dll...

#:29 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 2396
ThreadCreationTime : 5-4-2005 6:32:04 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasServ.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll...

#:30 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
ProcessID : 2404
ThreadCreationTime : 5-4-2005 6:32:04 PM
BasePriority : Normal
FileVersion : 1.4.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
OriginalFilename : CTSysVol.exe
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe...
Scanning Module:C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.crl...
Scanning Module:C:\Program Files\Creative\Shared Files\CTTheme.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CtrlSrc.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\CTIniF.dll...
Scanning Module:C:\Program Files\Creative\Shared Files\GDICtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\RTXCtrl.skc...
Scanning Module:C:\Program Files\Creative\Shared Files\mxlib.dll...

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\Rundll32.exe
Command Line : "C:\WINDOWS\system32\Rundll32.exe" P17.dll,P17Helper
ProcessID : 2412
ThreadCreationTime : 5-4-2005 6:32:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\system32\Rundll32.exe...
Scanning Module:C:\WINDOWS\system32\P17.dll...
Scanning Module:C:\WINDOWS\system32\DSOUND.dll...

#:32 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 2428
ThreadCreationTime : 5-4-2005 6:32:05 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccApp.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\CCIMSCAN.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\DEFALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\IWP\IWP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVAPW32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\apwutil.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\SAVRT32.DLL...
Scanning Module:C:\WINDOWS\system32\SYMREDIR.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVOPTRF.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\STATUSHP.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVTasks.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccProSub.dll...
Scanning Module:C:\WINDOWS\system32\mstask.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVError.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\ccAVMail.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\SymFWAgt.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccLogin.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSCR.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\apwcmdnt.dll...
Scanning Module:C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\ccFWSetg.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\NAVOpts.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\N32Exclu.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\NORTON~3\S32NAVO.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL...

#:33 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2460
ThreadCreationTime : 5-4-2005 6:32:05 PM
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe...

#:34 [dlbxcoms.exe]
ModuleName : C:\WINDOWS\system32\dlbxcoms.exe
Command Line : C:\WINDOWS\system32\dlbxcoms.exe -service
ProcessID : 2488
ThreadCreationTime : 5-4-2005 6:32:05 PM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe
Scanning Module:C:\WINDOWS\system32\dlbxcoms.exe...
Scanning Module:C:\WINDOWS\system32\dlbxserv.dll...
Scanning Module:C:\WINDOWS\system32\dlbxusb1.dll...

#:35 [twpevvi.exe]
ModuleName : c:\windows\system32\twpevvi.exe
Command Line : "c:\windows\system32\twpevvi.exe" avfibhy
ProcessID : 2580
ThreadCreationTime : 5-4-2005 6:32:06 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Scanning Module:c:\windows\system32\twpevvi.exe...

#:36 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2644
ThreadCreationTime : 5-4-2005 6:32:06 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe...
Scanning Module:C:\WINDOWS\system32\GCCollection.dll...
Scanning Module:C:\WINDOWS\system32\hashlib.dll...

#:37 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[418]SUSDS19d27fb00fc59e4e9131d02954724fa4
ProcessID : 3064
ThreadCreationTime : 5-4-2005 6:32:13 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Scanning Module:C:\WINDOWS\system32\wuauclt.exe...
Scanning Module:C:\WINDOWS\system32\wuaucpl.cpl...

#:38 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3644
ThreadCreationTime : 5-4-2005 6:34:11 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Scanning Module:C:\Program Files\Messenger\msmsgs.exe...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...
Scanning Module:C:\WINDOWS\system32\XPOB2RES.DLL...

#:39 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1340
ThreadCreationTime : 5-4-2005 6:36:14 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\system32\RICHED20.dll...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New Critical Objects:0
Objects found so far: 1




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1

2:39:28 PM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:05.437
Objects scanned:80126
Objects identified:1
Objects ignored:0
New Critical Objects:1
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again..
This topic will be moved to Malware forums as soon as Moderators (or any other staff for that matter), has time.
You have to download & install HiJackThis.
I'll ask for a referring...

- Rawe :tazz:
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
MOVED

Hi Gattsryu,

please download RKFiles from here:
http://skads.org/special/rkfiles.zip
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode and run RKFiles.bat. It may take a while. When it is finished a windows should appear with a log.

Restart your computer in normal mode, and please post the contents of the logfile, which should be at c:\log.txt.

Regards,
  • 0

#12
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Metallica!
Thank you for helping out w/my issue. Here is the log you requested.
______________________________________________________________

C:\Documents and Settings\Justin\Desktop

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\guhzmt.exe: UPX!
C:\WINDOWS\system32\twpevvi.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\hadeyfyggck.exe: UPX!
C:\WINDOWS\Nail.exe: UPX!
C:\WINDOWS\Nail.exe.tcf: UPX!
C:\WINDOWS\Nail.exe9056.tcf: UPX!
C:\WINDOWS\RMAgentOutput.dll: UPX!
C:\WINDOWS\svcproc.exe: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
  • 0

#13
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Click Start > Run > type cmd > OK

The command prompt will open.
Usually it does this in C:\Documents and settings\{username}
Type the command cd\ until only the C:\> is left

then type the following commands:
cd Windows
Nail.exe /Fullremove
<= Note there is a space before /Fullremove

1) Please download the Killbox.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\Nail.exe 
C:\WINDOWS\Bolger.dll 
C:\WINDOWS\svcproc.exe 
C:\WINDOWS\system32\DrPmon.dll
C:\WINDOWS\system32\guhzmt.exe
C:\WINDOWS\system32\twpevvi.exe
C:\WINDOWS\hadeyfyggck.exe
C:\WINDOWS\Nail.exe.tcf
C:\WINDOWS\Nail.exe9056.tcf
C:\WINDOWS\RMAgentOutput.dll

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot and post a new HijackThis log

Regards,
  • 0

#14
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok. I did get a c:\WINDOWS\Nail.exe-File not found window. Here is the Hijack this log.
____________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 4:28:26 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\windows\system32\xlepjzl.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Justin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [opmqzau] c:\windows\system32\xlepjzl.exe
O4 - HKCU\..\Run: [SpySweeper] "\SpySweeper.exe" /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#15
Gattsryu

Gattsryu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ahhhh... I decided to reformat, I have a patience issue. Thanx Metallica for your help. Oh and you too Rawe! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP