Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Pesky "Nail.exe"

Started by flattire , May 03 2005 11:12 AM

  • Please log in to reply

#1
flattire
Posted 03 May 2005 - 11:12 AM

flattire

    New Member

  • Member
  • Pip
  • 1 posts
Hello. Here is a copy of my adaware log. Have tried using Ewido, spybot, and hijackthis and still the "nail.exe" keeps returning. I get an error message at startup telling me that, C:\WINDOWS\Nail.exe, (or some of its components) cannot be found. Any help you can give me would be appreciated. thanks.


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 03, 2005 12:59:20 PM
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):16 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:66 %
Total physical memory:523760 kb
Available physical memory:340520 kb
Total page file size:1277212 kb
Available on page file:1077176 kb
Total virtual memory:2097024 kb
Available virtual memory:2044540 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


5-3-2005 12:59:20 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\William Cummings\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-796845957-1677128483-1343024091-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 228
ThreadCreationTime : 5-3-2005 3:50:17 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 252
ThreadCreationTime : 5-3-2005 3:50:27 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 248
ThreadCreationTime : 5-3-2005 3:50:29 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 300
ThreadCreationTime : 5-3-2005 3:50:32 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 312
ThreadCreationTime : 5-3-2005 3:50:32 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 496
ThreadCreationTime : 5-3-2005 3:50:38 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 520
ThreadCreationTime : 5-3-2005 3:50:39 PM
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 548
ThreadCreationTime : 5-3-2005 3:50:39 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 576
ThreadCreationTime : 5-3-2005 3:50:39 PM
BasePriority : Normal
FileVersion : 7.2
ProductVersion : 7.2
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:10 [isafe.exe]
ModuleName : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
Command Line : "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe"
ProcessID : 596
ThreadCreationTime : 5-3-2005 3:50:39 PM
BasePriority : Normal
FileVersion : Version 10.63.0.1
ProductVersion : Version 10.63.0.1
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 648
ThreadCreationTime : 5-3-2005 3:50:40 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:12 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 660
ThreadCreationTime : 5-3-2005 3:50:40 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:13 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 696
ThreadCreationTime : 5-3-2005 3:50:42 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 772
ThreadCreationTime : 5-3-2005 3:50:46 PM
BasePriority : Normal
FileVersion : 5.13.01.1462
ProductVersion : 5.13.01.1462
ProductName : NVIDIA Driver Helper Service, Version 14.62
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 14.62
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [regsvc.exe]
ModuleName : C:\WINDOWS\system32\regsvc.exe
Command Line : C:\WINDOWS\system32\regsvc.exe
ProcessID : 796
ThreadCreationTime : 5-3-2005 3:50:47 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:16 [mstask.exe]
ModuleName : C:\WINDOWS\system32\MSTask.exe
Command Line : C:\WINDOWS\system32\MSTask.exe
ProcessID : 812
ThreadCreationTime : 5-3-2005 3:50:47 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:17 [vetmsg.exe]
ModuleName : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Command Line : "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe"
ProcessID : 880
ThreadCreationTime : 5-3-2005 3:50:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : vetmsg
CompanyName : Computer Associates International, Inc.
FileDescription : vetmsg
InternalName : vetmsg
LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc.
OriginalFilename : vetmsg.exe

#:18 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 944
ThreadCreationTime : 5-3-2005 3:50:52 PM
BasePriority : Normal
FileVersion : 4.5.585.000
ProductVersion : 4.5.585.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1048
ThreadCreationTime : 5-3-2005 3:51:01 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [winmgmt.exe]
ModuleName : C:\WINDOWS\System32\WBEM\WinMgmt.exe
Command Line : C:\WINDOWS\System32\WBEM\WinMgmt.exe
ProcessID : 1060
ThreadCreationTime : 5-3-2005 3:51:02 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:21 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1080
ThreadCreationTime : 5-3-2005 3:51:04 PM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:22 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k wugroup
ProcessID : 1092
ThreadCreationTime : 5-3-2005 3:51:04 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:23 [soundman.exe]
ModuleName : C:\WINDOWS\soundman.exe
Command Line : "C:\WINDOWS\soundman.exe"
ProcessID : 1284
ThreadCreationTime : 5-3-2005 3:51:26 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:24 [anvshell.exe]
ModuleName : C:\WINDOWS\anvshell.exe
Command Line : "C:\WINDOWS\anvshell.exe"
ProcessID : 1340
ThreadCreationTime : 5-3-2005 3:51:29 PM
BasePriority : Normal
FileVersion : 1.00.00
ProductVersion : 1.00.00
ProductName : ASUS nVidia Series Shell
CompanyName : AsusTeK Computer Inc.
FileDescription : ASUS nVidia Series Shell
InternalName : ANVShell
LegalCopyright : Copyright © 2000
OriginalFilename : ANVShell.EXE

#:25 [projselector.exe]
ModuleName : C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
Command Line : "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
ProcessID : 1348
ThreadCreationTime : 5-3-2005 3:51:32 PM
BasePriority : Normal
FileVersion : 6.1.1.7
ProductVersion : 6.1.1.7
ProductName : Easy CD Creator
CompanyName : Roxio
FileDescription : Roxio Project Selector
InternalName : projselector.exe
LegalCopyright : Copyright © 1999-2003 Roxio, Inc.
OriginalFilename : projselector.exe

#:26 [drgtodsc.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
ProcessID : 1388
ThreadCreationTime : 5-3-2005 3:51:36 PM
BasePriority : Normal
FileVersion : 6.1.1.7
ProductVersion : 6.1.1.7
ProductName : Drag-to-Disc
CompanyName : Roxio
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright © 1999-2003 Roxio, Inc.
LegalTrademarks : Copyright © 1999-2003 Roxio, Inc.
OriginalFilename : BurnCtrl.EXE

#:27 [rxmon.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
ProcessID : 1396
ThreadCreationTime : 5-3-2005 3:51:37 PM
BasePriority : Normal


#:28 [lxsupmon.exe]
ModuleName : C:\WINDOWS\System32\LXSUPMON.EXE
Command Line : "C:\WINDOWS\System32\LXSUPMON.EXE" RUN
ProcessID : 1404
ThreadCreationTime : 5-3-2005 3:51:39 PM
BasePriority : Normal
FileVersion : 2.3.86.1
ProductVersion : 2.3.86.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2001
OriginalFilename : LXSUPMON.RC

#:29 [ad-watch.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
ProcessID : 1468
ThreadCreationTime : 5-3-2005 3:51:42 PM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:30 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 1296
ThreadCreationTime : 5-3-2005 3:51:44 PM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:31 [vettray.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Command Line : "C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe"
ProcessID : 1484
ThreadCreationTime : 5-3-2005 3:51:45 PM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:32 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1492
ThreadCreationTime : 5-3-2005 3:51:45 PM
BasePriority : Normal
FileVersion : 9.75.302
ProductVersion : 9.75.302
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:33 [playlist.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe" -Embedding
ProcessID : 1496
ThreadCreationTime : 5-3-2005 3:51:47 PM
BasePriority : Normal


#:34 [ca.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
Command Line : n/a
ProcessID : 1536
ThreadCreationTime : 5-3-2005 3:51:50 PM
BasePriority : Normal
FileVersion : 4.5.585.000
ProductVersion : 4.5.585.000
ProductName : EZ Firewall
CompanyName : Computer Associates
FileDescription : EZ Firewall
InternalName : ca
LegalCopyright : Copyright © 1998-2003, Computer Associates..............
OriginalFilename : ca.exe

#:35 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1540
ThreadCreationTime : 5-3-2005 3:51:53 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:36 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 1680
ThreadCreationTime : 5-3-2005 3:53:46 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe"
ProcessID : 1372
ThreadCreationTime : 5-3-2005 4:56:13 PM
BasePriority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

1:01:30 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:09.786
Objects scanned:54722
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements

#2
Rawe
Posted 05 May 2005 - 06:35 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
Guest_Andy_veal_*
Posted 05 May 2005 - 05:34 PM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP