Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Clean - Virtualmonde And Malware


  • Please log in to reply
2 replies to this topic

#1 Bowie28

Bowie28

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 17 September 2006 - 10:43 AM

Hi, my computer (amd semptron 3200, 512 ram) began slow and the mouse began out of control about 3 weeks ago, then I decide to scan with pc-doctor and ad-aware, there it found virtualmonde and malware. I tried to clean it again and again, it keeps coming back (the registry key and value). Now the mouse cannot left click, I an only use TAB key to finish some left click issue. I can't install any software or open some software with the use of left click of the mouse. Can anyone help me and suggest me how to clean it up and fix the problem? Since system restore is not an option for me because some of the software program installed on my computer is unable to recover (reinstall).

Pc-doctor log:
Last Scan:9/1/2006 7:30:15 PM
Check complete. Removed: 1 problems.
Could not remove 0 problems.
#1
Found problem: Virtumonde
Description: Virtumonde modifies the Windows Internet connection mechanism and display various pop-up advertisements.
Location: SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\sstqr
Problem has been deleted from registry key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\sstqr as value: sstqr

Last Scan:9/1/2006 7:34:55 PM
Check complete. Removed: 1 problems.
Could not remove 0 problems.
#1
Found problem: Virtumonde
Description: Virtumonde modifies the Windows Internet connection mechanism and display various pop-up advertisements.
Location: SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\sstqr
Problem has been deleted from registry key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\sstqr as value: sstqr

ad-aware 1st log:


1.
Name:YourSiteBar
Category:Malware
Object Type:File
Size:54760 Bytes
Location:C:\...\software\crks\acrobat60pro_SgTvXfCnXxNiOzLb.zip
Last Activity:9-2-2006 6:04:04 AM
Relevance:Low
TAC index:6
Comment:Object "install_cheat_001.exe" found in this archive.
Description:IEHiacker, distributed through undisclosed installations, some variants dropped by Favoriteman

2.
Name:YourSiteBar
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:software\microsoft\downloadmanager\
Last Activity:9-2-2006
Relevance:Low
TAC index:6
Comment:
Description:IEHiacker, distributed through undisclosed installations, some variants dropped by Favoriteman

3.
Name:Virtumonde
Category:Data Miner
Object Type:Regkey
Size:22 Bytes
Location:clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}\
Last Activity:9-2-2006
Relevance:Low
TAC index:10
Comment:
Description:No uninstaller. Bundled install that is undisclosed. May cause system instability. Auto updates. Opens unsolicited websites. There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed

4.
Name:Virtumonde
Category:Data Miner
Object Type:RegValue
Size:1 Bytes
Location:clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75} "AppID"
Last Activity:9-2-2006
Relevance:Low
TAC index:10
Comment:
Description:No uninstaller. Bundled install that is undisclosed. May cause system instability. Auto updates. Opens unsolicited websites. There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed

5.
Name:Virtumonde
Category:Data Miner
Object Type:Regkey
Size:0 Bytes
Location:...\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}\
Last Activity:9-2-2006
Relevance:Low
TAC index:10
Comment:
Description:No uninstaller. Bundled install that is undisclosed. May cause system instability. Auto updates. Opens unsolicited websites. There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed

6.
Name:SearchFast
Category:Malware
Object Type:Regkey
Size:14 Bytes
Location:clsid\{49232000-16e4-426c-a231-62846947304b}\
Last Activity:9-2-2006
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

7.
Name:SearchFast
Category:Malware
Object Type:Regkey
Size:9 Bytes
Location:interface\{8da729b1-b0fc-4fab-9d33-0b004e0f0592}\
Last Activity:9-2-2006
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

8.
Name:SearchFast
Category:Malware
Object Type:Regkey
Size:14 Bytes
Location:sysinfo.sysdata\
Last Activity:9-2-2006
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

9.
Name:SearchFast
Category:Malware
Object Type:Regkey
Size:14 Bytes
Location:sysinfo.sysdata.1\
Last Activity:9-2-2006
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

10.
Name:SearchFast
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:typelib\{980bcd41-0313-4693-88be-d036753fa898}\
Last Activity:9-2-2006
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

11.
Name:SearchFast
Category:Malware
Object Type:File
Size:214312 Bytes
Location:C:\WINDOWS\downloaded program files\SysInfo.dll
Last Activity:9-2-2006 6:15:26 AM
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

12.
Name:SearchFast
Category:Malware
Object Type:File
Size:611 Bytes
Location:C:\WINDOWS\downloaded program files\SysInfo.inf
Last Activity:9-2-2006 6:15:26 AM
Relevance:Low
TAC index:5
Comment:
Description:Common IE Hijacker.Installs unsolicited.

13.
Name:Coulomb Dialer
Category:Dialer
Object Type:File
Size:90112 Bytes
Location:C:\...\Online Services\PeoplePC\Utilities\AtlBrowser.exe
Last Activity:9-2-2006 6:09:57 AM
Relevance:Low
TAC index:5
Comment:
Description:Porn Dialer.

14.
Name:Coulomb Dialer
Category:Dialer
Object Type:File
Size:6394 Bytes
Location:C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\index.html
Last Activity:9-2-2006 6:15:27 AM
Relevance:Low
TAC index:5
Comment:
Description:Porn Dialer.

ad-aware 2nd log:
{IMPOATANT NOTE]
2nd san remove the the following registry key and value with the whole folder directory.
Beware of system error.



Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}

Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}
Value : AppID

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 40


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41


[IMPORTANT NOTE]
This file is store within the restore memory area. Can't be remove unless extracted.
So
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Coulomb Dialer Object Recognized!
Type : File
Data : A0039373.exe
TAC Rating : 5
Category : Dialer
Comment :
Object : C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP452\
FileVersion : 5, 5, 0, 6
ProductVersion : 5, 0, 0, 0
ProductName : AtlBrowser Module
CompanyName : PeoplePC
FileDescription : AtlBrowser Module
InternalName : ATLBROWSER
LegalCopyright : Copyright 2003
OriginalFilename : ATLBROWSER.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 42


ad-aware 3rd log:

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42

3:02:50 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:01.891
Objects scanned:227041
Objects identified:4
Objects ignored:0
New critical objects:4


Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, September 03, 2006 4:37:10 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):39 total references
Tracking Cookie(TAC index:3):3 total references
Virtumonde(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R121 28.08.2006
Internal build : 147
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 752587 Bytes
Total size : 2438973 Bytes
Signature data size : 2390418 Bytes
Reference data size : 48043 Bytes
Signatures total : 66289
CSI Fingerprints total : 3549
CSI data size : 138366 Bytes
Target categories : 15
Target families : 959


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:30 %
Total physical memory:458224 kb
Available physical memory:137396 kb
Total page file size:1083408 kb
Available on page file:816388 kb
Total virtual memory:2097024 kb
Available virtual memory:2012228 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-3-2006 4:37:10 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\HP_Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\HP_Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4082530057-1089658919-2114924998-1009\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 608
ThreadCreationTime : 9-3-2006 8:27:02 PM
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 672
ThreadCreationTime : 9-3-2006 8:27:04 PM
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\LPK.DLL...
Scanning Module:C:\WINDOWS\system32\USP10.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 696
ThreadCreationTime : 9-3-2006 8:27:04 PM
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\msctfime.ime...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\sstqr.dll...
Scanning Module:C:\WINDOWS\system32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\WgaLogon.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 740
ThreadCreationTime : 9-3-2006 8:27:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 752
ThreadCreationTime : 9-3-2006 8:27:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 904
ThreadCreationTime : 9-3-2006 8:27:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 980
ThreadCreationTime : 9-3-2006 8:27:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1072
ThreadCreationTime : 9-3-2006 8:27:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\rtutils.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\rasmans.dll...
Scanning Module:c:\windows\system32\netcfgx.dll...
Scanning Module:c:\windows\system32\CLUSAPI.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\system32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\rasauto.dll...
Scanning Module:C:\WINDOWS\System32\icmp.dll...
Scanning Module:C:\WINDOWS\system32\upnp.dll...
Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\msi.dll...
Scanning Module:C:\WINDOWS\system32\upnphost.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\system32\msxml3.dll...
Scanning Module:C:\WINDOWS\system32\wups.dll...

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1260
ThreadCreationTime : 9-3-2006 8:27:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1356
ThreadCreationTime : 9-3-2006 8:27:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:C:\WINDOWS\system32\mlang.dll...
Scanning Module:C:\WINDOWS\system32\httpapi.dll...

#:11 [ccproxy.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Command Line : n/a
ProcessID : 1996
ThreadCreationTime : 9-3-2006 8:27:11 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccProxy.exe...
Scanning Module:C:\WINDOWS\system32\SYMREDIR.dll...
Scanning Module:C:\WINDOWS\system32\SymNeti.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP70.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR70.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccL30.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccSet.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\DPHTML.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\SymIConv.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\DPJS.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\DPVBS.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\PFMisc.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\PFPriv.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\StrmFilt.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\PFSec.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\DPHTTP.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\PxyIM.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccProSub.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccLogin.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll...

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2020
ThreadCreationTime : 9-3-2006 8:27:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\system32\themeui.dll...
Scanning Module:C:\WINDOWS\system32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\system32\actxprxy.dll...
Scanning Module:C:\WINDOWS\system32\msutb.dll...
Scanning Module:C:\WINDOWS\system32\MSCTF.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll...
Scanning Module:C:\WINDOWS\system32\webcheck.dll...
Scanning Module:C:\WINDOWS\system32\stobject.dll...
Scanning Module:C:\WINDOWS\system32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\upnpui.dll...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...
Scanning Module:C:\WINDOWS\system32\fxsst.dll...
Scanning Module:C:\WINDOWS\system32\FXSAPI.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\NETRAP.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\SBHook.dll...
Scanning Module:C:\WINDOWS\system32\mslbui.dll...

#:13 [ccsetmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 2028
ThreadCreationTime : 9-3-2006 8:27:11 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\DBGHELP.DLL...

#:14 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 2040
ThreadCreationTime : 9-3-2006 8:27:12 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
Scanning Module:c:\Program Files\Norton AntiVirus\navapsvc.exe...
Scanning Module:c:\Program Files\Norton AntiVirus\SAVRT32.DLL...

#:15 [sndsrvc.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 208
ThreadCreationTime : 9-3-2006 8:27:13 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe...

#:16 [spbbcsvc.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 108
ThreadCreationTime : 9-3-2006 8:27:14 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll...

#:17 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 316
ThreadCreationTime : 9-3-2006 8:27:14 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NAVEVENT.DLL...

#:18 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 600
ThreadCreationTime : 9-3-2006 8:27:19 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
Scanning Module:C:\WINDOWS\system32\LEXBCES.EXE...
Scanning Module:C:\WINDOWS\system32\lexp2p32.dll...
Scanning Module:C:\WINDOWS\system32\lex2kusb.dll...

#:19 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 648
ThreadCreationTime : 9-3-2006 8:27:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\AdobePDF.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\BiMMonNT.dll...
Scanning Module:C:\WINDOWS\system32\BIIMG.dll...
Scanning Module:C:\WINDOWS\system32\LEXLMPM.DLL...
Scanning Module:C:\WINDOWS\system32\LexBce.dll...
Scanning Module:C:\WINDOWS\system32\mdimon.dll...
Scanning Module:C:\WINDOWS\system32\FXSMON.DLL...
Scanning Module:C:\WINDOWS\system32\FXSEVENT.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBFPP5C.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\RFOProNT.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\RFPProNT.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\RFRProNT.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...
Scanning Module:C:\WINDOWS\system32\LXBFpwr.dll...

#:20 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 820
ThreadCreationTime : 9-3-2006 8:27:19 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
Scanning Module:C:\WINDOWS\system32\LEXPPS.EXE...

#:21 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1240
ThreadCreationTime : 9-3-2006 8:27:26 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE...

#:22 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 1504
ThreadCreationTime : 9-3-2006 8:27:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\system32\WIAFBDRV.DLL...
Scanning Module:C:\Program Files\Lexmark X6100 Series\lxbfmcro.dll...
Scanning Module:C:\Program Files\Lexmark X6100 Series\ConvDIB.dll...

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1616
ThreadCreationTime : 9-3-2006 8:27:27 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. A

BC AdBot (Login to Remove)

 


m

#2 Bowie28

Bowie28
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 17 September 2006 - 10:55 AM

Please see the 3rd ad-aware complete log here:

#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1616
ThreadCreationTime : 9-3-2006 8:27:27 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:24 [symwsc.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : n/a
ProcessID : 1720
ThreadCreationTime : 9-3-2006 8:27:28 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\pccln-fw.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\sscwmiAV.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\sscwmiFW.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\McAfeeAV.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\McAfeeFW.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\etrst-av.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\etrst-fw.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\pccln-av.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\zone-fw.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\ssciwp.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\ssc-icf.dll...
Scanning Module:c:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in\ssc-wu.dll...
Scanning Module:c:\Program Files\Norton AntiVirus\IWP\iwp.dll...
Scanning Module:c:\Program Files\Norton AntiVirus\NAVAPSCR.dll...
Scanning Module:C:\WINDOWS\system32\ATL71.DLL...
Scanning Module:c:\Program Files\Norton AntiVirus\NAVError.dll...
Scanning Module:c:\PROGRA~1\NORTON~1\NAVOpts.dll...
Scanning Module:c:\PROGRA~1\NORTON~1\N32Exclu.dll...
Scanning Module:c:\PROGRA~1\NORTON~1\S32NAVO.DLL...
Scanning Module:c:\Program Files\Norton Personal Firewall\NISRes.dll...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL...
Scanning Module:C:\WINDOWS\system32\mstask.dll...

#:25 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
ProcessID : 2656
ThreadCreationTime : 9-3-2006 8:27:42 PM
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe...

#:26 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2736
ThreadCreationTime : 9-3-2006 8:27:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:27 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 2996
ThreadCreationTime : 9-3-2006 8:27:46 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
Scanning Module:C:\windows\system\hpsysdrv.exe...

#:28 [hphmon06.exe]
ModuleName : C:\WINDOWS\system32\hphmon06.exe
Command Line : "C:\WINDOWS\system32\hphmon06.exe"
ProcessID : 3072
ThreadCreationTime : 9-3-2006 8:27:47 PM
BasePriority : Normal
FileVersion : 6,0,72
ProductVersion : 6,0,72
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon06
InternalName : HPHmon06
LegalCopyright : Copyright © 2004
OriginalFilename : HPHmon06.exe
Scanning Module:C:\WINDOWS\system32\hphmon06.exe...
Scanning Module:C:\WINDOWS\system32\hpzjrd01.dll...
Scanning Module:C:\WINDOWS\system32\hpzjfw01.dll...
Scanning Module:C:\WINDOWS\system32\HPZJSN01.dll...
Scanning Module:C:\WINDOWS\system32\WSNMP32.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...

#:29 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 3108
ThreadCreationTime : 9-3-2006 8:27:47 PM
BasePriority : High

Scanning Module:C:\HP\KBD\KBD.EXE...
Scanning Module:C:\HP\KBD\led.dll...
Scanning Module:C:\HP\KBD\USB.dll...
Scanning Module:C:\HP\KBD\ps2.dll...
Scanning Module:C:\HP\KBD\msg.dll...
Scanning Module:C:\HP\KBD\osd.dll...
Scanning Module:C:\HP\KBD\sct.dll...
Scanning Module:C:\HP\KBD\onl.dll...
Scanning Module:C:\HP\KBD\aol.dll...
Scanning Module:C:\HP\KBD\url.dll...
Scanning Module:C:\HP\KBD\cfg.dll...
Scanning Module:C:\HP\KBD\MSIKBDIF.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCIRT.dll...

#:30 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 3192
ThreadCreationTime : 9-3-2006 8:27:48 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
Scanning Module:C:\Program Files\Common Files\Real\Update_OB\realsched.exe...

#:31 [vttimer.exe]
ModuleName : C:\WINDOWS\system32\VTTimer.exe
Command Line : "C:\WINDOWS\system32\VTTimer.exe"
ProcessID : 3332
ThreadCreationTime : 9-3-2006 8:27:50 PM
BasePriority : Normal
FileVersion : 1.04.06-1020
ProductVersion : 1.04.06-1020
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2004 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
Scanning Module:C:\WINDOWS\system32\VTTimer.exe...

#:32 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 3348
ThreadCreationTime : 9-3-2006 8:27:50 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccApp.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\DEFALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\IWP\IWP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NAVAPW32.DLL...
Scanning Module:C:\PROGRA~1\

Edited by Bowie28, 17 September 2006 - 11:27 AM.


#3 Bowie28

Bowie28
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 17 September 2006 - 11:38 AM

#:25 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
ProcessID : 2656
ThreadCreationTime : 9-3-2006 8:27:42 PM
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe...

#:32 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 3348
ThreadCreationTime : 9-3-2006 8:27:50 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccApp.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\DEFALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\IWP\IWP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NAVAPW32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\apwutil.dll...
Scanning Module:C:\PROGRA~1\NORTON~1\SAVRT32.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\NAVOPTRF.DLL...
Scanning Module:C:\PROGRA~1\NORTON~1\STATUSHP.DLL...
Scanning Module:C:\PROGRA~1\NORTON~2\ISLALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~2\NISRES.DLL...
Scanning Module:C:\PROGRA~1\NORTON~2\NISPROD.DLL...
Scanning Module:c:\PROGRA~1\NORTON~1\NAVTasks.dll...
Scanning Module:c:\Program Files\Norton AntiVirus\ccAVMail.dll...
Scanning Module:c:\Program Files\Norton Personal Firewall\NISLCOM.dll...
Scanning Module:C:\PROGRA~1\NORTON~2\SYMFWAGT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~2\NISALERT.DLL...
Scanning Module:C:\PROGRA~1\NORTON~2\ccFWRuls.dll...
Scanning Module:C:\PROGRA~1\NORTON~2\TLevel.dll...
Scanning Module:c:\Program Files\Norton AntiVirus\apwcmdnt.dll...
Scanning Module:c:\Program Files\Norton Personal Firewall\NisEmail.dll...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL...
Scanning Module:C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\LiveReg\IRALSCL2.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll...

#:33 [agrsmmsg.exe]
ModuleName : C:\WINDOWS\AGRSMMSG.exe
Command Line : "C:\WINDOWS\AGRSMMSG.exe"
ProcessID : 3416
ThreadCreationTime : 9-3-2006 8:27:51 PM
BasePriority : Normal
FileVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductVersion : 2.1.51 2.1.51 03/04/2005 12:01:54
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
Scanning Module:C:\WINDOWS\AGRSMMSG.exe...

#:34 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3620
ThreadCreationTime : 9-3-2006 8:27:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\w3ssl.dll...
Scanning Module:C:\WINDOWS\System32\strmfilt.dll...

#:35 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 3900
ThreadCreationTime : 9-3-2006 8:27:56 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
Scanning Module:C:\WINDOWS\ALCXMNTR.EXE...
Scanning Module:C:\WINDOWS\system32\DSOUND.dll...
Scanning Module:C:\WINDOWS\system32\KsUser.dll...

#:36 [issch.exe]
ModuleName : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Command Line : "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ProcessID : 1068
ThreadCreationTime : 9-3-2006 8:27:59 PM
BasePriority : Normal
FileVersion : 3, 00, 100, 1161
ProductVersion : 3, 00
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
Scanning Module:C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe...

#:37 [verizo~1.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
Command Line : "C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE"
ProcessID : 1416
ThreadCreationTime : 9-3-2006 8:27:59 PM
BasePriority : Normal
FileVersion : 1.2.0.32
ProductVersion : 1.2.0.32
ProductName : Verizon Online Support
CompanyName : Verizon Internet Solutions
FileDescription : VerizonAppManager
InternalName : VerizonAppManager
LegalCopyright : Copyright © 2004 Verizon All Rights Reserved
OriginalFilename : VerizonAppManager.exe
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzFeaturePlugInMgr.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzPlugInMgr.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzUIEngineMgr.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzAccountMgrPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzPropertyBag.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzServices.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzAppMgrPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzOpenUIClient.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzCmiPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzConnectionAPI.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\vzHttp.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzDefaultAppMgrClientPlugIn.vzp...
Scanning Module:C:\WINDOWS\system32\RICHED20.DLL...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzDurbanAppMgrClientPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzEmailMgrPlugIn.vzp...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzFrameworkPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzHSTPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzMotiveProfileCheckerPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzPreferenceMgr.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzProfilePlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzSchedulerPlugIn.vzp...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\PlugIns\vzSFPPlugin.vzp...
Scanning Module:C:\WINDOWS\system32\shdoclc.dll...
Scanning Module:C:\WINDOWS\system32\mshtml.dll...
Scanning Module:C:\WINDOWS\system32\msls31.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\SFP\vzSFP.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\SFP\vzSFPMsgs.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\SFP\vzInventory.dll...
Scanning Module:C:\WINDOWS\system32\snmpapi.dll...
Scanning Module:C:\Program Files\Verizon Online\Help Support\MotivePreQual.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\SFP\vzInstall.dll...
Scanning Module:C:\WINDOWS\system32\msimtf.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\UIEngines\vzOpenUIEngine.uie...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\UIEngines\vzSysTrayUIEngine.uie...
Scanning Module:C:\WINDOWS\system32\jscript.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIAx.dll...
Scanning Module:C:\Program Files\Verizon Online\Help Support\vzVerizonSupportController.dll...
Scanning Module:C:\Program Files\Common Files\Motive\snmpaxctrl.dll...
Scanning Module:C:\Program Files\Common Files\Motive\ReportReader.dll...
Scanning Module:C:\Program Files\Common Files\Motive\BJInstaller.dll...

#:38 [motivesb.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe"
ProcessID : 1576
ThreadCreationTime : 9-3-2006 8:28:01 PM
BasePriority : Normal
FileVersion : 5.6.11.asst_classic.smartbridge.0
ProductVersion : 5.6.11.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\httpclient52.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\clientutil52.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\SBRes.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\psapi.dll...
Scanning Module:C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\alertfilter.dll...

#:39 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2172
ThreadCreationTime : 9-3-2006 8:28:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Scanning Module:C:\WINDOWS\system32\ctfmon.exe...

#:40 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
ProcessID : 2072
ThreadCreationTime : 9-3-2006 8:28:16 PM
BasePriority : Normal
FileVersion : 6.0.1.2003102300
ProductVersion : 6.0.1.2003102300
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe...

#:41 [updates from hp.exe]
ModuleName : C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
Command Line : "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" -startup
ProcessID : 3116
ThreadCreationTime : 9-3-2006 8:28:22 PM
BasePriority : Normal
FileVersion : 6,3, 2, 1
ProductVersion : 6,3,2, 1
CompanyName : Hewlett-Packard
LegalCopyright : Copyright © 2004
Comments : Hewlett-Packard
Scanning Module:C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe...
Scanning Module:C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\BackWeb.dll...
Scanning Module:C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwsec.dll...
Scanning Module:C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll...
Scanning Module:C:\PROGRA~1\BackWeb\BACKWE~1\632~1.62\program\EN\ClientRC.dll...
Scanning Module:C:\WINDOWS\system32\feclient.dll...
Scanning Module:C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll...
Scanning Module:C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\BWfiles.dll...
Scanning Module:C:\WINDOWS\system32\inetmib1.dll...
Scanning Module:C:\Program Files\Updates from HP\309731\Program\frext-309731.dll...
Scanning Module:C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\frext.dll...
Scanning Module:C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll...

#:42 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe"
ProcessID : 3272
ThreadCreationTime : 9-3-2006 8:28:23 PM
BasePriority : Normal
FileVersion : 8.04.0623.0
ProductVersion : 8.04.0623.0
ProductName : Microsoft® Works 8
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : WKCALREM.EXE
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\Works Shared\MSVCR71.dll...

#:43 [cmisrv.exe]
ModuleName : C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
Command Line : "C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe" -Embedding
ProcessID : 3412
ThreadCreationTime : 9-3-2006 8:28:26 PM
BasePriority : Normal
FileVersion : 2.0.2.12
ProductVersion : 2.0.2.12
ProductName : Verizon Online DSL Connection Manager Interface
CompanyName : Verizon Internet Solutions
FileDescription : Connection Manager
InternalName : cmisrv
LegalCopyright : ©. 2003-2004. Verizon. All Rights Reserved.
OriginalFilename : cmisrv.exe
Scanning Module:C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe...
Scanning Module:C:\Program Files\Common Files\Verizon Online\ConnMgr\DdmDll.dll...
Scanning Module:C:\Program Files\Common Files\Verizon Online\ConnMgr\Dialup.dll...
Scanning Module:C:\WINDOWS\system32\FinePointLib\DetectAc.dll...
Scanning Module:C:\WINDOWS\system32\FinePointLib\WrSetupUtils.dll...

#:44 [vzopenuiserver.exe]
ModuleName : C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
Command Line : "C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe" -Embedding
ProcessID : 3344
ThreadCreationTime : 9-3-2006 8:29:00 PM
BasePriority : Normal
FileVersion : 3.1.1.7
ProductVersion : 3.1.1.7
ProductName : Verizon Online Desktop Application Manager
CompanyName : Verizon Internet Solutions
FileDescription : vzOpenUIServer
InternalName : vzOpenUIServer
LegalCopyright : Copyright © 2004 Verizon. All Rights Reserved
OriginalFilename : vzOpenUIServer.exe
Scanning Module:C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe...

#:45 [motivebrowser.exe]
ModuleName : C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
Command Line : "C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe" -Embedding
ProcessID : 3532
ThreadCreationTime : 9-3-2006 8:29:04 PM
BasePriority : Normal
FileVersion : 2.0.1.14
ProductVersion : 2.0.1.14
ProductName : Verizon Online -- Motive Browser Container
CompanyName : Verizon Internet Solutions
FileDescription : Verizon Online MCCWrapper Container
InternalName : MotveBrowser.exe
LegalCopyright : ©. 2003-2004. Verizon. All Rights Reserved.
OriginalFilename : MotveBrowser.exe
Scanning Module:C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe...
Scanning Module:C:\Program Files\Common Files\Motive\MCCWrapper_DSR.dll...
Scanning Module:C:\PROGRA~1\COMMON~1\Motive\ACTIVE~1.DLL...

#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4036
ThreadCreationTime : 9-3-2006 8:30:01 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\mydocs.dll...
Scanning Module:C:\Program Files\smartftp\smarthook.dll...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}

Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}
Value : AppID

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 41


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18898424-e3ab-4ba9-8e8d-5434b1ceca75}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@clickbank[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clickbank[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 45



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 45




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45

4:54:28 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:18.62
Objects scanned:225050
Objects identified:6
Objects ignored:0
New critical objects:6

Reanalyzing scan result
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
No objects have been removed from the result list.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users