I have run Adaware, Spybot, , Vundofix, AVG and HiJackThis. Since running these i have not had a popup appear but there is still a icon in system tray that directs me toohttp://www.spylocked.com/download.ph ... ukvanev3h7 My computer still runs slow and shows constant high cpu usage I have a dell inspiron 4150 laptop w/windows xp also cant log in as different users or even create a new account. I appreciate any help cuz its on its last legs. i DONT HAVE ALOT OF IMPORTANT INFO ON IT AND WOULD LIKE TO RESTORE IT TO AS BASIC AS POSSIBLE ONLY SAVING A FEW FILESj
esident continually popping up wanting registry changes which i have kept denying.
Please help me make sure my computer is free of all problems - my logs are below.
Logfile of HijackThis v1.99.1
Scan saved at 06:00, on 07-04-10
r
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hewlett-Packard\Smart Desktop\Agent\hpmwinagt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Hewlett-Packard\Smart Desktop\Agent\hpmagtstatus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JA\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BB87436-42F6-4859-95E3-74AB9BDB2BDf} - C:\WINDOWS\system32\dbuyphfc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53A6AE0F-6F0D-4681-8178-EEB2769F8C88} - C:\WINDOWS\system32\tiabqexo.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {733FD72F-103E-4B9E-BCB9-A76064AF3C72} - (no file)
O2 - BHO: (no name) - {7AD2775F-3C61-445B-9D84-AD41EE6E0DB2} - C:\WINDOWS\system32\tiabqexo.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {CB37DA00-E8E4-4BBC-B529-19F999D0A613} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PassLocker] C:\Program Files\PassLocker\PassLocker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [hpmagtstatus] C:\Program Files\Hewlett-Packard\Smart Desktop\Agent\hpmagtstatus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPDesktopSecu ... anager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7221811385
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: awttt - C:\WINDOWS\system32\awttt.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Smart Desktop Monitor (hpmwinagt) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\Smart Desktop\Agent\hpmwinagt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Unknown owner - C:\Program Files\nmsrvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 08:41 07-04-10
+ Scan result:
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP146\A0047183.dll -> Downloader.Agent.bkd : No action taken.
C:\WINDOWS\system32\__delete_on_reboot__q_z_v_i_z_._d_l_l_ -> Downloader.Agent.bkd : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043634.dll -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043761.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043768.dll -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043770.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043793.dll -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043794.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043802.dll -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043804.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043813.dll -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043815.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043816.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043817.exe -> Downloader.Zlob.bov : No action taken.
C:\System Volume Information\_restore{4C5EB718-99AA-4365-8376-A4076339E3A1}\RP143\A0043823.dll -> Downloader.Zlob.bov : No action taken.
C:\RECYCLER\S-1-5-21-1935655697-854245398-18277411-1009\Dc113\giFT\giFT.dll -> Not-A-Virus.PornTool.Win32.Porn2Peer.a : No action taken.
C:\RECYCLER\S-1-5-21-1935655697-854245398-18277411-1009\Dc113\giFT\giFTl.exe -> Not-A-Virus.PornTool.Win32.Porn2Peer.a : No action taken.
C:\RECYCLER\S-1-5-21-1935655697-854245398-18277411-1009\Dc113\simplevlc.dll -> Not-A-Virus.PornTool.Win32.Porn2Peer.a : No action taken.
C:\WINDOWS\system32\unsvchosts.exe -> Trojan.Small.mf : No action taken.
::Report end
Ad-Aware SE Build 1.06r1
Logfile Created on:07-04-10 06:38:00
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R164 02.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.BHO(generic)(TAC index:3):1 total references
MRU List(TAC index:0):15 total references
RXToolbar(TAC index:6):3 total references
Tracking Cookie(TAC index:3):24 total references
Win32.Trojandownloader.Zlob(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R164 02.04.2007
Internal build : 204
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 1094365 Bytes
Total size : 3572665 Bytes
Signature data size : 3531968 Bytes
Reference data size : 40185 Bytes
Signatures total : 93663
CSI Fingerprints total : 6688
CSI data size : 333851 Bytes
Target categories : 15
Target families : 1085
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:49 %
Total physical memory:785848 kb
Available physical memory:379236 kb
Total page file size:1923200 kb
Available on page file:1443172 kb
Total virtual memory:2097024 kb
Available virtual memory:2031460 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Show detail tooltips in results lists
Set : Play sound at scan completion if scan locates critical objects
07-04-10 06:38:00 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\JA\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1935655697-854245398-18277411-1009\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 464
ThreadCreationTime : 07-04-10 09:46:29
BasePriority : Normal
Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 512
ThreadCreationTime : 07-04-10 09:46:39
BasePriority : Normal
Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 07-04-10 09:46:49
BasePriority : High
Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\msctfime.ime...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\Ati2evxx.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\WgaLogon.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\system32\ACTIVEDS.dll...
Scanning Module:C:\WINDOWS\system32\adsldpc.dll...
Scanning Module:C:\WINDOWS\system32\ATL.DLL...
Scanning Module:C:\WINDOWS\system32\rtutils.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\NavLogon.dll...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 07-04-10 09:46:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcAdProc.dll...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 07-04-10 09:46:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 07-04-10 09:46:58
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
Scanning Module:C:\WINDOWS\system32\Ati2evxx.exe...
Scanning Module:C:\WINDOWS\system32\Ati2edxx.dll...
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 828
ThreadCreationTime : 07-04-10 09:47:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:C:\WINDOWS\system32\rdpwsx.dll...
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 07-04-10 09:47:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 07-04-10 09:47:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\system32\Normaliz.dll...
Scanning Module:C:\WINDOWS\system32\iertutil.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:C:\WINDOWS\system32\upnp.dll...
Scanning Module:C:\WINDOWS\system32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\System32\msi.dll...
Scanning Module:C:\WINDOWS\system32\netcfgx.dll...
Scanning Module:C:\WINDOWS\system32\CLUSAPI.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:C:\WINDOWS\System32\Sens.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:C:\WINDOWS\system32\es.dll...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\unimdmat.dll...
Scanning Module:C:\WINDOWS\system32\modemui.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\system32\msxml3.dll...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll...
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 07-04-10 09:47:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 07-04-10 09:47:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\upnphost.dll...
#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1472
ThreadCreationTime : 07-04-10 09:47:34
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccL40.dll...
Scanning Module:C:\WINDOWS\system32\DBGHELP.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll...
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1532
ThreadCreationTime : 07-04-10 09:47:45
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSet.dll...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...
Scanning Module:C:\PROGRA~1\SYMANT~1\SYMANT~1\LOGFWDER.DLL...
Scanning Module:C:\WINDOWS\system32\SymNeti.DLL...
Scanning Module:C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll...
Scanning Module:C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll...
Scanning Module:C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL...
Scanning Module:c:\program files\common files\symantec shared\ssc\ScsComms.dll...
Scanning Module:C:\WINDOWS\system32\nts.dll...
Scanning Module:C:\WINDOWS\system32\cba.dll...
Scanning Module:C:\WINDOWS\system32\MsgSys.dll...
Scanning Module:C:\WINDOWS\system32\PDS.DLL...
#:14 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1616
ThreadCreationTime : 07-04-10 09:47:50
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccProxy.exe...
Scanning Module:C:\WINDOWS\system32\SYMREDIR.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\rcProxy.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\DPHTML.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\DPJS.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\DPVBS.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PFMisc.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PFPriv.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PFSec.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\PxyIM.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccProSub.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccLogin.dll...
#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1744
ThreadCreationTime : 07-04-10 09:47:53
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\mdimon.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...
#:16 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1784
ThreadCreationTime : 07-04-10 09:47:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe
Scanning Module:C:\WINDOWS\System32\SCardSvr.exe...
#:17 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1968
ThreadCreationTime : 07-04-10 09:48:06
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe
Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe...
Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll...
#:18 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2044
ThreadCreationTime : 07-04-10 09:48:08
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129.01
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
Scanning Module:C:\WINDOWS\system32\Msctf.dll...
Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll...
#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 128
ThreadCreationTime : 07-04-10 09:48:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Scanning Module:C:\WINDOWS\system32\ctfmon.exe...
Scanning Module:C:\WINDOWS\system32\MSUTB.dll...
#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 260
ThreadCreationTime : 07-04-10 09:48:12
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\system32\themeui.dll...
Scanning Module:C:\WINDOWS\system32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\system32\qzviz.dll...
Scanning Module:C:\WINDOWS\system32\ieframe.dll...
Scanning Module:C:\WINDOWS\system32\webcheck.dll...
Scanning Module:C:\WINDOWS\system32\stobject.dll...
Scanning Module:C:\WINDOWS\system32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\WPDShServiceObj.dll...
Scanning Module:C:\WINDOWS\system32\mydocs.dll...
Scanning Module:C:\WINDOWS\system32\MLANG.dll...
Scanning Module:C:\WINDOWS\system32\PortableDeviceTypes.dll...
Scanning Module:C:\WINDOWS\system32\PortableDeviceApi.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll...
Scanning Module:C:\Program Files\WinAce\arcext.dll...
Scanning Module:C:\Program Files\WinAce\acev2.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll...
Scanning Module:C:\WINDOWS\system32\syncui.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll...
Scanning Module:C:\Program Files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\attext.dll...
Scanning Module:C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll...
Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll...
Scanning Module:C:\WINDOWS\system32\browselc.dll...
Scanning Module:C:\WINDOWS\system32\tiabqexo.dll...
Adware.BHO(generic) Object Recognized!
Type : Process
Data : tiabqexo.dll
TAC Rating : 3
Category : Adware
Comment : baxpnsnw.dll.dmp
Object : C:\WINDOWS\system32\
Warning! Adware.BHO(generic) Object found in memory(C:\WINDOWS\system32\tiabqexo.dll)
Scanning Module:C:\WINDOWS\system32\shdoclc.dll...
Scanning Module:C:\WINDOWS\system32\DUSER.dll...
Scanning Module:C:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL...
#:21 [cfgwzsvc.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec Client Firewall\
ProcessID : 380
ThreadCreationTime : 07-04-10 09:48:24
BasePriority : Normal
FileVersion : 8.7.0.58
ProductVersion : 8.7
ProductName : Internet Security
CompanyName : Symantec Corporation
FileDescription : Configuration Wizard Service
InternalName : CfgWzSvc
LegalCopyright : Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : CfgWzSvc.exe
Scanning Module:C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe...
#:22 [defwatch.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec AntiVirus\
ProcessID : 412
ThreadCreationTime : 07-04-10 09:48:26
BasePriority : Normal
FileVersion : 10.1.0.394
ProductVersion : 10.1.0.394
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2006 Symantec Corporation. All rights rese