OK, thanks for those explicit directions! I followed carefully, and things look a little better so far.
The only thing that still seems off is the NAV 2005 message "Can't perform repair function, reinstall" I did that using the Dell utility, but it persists.
Thanks so very much!
(p.s. anyone know how to rescusitate a dead IPod over there?)
Here are the logs:
[b]ActiveScan:[/b]
Incident Status Location
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2a79b1dc-6034b767.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-4d96b404-718fcc47.zip[Dummy.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-63d4ed8c.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-63d4ed8c.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-63d4ed8c.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba449-63d4ed8c.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv782.jar-3e435458-57a8afb1.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Edward.D222DT71\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv782.jar-3e435458-57a8afb1.zip[Dummy.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Edward.D222DT71\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Edward.D222DT71\Desktop\smitRem.exe[Process.exe]
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Edward.D222DT71\Desktop\wdcevf
Possible Virus. Not disinfected C:\Program Files\@Last Software\SketchUp 5\BugSplat.dll
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\per.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\upd707.exe
[b]AboutBuster[/b]
AboutBuster 6.0
Scan started on [1/3/2006] at [1:12:35 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\KB883939.log:uwrcmu
Removed Stream! C:\WINDOWS\KB885855.log:mpkhoe
Removed Stream! C:\WINDOWS\KB887472.log:fpuvip
Removed Stream! C:\WINDOWS\KB901017.log:qzkfq
Removed Stream! C:\WINDOWS\msgsocm.log:kqlem
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:mlbtl
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:eyovwz
Removed Stream! C:\WINDOWS\SchedLgU.Txt:ymknzn
Removed Stream! C:\WINDOWS\setupact.del:ddtusd
Removed Stream! C:\WINDOWS\setupact.log:jmcsty
Removed Stream! C:\WINDOWS\setupapi.log:velamn
Removed Stream! C:\WINDOWS\smscfg.ini:fzoglf
Removed Stream! C:\WINDOWS\vb.ini:qarrha
Removed Stream! C:\WINDOWS\winnt256.bmp:tcvpyx
Removed Stream! C:\WINDOWS\_default.pif:hfhsyh
-------------------------------------------------------------
Removed File! : C:\WINDOWS\cncww.dll
Removed File! : C:\WINDOWS\rzomj.txt
Removed File! : C:\WINDOWS\wdcam.dll
Removed File! : C:\WINDOWS\system32\bwtxy.dat
Removed File! : C:\WINDOWS\system32\fcgoy.dat
Removed File! : C:\WINDOWS\system32\fupzh.txt
Removed File! : C:\WINDOWS\system32\kywvi.txt
Removed File! : C:\WINDOWS\system32\nsstz.txt
Removed File! : C:\WINDOWS\system32\nxglf.txt
Removed File! : C:\WINDOWS\system32\uamgl.txt
Removed File! : C:\WINDOWS\system32\veaiq.log
Removed File! : C:\WINDOWS\system32\zxldm.log
Removed File! : C:\WINDOWS\warnhp.html
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:15:41 PM
[b]HJT[/b]
Logfile of HijackThis v1.99.1
Scan saved at 1:06:31 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpDE5.tmp (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Graves Mouse\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run358.exe dummy
O4 - HKLM\..\Run: [48.tmp] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\48.tmp.exe
O4 - HKLM\..\Run: [48.tmp.exe] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\48.tmp.exe
O4 - HKLM\..\Run: [2E.tmp] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\2E.tmp.exe
O4 - HKLM\..\Run: [2F.tmp] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\2F.tmp.exe
O4 - HKLM\..\Run: [2E.tmp.exe] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\2E.tmp.exe
O4 - HKLM\..\Run: [2F.tmp.exe] C:\DOCUME~1\EDWARD~1.D22\LOCALS~1\Temp\2F.tmp.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntev.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
[b]Is this the SmitFile? I renamed it I think[/b]
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, January 03, 2006 2:18:54 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R85 04.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):12 total references
Malware.SpyAxe(TAC index:4):6 total references
MRU List(TAC index:0):23 total references
SearchClick(TAC index:10):1 total references
Tracking Cookie(TAC index:3):2 total references
WinFixer(TAC index:3):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R84 28.12.2005
Internal build : 96
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 572788 Bytes
Total size : 1722466 Bytes
Signature data size : 1688043 Bytes
Reference data size : 33911 Bytes
Signatures total : 47840
CSI Fingerprints total : 1280
CSI data size : 37161 Bytes
Target categories : 15
Target families : 808
1-3-2006 2:12:36 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R85 04.01.2006
Internal build : 97
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 576531 Bytes
Total size : 1734492 Bytes
Signature data size : 1699958 Bytes
Reference data size : 34022 Bytes
Signatures total : 48158
CSI Fingerprints total : 1298
CSI data size : 37770 Bytes
Target categories : 15
Target families : 813
1-3-2006 2:13:05 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:28 %
Total physical memory:253308 kb
Available physical memory:70412 kb
Total page file size:618752 kb
Available on page file:351784 kb
Total virtual memory:2097024 kb
Available virtual memory:2041768 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-3-2006 2:18:54 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 444
ThreadCreationTime : 1-3-2006 8:08:50 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 800
ThreadCreationTime : 1-3-2006 8:08:52 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 824
ThreadCreationTime : 1-3-2006 8:08:53 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 868
ThreadCreationTime : 1-3-2006 8:08:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 880
ThreadCreationTime : 1-3-2006 8:08:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1044
ThreadCreationTime : 1-3-2006 8:08:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1124
ThreadCreationTime : 1-3-2006 8:08:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1188
ThreadCreationTime : 1-3-2006 8:08:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1332
ThreadCreationTime : 1-3-2006 8:08:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1372
ThreadCreationTime : 1-3-2006 8:08:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccproxy.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Command Line : n/a
ProcessID : 1620
ThreadCreationTime : 1-3-2006 8:09:03 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:12 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1636
ThreadCreationTime : 1-3-2006 8:09:04 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [issvc.exe]
ModuleName : C:\Program Files\Norton Internet Security\ISSVC.exe
Command Line : n/a
ProcessID : 1648
ThreadCreationTime : 1-3-2006 8:09:04 PM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : ISSVC.exe
#:14 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1712
ThreadCreationTime : 1-3-2006 8:09:07 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:15 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1792
ThreadCreationTime : 1-3-2006 8:09:09 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:16 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1996
ThreadCreationTime : 1-3-2006 8:09:11 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2004
ThreadCreationTime : 1-3-2006 8:09:11 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:18 [wltrysvc.exe]
ModuleName : C:\WINDOWS\System32\wltrysvc.exe
Command Line : C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe
ProcessID : 664
ThreadCreationTime : 1-3-2006 8:09:16 PM
BasePriority : Normal
#:19 [bcmwltry.exe]
ModuleName : C:\WINDOWS\System32\bcmwltry.exe
Command Line : C:\WINDOWS\System32\bcmwltry.exe
ProcessID : 676
ThreadCreationTime : 1-3-2006 8:09:17 PM
BasePriority : Normal
FileVersion : 3.100.41.0
ProductVersion : 3.100.41.0
ProductName : Dell Wireless WLAN Card Wireless Network Controller
CompanyName : Dell Inc
FileDescription : Dell Wireless WLAN Card Wireless Network Controller
InternalName : bcmwltry.exe
LegalCopyright : 1998-2004, Dell Inc All Rights Reserved.
OriginalFilename : bcmwltry.exe
#:20 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 740
ThreadCreationTime : 1-3-2006 8:09:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:21 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido anti-malware\ewidoctrl.exe
Command Line : "C:\Program Files\ewido anti-malware\ewidoctrl.exe"
ProcessID : 1424
ThreadCreationTime : 1-3-2006 8:09:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:22 [navapsvc.exe]
ModuleName : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1448
ThreadCreationTime : 1-3-2006 8:09:24 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:23 [nicconfigsvc.exe]
ModuleName : C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
Command Line : "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe"
ProcessID : 1504
ThreadCreationTime : 1-3-2006 8:09:24 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright (C) 2004 Dell Inc.
OriginalFilename : NicConfigSvc.EXE
#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 280
ThreadCreationTime : 1-3-2006 8:09:28 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:25 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2120
ThreadCreationTime : 1-3-2006 8:09:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:26 [wmiprvse.exe]
ModuleName : C:\WINDOWS\system32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
ProcessID : 2148
ThreadCreationTime : 1-3-2006 8:09:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:27 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 2232
ThreadCreationTime : 1-3-2006 8:09:56 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright (C) 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:28 [hkcmd.exe]
ModuleName : C:\WINDOWS\system32\hkcmd.exe
Command Line : "C:\WINDOWS\system32\hkcmd.exe"
ProcessID : 2280
ThreadCreationTime : 1-3-2006 8:09:59 PM
BasePriority : Normal
FileVersion : 3.0.0.4020
ProductVersion : 7.0.0.4020
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 2288
ThreadCreationTime : 1-3-2006 8:10:00 PM
BasePriority : Normal
#:30 [pcmservice.exe]
ModuleName : C:\Program Files\Dell\Media Experience\PCMService.exe
Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe"
ProcessID : 2332
ThreadCreationTime : 1-3-2006 8:10:01 PM
BasePriority : Normal
FileVersion : 1.0.1611
ProductVersion : 1.0.1611
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE
#:31 [quickset.exe]
ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe
Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe"
ProcessID : 2648
ThreadCreationTime : 1-3-2006 8:10:05 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright (C) 2001
OriginalFilename : direct.EXE
#:32 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 2672
ThreadCreationTime : 1-3-2006 8:10:05 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright (C) 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:33 [wltray.exe]
ModuleName : C:\WINDOWS\system32\WLTRAY.exe
Command Line : "C:\WINDOWS\system32\WLTRAY.exe"
ProcessID : 2752
ThreadCreationTime : 1-3-2006 8:10:06 PM
BasePriority : Normal
FileVersion : 3.100.41.0
ProductVersion : 3.100.41.0
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Inc
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : wltray.exe
LegalCopyright : 1998-2004, Dell Inc All Rights Reserved.
OriginalFilename : wltray.exe
#:34 [dvdlauncher.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ProcessID : 2824
ThreadCreationTime : 1-3-2006 8:10:07 PM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright (c) 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE
#:35 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 2988
ThreadCreationTime : 1-3-2006 8:10:10 PM
BasePriority : Normal
FileVersion : 9.00.2053
ProductVersion : 9.00.2053
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:36 [mmtask.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
ProcessID : 2996
ThreadCreationTime : 1-3-2006 8:10:11 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : (c) Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe
#:37 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 3020
ThreadCreationTime : 1-3-2006 8:10:11 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:38 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 3052
ThreadCreationTime : 1-3-2006 8:10:13 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
#:39 [issch.exe]
ModuleName : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Command Line : "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ProcessID : 3224
ThreadCreationTime : 1-3-2006 8:10:17 PM
BasePriority : Normal
FileVersion : 3, 10, 100, 1155
ProductVersion : 3, 10
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright (C) 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
#:40 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 3264
ThreadCreationTime : 1-3-2006 8:10:18 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:41 [mouse32a.exe]
ModuleName : C:\Program Files\Graves Mouse\mouse32a.exe
Command Line : "C:\Program Files\Graves Mouse\mouse32a.exe"
ProcessID : 3296
ThreadCreationTime : 1-3-2006 8:10:20 PM
BasePriority : Normal
FileVersion : 3.0.2.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.
#:42 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 3432
ThreadCreationTime : 1-3-2006 8:10:23 PM
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:43 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 3480
ThreadCreationTime : 1-3-2006 8:10:25 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:44 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3572
ThreadCreationTime : 1-3-2006 8:10:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:45 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3644
ThreadCreationTime : 1-3-2006 8:10:30 PM
BasePriority : Normal
FileVersion : 4.9.0.17
ProductVersion : 4.9.0.17
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:46 [dsagnt.exe]
ModuleName : C:\Program Files\Dell Support\DSAgnt.exe
Command Line : "C:\Program Files\Dell Support\DSAgnt.exe" /startup
ProcessID : 3736
ThreadCreationTime : 1-3-2006 8:10:33 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright (C) 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe
#:47 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3864
ThreadCreationTime : 1-3-2006 8:10:39 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:48 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 3872
ThreadCreationTime : 1-3-2006 8:10:39 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe
#:49 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\msiexec.exe
Command Line : C:\WINDOWS\system32\msiexec.exe /V
ProcessID : 2924
ThreadCreationTime : 1-3-2006 8:11:24 PM
BasePriority : Normal
#:50 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 232
ThreadCreationTime : 1-3-2006 8:18:25 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4d05a335-1a1c-46b3-bcff-7f25b326895c}
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c0a3779c-3345-4150-bd63-c399eb32661e}
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{27967fbc-694b-41a6-8cce-30e59292350e}
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{328ba26a-1619-47ee-a37d-7d7a6ab1b000}
WinFixer Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{328ba26a-1619-47ee-a37d-7d7a6ab1b000}
Value : AppID
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{4d05a335-1a1c-46b3-bcff-7f25b326895c}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\internet explorer\main
Value : HOMEOldSP
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
MRU List Object Recognized!
Location: : C:\Documents and Settings\Edward.D222DT71\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Edward.D222DT71\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio
MRU List Object Recognized!
Location: : S-1-5-21-2159301612-2692750725-795081975-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jessie@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jessie\Cookies\jessie@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jessie@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jessie\Cookies\jessie@live365[1].txt
Malware.SpyAxe Object Recognized!
Type : File
Data : A0014015.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
WinFixer Object Recognized!
Type : File
Data : A0014037.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\
FileVersion : 1.1.42.0
ProductVersion : 1.1.42.0
CompanyName : WinSoftware
FileDescription : WinSoftware Updater
InternalName : Updater
LegalCopyright : (c) 2004, 2005 WinSoftware, Ltd. All rights reserved.
WinFixer Object Recognized!
Type : File
Data : A0014045.dll
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\
FileVersion : 1.0.4.0
ProductVersion : 1.0.4.0
ProductName : Products Checker
CompanyName : WinSoftware, Ltd.
FileDescription : Products Checker
InternalName : PCheck.dll
LegalCopyright : 2005 (c) WinSoftware, Ltd. All rights reserved.
OriginalFilename : PCheck.dll
WinFixer Object Recognized!
Type : File
Data : A0014046.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
SearchClick Object Recognized!
Type : File
Data : A0014243.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP48\
Malware.SpyAxe Object Recognized!
Type : File
Data : A0014285.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP49\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
Malware.SpyAxe Object Recognized!
Type : File
Data : A0014346.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP50\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
Malware.SpyAxe Object Recognized!
Type : File
Data : A0015400.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP50\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
Malware.SpyAxe Object Recognized!
Type : File
Data : A0015463.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP52\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
CoolWebSearch Object Recognized!
Type : File
Data : A0016523.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP52\
CoolWebSearch Object Recognized!
Type : File
Data : A0016524.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP52\
Malware.SpyAxe Object Recognized!
Type : File
Data : A0016525.exe
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP52\
FileVersion : 3.0.0.0
ProductName : SpyAxe 3.0
CompanyName : SpyAxe
FileDescription : SpyAxe Software Installer
LegalCopyright : 2004, All rights reserverd (c) SpyAxe.
OriginalFilename : SpyAxe_Setup.exe
Comments : Anti-Spyware Software
WinFixer Object Recognized!
Type : File
Data : WFF.sys
TAC Rating : 3
Category : Misc
Comment :
Object : C:\WINDOWS\system32\drivers\
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
CompanyName : WinSoftware Ltd
FileDescription : File Creation Filter Driver
LegalCopyright : Copyright (C) WinSoftware Ltd 2005
OriginalFilename : wff.sys
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vapfm.creationnoti