Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Nail.exe

Started by FloydParks , May 04 2005 10:59 PM

  • This topic is locked This topic is locked

#1
FloydParks
Posted 04 May 2005 - 10:59 PM

FloydParks

    New Member

  • Member
  • Pip
  • 2 posts
"Aurora" pops up... and nail.exe keeps coming back.




Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 9:40:48 PM
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:38 %
Total physical memory:523628 kb
Available physical memory:195916 kb
Total page file size:1277644 kb
Available on page file:1052716 kb
Total virtual memory:2097024 kb
Available virtual memory:2042404 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


5-4-2005 9:40:48 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-5-2005 4:04:57 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 736
ThreadCreationTime : 5-5-2005 4:05:04 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 760
ThreadCreationTime : 5-5-2005 4:05:04 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 804
ThreadCreationTime : 5-5-2005 4:05:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 816
ThreadCreationTime : 5-5-2005 4:05:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1008
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1096
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1292
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1392
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1616
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ehsched.exe]
ModuleName : C:\WINDOWS\ehome\ehSched.exe
Command Line : C:\WINDOWS\ehome\ehSched.exe
ProcessID : 1720
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:13 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "c:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1772
ThreadCreationTime : 5-5-2005 4:05:09 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1812
ThreadCreationTime : 5-5-2005 4:05:09 AM
BasePriority : Normal
FileVersion : 6.14.10.4472
ProductVersion : 6.14.10.4472
ProductName : NVIDIA Driver Helper Service, Version 44.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.72
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 560
ThreadCreationTime : 5-5-2005 4:05:10 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1148
ThreadCreationTime : 5-5-2005 4:05:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:17 [ehtray.exe]
ModuleName : C:\WINDOWS\ehome\ehtray.exe
Command Line : "C:\WINDOWS\ehome\ehtray.exe"
ProcessID : 932
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:18 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 148
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:19 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 972
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:20 [hphmon05.exe]
ModuleName : C:\WINDOWS\System32\hphmon05.exe
Command Line : "C:\WINDOWS\System32\hphmon05.exe"
ProcessID : 1056
ThreadCreationTime : 5-5-2005 4:05:15 AM
BasePriority : Normal
FileVersion : 5,0,84
ProductVersion : 5,0,84
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe

#:21 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1136
ThreadCreationTime : 5-5-2005 4:05:15 AM
BasePriority : High


#:22 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2136
ThreadCreationTime : 5-5-2005 4:05:20 AM
BasePriority : Normal
FileVersion : 1.03.15
ProductVersion : 1.03.15
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:23 [ehmsas.exe]
ModuleName : C:\WINDOWS\ehome\ehmsas.exe
Command Line : C:\WINDOWS\ehome\ehmsas.exe -Embedding
ProcessID : 2316
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:24 [shwicon2k.exe]
ModuleName : C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Command Line : "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
ProcessID : 2352
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Idle
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : Alcor Micro Sunkist
CompanyName : Alcor Micro, Corp.
FileDescription : Sunkist
InternalName : Sunkist
LegalCopyright : Copyright c 2002 - 2004
OriginalFilename : Sunkist.exe

#:25 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 2420
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe

#:26 [ad-watch.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
ProcessID : 2504
ThreadCreationTime : 5-5-2005 4:05:23 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:27 [sdmndll.exe]
ModuleName : C:\WINDOWS\SDMNDLL.EXE
Command Line : "C:\WINDOWS\SDMNDLL.EXE"
ProcessID : 2552
ThreadCreationTime : 5-5-2005 4:05:24 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Update Monitor
CompanyName : UpdateMonitor
FileDescription : Update Monitor
InternalName : UpdMon
OriginalFilename : UpdMon.exe

#:28 [sdmnenc.exe]
ModuleName : C:\WINDOWS\SDMNENC.EXE
Command Line : "C:\WINDOWS\SDMNENC.EXE"
ProcessID : 2560
ThreadCreationTime : 5-5-2005 4:05:24 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe

#:29 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 2684
ThreadCreationTime : 5-5-2005 4:05:27 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:30 [irhdai.exe]
ModuleName : c:\windows\system32\irhdai.exe
Command Line : "c:\windows\system32\irhdai.exe" ifzvmhp
ProcessID : 2780
ThreadCreationTime : 5-5-2005 4:05:28 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:31 [hpqtra08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2856
ThreadCreationTime : 5-5-2005 4:05:30 AM
BasePriority : Normal
FileVersion : 5.30.0.131
ProductVersion : 005.030.000.131
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:32 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 2868
ThreadCreationTime : 5-5-2005 4:05:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:33 [backweb-137903.exe]
ModuleName : C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
Command Line : "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" -startup
ProcessID : 2952
ThreadCreationTime : 5-5-2005 4:05:31 AM
BasePriority : Normal


#:34 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1896
ThreadCreationTime : 5-5-2005 4:29:36 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe"
ProcessID : 228
ThreadCreationTime : 5-5-2005 4:36:32 AM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:36 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4a8]SUSDS0ee82c46ee8f2447ba5e7447ddfcb27a
ProcessID : 1924
ThreadCreationTime : 5-5-2005 4:40:25 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3092
ThreadCreationTime : 5-5-2005 4:40:31 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

9:55:17 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:29.453
Objects scanned:184922
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

Advertisements

#2
Rawe
Posted 05 May 2005 - 03:31 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome.
Could you scan your computer here;
http://www.ewido.net/en/
Let it do a full scan, then copy the log from it. Paste it to a blank notepad file and save it to post here.
After that, just post the log in this topic.

- Rawe :tazz:

Don't do anything else yet though.
  • 0

#3
Guest_Corrine_*
Posted 05 May 2005 - 10:33 AM

Guest_Corrine_*
  • Guest
Hi, FloydParks. You may wish to note that as a subscriber to the licensed Plus version of Ad-Aware, you are entitled to free email support.

You could try the Upgrade Center or, I understand, should have received an email with information regarding access to http://www.lavasoftcustomercenter.com .
  • 0

#4
FloydParks
Posted 06 May 2005 - 07:18 PM

FloydParks

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:14:47 PM, 5/6/2005
+ Report-Checksum: C1B0C55A

+ Date of database: 5/6/2005
+ Version of scan engine: v3.0

+ Duration: 1288 min
+ Scanned Files: 153928
+ Speed: 1.99 Files/Second
+ Infected files: 105
+ Removed files: 105
+ Files put in quarantine: 105
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Administrator\Cookies\administrator@17816417[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@80503492[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@p[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ATS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\bundle.exe -> Spyware.Sahat.h -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\KPA\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\MBX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.frC81E -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\XBI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01MZWTQ7\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H2F0XIF\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\67S0JLQW\AproposClientInstaller[1].exe -> TrojanDownloader.Apropos.s -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KDYFOLYV\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLENC9YV\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLENC9YV\Poller[1].exe -> Trojan.Agent.cp -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PQ1RZK8Y\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YKI751O1\protector_update[1].exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@17816417[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@80503492[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Default User\Cookies\administrator@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\administrator@80503492[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc1.exe -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc1007.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc1008.exe -> Spyware.EliteBar.q -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc1173\AproposClientInstaller[1].exe -> TrojanDownloader.Apropos.s -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc1174\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc152.fr0BF6\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc160.tmp\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc2.exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc4.exe -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc409.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc424.exe -> Trojan.Registrator.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc426.exe -> TrojanDownloader.Agent.lg -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc470.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc471.exe -> Spyware.EliteBar.q -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc619.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc622.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc644.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc647.exe -> Spyware.WinAD.am -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc688.tmp\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc930.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc945.exe -> Trojan.Registrator.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc947.exe -> TrojanDownloader.Agent.lg -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc956.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc958.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc977.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-3418961735-228567335-1468445710-500\Dc980.exe -> Spyware.WinAD.am -> Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\cfgmgr51.dll -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
C:\WINDOWS\loqweozxkh.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\protector.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\system\cuikamqk.exe -> TrojanDownloader.Small.aly -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@17816417[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@80503492[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Del298.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\drhkcdii.exe -> Trojan.Registrator.b -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\fgge.exe -> TrojanDownloader.Agent.lg -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\installer_MARKETING18.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\mm_reco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pcs_0009.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\seedcorn2_MediaAccessInstPack.exe -> Spyware.WinAD.am -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\THI1FE2.tmp\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\toc_0015.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar.q -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\67S0JLQW\AproposClientInstaller[1].exe -> TrojanDownloader.Apropos.s -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PQ1RZK8Y\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\__delete_on_reboot__Bolger.dll -> Spyware.BetterInternet -> Cleaned with backup


::Report End
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP