tvalenti Posted December 3, 2006 Share Posted December 3, 2006 Hey AVG spyware found an adware program in error doctor, and i tried to uninstall the program to no avail. I rebooted in safe mode and deleted it in program files as well as the start menu. Gone right? no.. ever since ive had weird exe files being made in my temp folder not allowing me to save any programs through firefox, and whatever this is, is creating random exe files and making it look as though those are the files im trying to save. With it, i receive the error "c:/....[file] couldn't be saved because i cannot change the contents of the folder. Every time i try to save something it creates a new bogus exe file as to make it look like that the file im trying to save. I usually have a VERY clean computer, but now whatever this is is screwing it up... please help me get my computer back Link to comment Share on other sites More sharing options...
Jeremy Posted December 3, 2006 Share Posted December 3, 2006 As usual, HijackThis log....Ad-Aware SESpybotCWShredderKaspersky or NOD32 (anti-virus)Try Unlocker if files refuse to be modified/moved/deleted.Use CCleaner to clean out temp/cache.Use FileMon when you have Firefox open to see which files are trying to access others.If the file(s) persist after this (unlikely), boot to a CD and delete them. Link to comment Share on other sites More sharing options...
tvalenti Posted December 3, 2006 Author Share Posted December 3, 2006 Heres my hijack this log, more to comeLogfile of HijackThis v1.99.1Scan saved at 10:05:28 PM, on 12/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\System32\alg.exeC:\Program Files\LClock\LClock.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Comodo\Firewall\cpf.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://inside.dean.edu/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dllO3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dllO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Internet\NetTransport\NTAddList.htmlO8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htmO8 - Extra context menu item: Download by Net Transport - C:\Program Files\Internet\NetTransport\NTAddLink.htmlO8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CABO16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cabO16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...902/mcfscan.cabO18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Link to comment Share on other sites More sharing options...
Jeremy Posted December 3, 2006 Share Posted December 3, 2006 The only things there that look suspicious are the Internet Download Accelerator and the SysEnforce.Do full system scans with Ad-Aware, Spybot and Kaspersky next. Link to comment Share on other sites More sharing options...
tvalenti Posted December 3, 2006 Author Share Posted December 3, 2006 Ad-Aware Full Scan.. More to comeAd-Aware SE Settings===========================Set : Search for negligible risk entriesSet : Search for low-risk threatsSet : Safe mode (always request confirmation)Set : Scan active processesSet : Scan registrySet : Deep-scan registrySet : Scan my IE Favorites for banned URLsSet : Scan within archivesSet : Scan my Hosts fileExtended Ad-Aware SE Settings===========================Set : Unload recognized processes & modules during scanSet : Obtain command line of scanned processesSet : Run scan as background process (Low CPU usage)Set : Ignore spanned files when scanning cab archivesSet : Scan registry for all users instead of current user onlySet : Automatically check all objects in results listsSet : Always try to unload modules before deletionSet : During removal, unload Explorer and IE if necessarySet : Let Windows remove files in use at next rebootSet : Delete quarantined objects after restoringSet : Block pop-ups aggressivelySet : Automatically select problematic objects in results listsSet : Reanalyze results after scanning before displaying results listsSet : Include basic Ad-Aware settings in log fileSet : Include additional Ad-Aware settings in log fileSet : Include reference summary in log fileSet : Create log file for removal operationsSet : Include module list in log fileSet : Include alternate data stream details in log fileSet : Limit drive selection to fixed drivesSet : Use gridlines in results listsSet : Show detail tooltips in results listsSet : Suppress WebUpdate confirmation dialogs12-2-2006 10:08:23 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1614895754-1788223648-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1614895754-1788223648-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1614895754-1788223648-839522115-500\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | runListing running processes»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»#:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 764 ThreadCreationTime : 12-3-2006 1:07:08 AM BasePriority : Normal Scanning Module:\SystemRoot\System32\smss.exe... Scanning Module:C:\WINDOWS\system32\ntdll.dll...#:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 836 ThreadCreationTime : 12-3-2006 1:07:10 AM BasePriority : Normal Scanning Module:\??\C:\WINDOWS\system32\csrss.exe... Scanning Module:C:\WINDOWS\system32\CSRSRV.dll... Scanning Module:C:\WINDOWS\system32\basesrv.dll... Scanning Module:C:\WINDOWS\system32\winsrv.dll... Scanning Module:C:\WINDOWS\system32\GDI32.dll... Scanning Module:C:\WINDOWS\system32\KERNEL32.dll... Scanning Module:C:\WINDOWS\system32\USER32.dll... Scanning Module:C:\WINDOWS\system32\sxs.dll... Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll... Scanning Module:C:\WINDOWS\system32\RPCRT4.dll... Scanning Module:C:\WINDOWS\system32\Apphelp.dll... Scanning Module:C:\WINDOWS\system32\VERSION.dll...#:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 864 ThreadCreationTime : 12-3-2006 1:07:13 AM BasePriority : High Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe... Scanning Module:C:\WINDOWS\system32\AUTHZ.dll... Scanning Module:C:\WINDOWS\system32\msvcrt.dll... Scanning Module:C:\WINDOWS\system32\CRYPT32.dll... Scanning Module:C:\WINDOWS\system32\MSASN1.dll... Scanning Module:C:\WINDOWS\system32\NDdeApi.dll... Scanning Module:C:\WINDOWS\system32\PROFMAP.dll... Scanning Module:C:\WINDOWS\system32\NETAPI32.dll... Scanning Module:C:\WINDOWS\system32\USERENV.dll... Scanning Module:C:\WINDOWS\system32\PSAPI.DLL... Scanning Module:C:\WINDOWS\system32\REGAPI.dll... Scanning Module:C:\WINDOWS\system32\Secur32.dll... Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll... Scanning Module:C:\WINDOWS\system32\WINSTA.dll... Scanning Module:C:\WINDOWS\system32\WINTRUST.dll... Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll... Scanning Module:C:\WINDOWS\system32\WS2_32.dll... Scanning Module:C:\WINDOWS\system32\WS2HELP.dll... Scanning Module:C:\WINDOWS\system32\IMM32.DLL... Scanning Module:C:\WINDOWS\system32\MSGINA.dll... Scanning Module:C:\WINDOWS\system32\SHELL32.dll... Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll... Scanning Module:C:\WINDOWS\system32\COMCTL32.dll... Scanning Module:C:\WINDOWS\system32\ODBC32.dll... Scanning Module:C:\WINDOWS\system32\comdlg32.dll... Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll... Scanning Module:C:\WINDOWS\system32\odbcint.dll... Scanning Module:C:\WINDOWS\system32\SHSVCS.dll... Scanning Module:C:\WINDOWS\system32\sfc.dll... Scanning Module:C:\WINDOWS\system32\sfc_os.dll... Scanning Module:C:\WINDOWS\system32\ole32.dll... Scanning Module:C:\WINDOWS\system32\msctfime.ime... Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL... Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll... Scanning Module:C:\WINDOWS\system32\uxtheme.dll... Scanning Module:C:\WINDOWS\system32\WINMM.dll... Scanning Module:C:\WINDOWS\system32\Ati2evxx.dll... Scanning Module:C:\WINDOWS\system32\rsaenh.dll... Scanning Module:C:\WINDOWS\system32\cscdll.dll... Scanning Module:C:\WINDOWS\system32\WlNotify.dll... Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV... Scanning Module:C:\WINDOWS\system32\MPR.dll... Scanning Module:C:\WINDOWS\system32\WgaLogon.dll... Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll... Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL... Scanning Module:C:\WINDOWS\system32\WLDAP32.dll... Scanning Module:C:\WINDOWS\system32\SAMLIB.dll... Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL... Scanning Module:C:\WINDOWS\system32\COMRes.dll... Scanning Module:C:\WINDOWS\system32\cscui.dll... Scanning Module:C:\WINDOWS\system32\MPRAPI.dll... Scanning Module:C:\WINDOWS\system32\ACTIVEDS.dll... Scanning Module:C:\WINDOWS\system32\adsldpc.dll... Scanning Module:C:\WINDOWS\system32\ATL.DLL... Scanning Module:C:\WINDOWS\system32\rtutils.dll... Scanning Module:C:\WINDOWS\system32\xpsp2res.dll... Scanning Module:C:\WINDOWS\system32\msv1_0.dll... Scanning Module:C:\WINDOWS\system32\iphlpapi.dll... Scanning Module:C:\WINDOWS\system32\wdmaud.drv... Scanning Module:C:\WINDOWS\system32\msacm32.drv... Scanning Module:C:\WINDOWS\system32\MSACM32.dll... Scanning Module:C:\WINDOWS\system32\midimap.dll... Scanning Module:C:\WINDOWS\system32\wbem\wbemprox.dll... Scanning Module:C:\WINDOWS\system32\wbem\wbemcomn.dll... Scanning Module:C:\WINDOWS\system32\wbem\wbemsvc.dll... Scanning Module:C:\WINDOWS\system32\wbem\fastprox.dll... Scanning Module:C:\WINDOWS\system32\MSVCP60.dll... Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll... Scanning Module:C:\WINDOWS\system32\DNSAPI.dll... Scanning Module:C:\WINDOWS\system32\Cabinet.dll...#:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 912 ThreadCreationTime : 12-3-2006 1:07:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe Scanning Module:C:\WINDOWS\system32\services.exe... Scanning Module:C:\WINDOWS\system32\SCESRV.dll... Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll... Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL... Scanning Module:C:\WINDOWS\system32\ShimEng.dll... Scanning Module:C:\WINDOWS\AppPatch\AcAdProc.dll... Scanning Module:C:\WINDOWS\system32\eventlog.dll...#:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 924 ThreadCreationTime : 12-3-2006 1:07:13 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe Scanning Module:C:\WINDOWS\system32\lsass.exe... Scanning Module:C:\WINDOWS\system32\LSASRV.dll... Scanning Module:C:\WINDOWS\system32\SAMSRV.dll... Scanning Module:C:\WINDOWS\system32\cryptdll.dll... Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL... Scanning Module:C:\WINDOWS\system32\msprivs.dll... Scanning Module:C:\WINDOWS\system32\kerberos.dll... Scanning Module:C:\WINDOWS\system32\netlogon.dll... Scanning Module:C:\WINDOWS\system32\w32time.dll... Scanning Module:C:\WINDOWS\system32\schannel.dll... Scanning Module:C:\WINDOWS\system32\wdigest.dll... Scanning Module:C:\WINDOWS\system32\scecli.dll... Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll... Scanning Module:C:\WINDOWS\system32\oakley.DLL... Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL... Scanning Module:C:\WINDOWS\system32\mswsock.dll... Scanning Module:C:\WINDOWS\system32\hnetcfg.dll... Scanning Module:C:\WINDOWS\System32\wshtcpip.dll... Scanning Module:C:\WINDOWS\system32\pstorsvc.dll... Scanning Module:C:\WINDOWS\system32\psbase.dll... Scanning Module:C:\WINDOWS\system32\dssenh.dll...#:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 1072 ThreadCreationTime : 12-3-2006 1:07:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\system32\svchost.exe... Scanning Module:c:\windows\system32\rpcss.dll... Scanning Module:c:\windows\system32\termsrv.dll... Scanning Module:c:\windows\system32\ICAAPI.dll... Scanning Module:c:\windows\system32\mstlsapi.dll...#:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 1152 ThreadCreationTime : 12-3-2006 1:07:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\System32\winrnr.dll... Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...#:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 1188 ThreadCreationTime : 12-3-2006 1:07:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dhcpcsvc.dll... Scanning Module:c:\windows\system32\wzcsvc.dll... Scanning Module:c:\windows\system32\WMI.dll... Scanning Module:c:\windows\system32\ESENT.dll... Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll... Scanning Module:C:\WINDOWS\system32\WININET.dll... Scanning Module:C:\WINDOWS\system32\Normaliz.dll... Scanning Module:C:\WINDOWS\system32\iertutil.dll... Scanning Module:C:\WINDOWS\System32\RASAPI32.dll... Scanning Module:C:\WINDOWS\System32\rasman.dll... Scanning Module:C:\WINDOWS\System32\TAPI32.dll... Scanning Module:C:\WINDOWS\System32\WZCSAPI.DLL... Scanning Module:c:\windows\system32\schedsvc.dll... Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL... Scanning Module:c:\windows\system32\audiosrv.dll... Scanning Module:c:\windows\system32\wkssvc.dll... Scanning Module:c:\windows\system32\cryptsvc.dll... Scanning Module:c:\windows\system32\certcli.dll... Scanning Module:c:\windows\system32\dmserver.dll... Scanning Module:c:\windows\system32\ersvc.dll... Scanning Module:c:\windows\system32\es.dll... Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll... Scanning Module:c:\windows\system32\srvsvc.dll... Scanning Module:c:\windows\system32\netman.dll... Scanning Module:c:\windows\system32\netshell.dll... Scanning Module:c:\windows\system32\credui.dll... Scanning Module:c:\windows\system32\seclogon.dll... Scanning Module:c:\windows\system32\sens.dll... Scanning Module:c:\windows\system32\srsvc.dll... Scanning Module:c:\windows\system32\POWRPROF.dll... Scanning Module:c:\windows\system32\trkwks.dll... Scanning Module:c:\windows\system32\wbem\wmisvc.dll... Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL... Scanning Module:c:\windows\system32\wuauserv.dll... Scanning Module:C:\WINDOWS\system32\wuaueng.dll... Scanning Module:C:\WINDOWS\System32\ADVPACK.dll... Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll... Scanning Module:C:\WINDOWS\System32\WINHTTP.dll... Scanning Module:C:\WINDOWS\System32\mspatcha.dll... Scanning Module:c:\windows\system32\browser.dll... Scanning Module:C:\WINDOWS\system32\comsvcs.dll... Scanning Module:C:\WINDOWS\system32\colbact.DLL... Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL... Scanning Module:C:\WINDOWS\system32\WSOCK32.dll... Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL... Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL... Scanning Module:c:\windows\system32\ipnathlp.dll... Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll... Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll... Scanning Module:C:\WINDOWS\system32\wbem\wmiutils.dll... Scanning Module:C:\WINDOWS\system32\wbem\repdrvfs.dll... Scanning Module:C:\WINDOWS\system32\wbem\wmiprvsd.dll... Scanning Module:C:\WINDOWS\system32\wbem\wbemess.dll... Scanning Module:C:\WINDOWS\system32\netcfgx.dll... Scanning Module:C:\WINDOWS\system32\upnp.dll... Scanning Module:C:\WINDOWS\system32\SSDPAPI.dll... Scanning Module:C:\WINDOWS\System32\rasmans.dll... Scanning Module:C:\WINDOWS\System32\msi.dll... Scanning Module:c:\windows\system32\tapisrv.dll... Scanning Module:C:\WINDOWS\System32\rastapi.dll... Scanning Module:C:\WINDOWS\System32\unimdm.tsp... Scanning Module:C:\WINDOWS\System32\uniplat.dll... Scanning Module:C:\WINDOWS\System32\unimdmat.dll... Scanning Module:C:\WINDOWS\system32\modemui.dll... Scanning Module:C:\WINDOWS\System32\kmddsp.tsp... Scanning Module:C:\WINDOWS\System32\ndptsp.tsp... Scanning Module:C:\WINDOWS\System32\ipconf.tsp... Scanning Module:C:\WINDOWS\System32\h323.tsp... Scanning Module:C:\WINDOWS\System32\hidphone.tsp... Scanning Module:C:\WINDOWS\System32\HID.DLL... Scanning Module:C:\WINDOWS\System32\rasppp.dll... Scanning Module:C:\WINDOWS\System32\ntlsapi.dll... Scanning Module:C:\WINDOWS\System32\raschap.dll... Scanning Module:C:\WINDOWS\System32\rastls.dll... Scanning Module:C:\WINDOWS\System32\RASDLG.dll... Scanning Module:C:\WINDOWS\system32\wbem\ncprov.dll...#:9 [evteng.exe] ModuleName : C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Command Line : "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ProcessID : 1228 ThreadCreationTime : 12-3-2006 1:07:14 AM BasePriority : Normal FileVersion : 10.5.0.20 ProductVersion : 10.5.0.1 ProductName : Intel® PROSet/Wireless Event Log CompanyName : Intel Corporation FileDescription : Intel® PROSet/Wireless Event Log InternalName : EvtEng LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : EvtEng.EXE Scanning Module:C:\Program Files\Intel\Wireless\Bin\EvtEng.exe... Scanning Module:C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL... Scanning Module:C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll... Scanning Module:C:\WINDOWS\system32\OLEACC.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\DbEngine.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\IntStngs.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\MurocApi.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll... Scanning Module:C:\Program Files\Common Files\System\ado\msado15.dll... Scanning Module:C:\WINDOWS\system32\MSDART.DLL... Scanning Module:C:\Program Files\Common Files\System\Ole DB\oledb32.dll... Scanning Module:C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL... Scanning Module:C:\Program Files\Common Files\System\Ole DB\msdasql.dll... Scanning Module:C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll... Scanning Module:C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL... Scanning Module:C:\WINDOWS\system32\odbcjt32.dll... Scanning Module:C:\WINDOWS\system32\msjet40.dll... Scanning Module:C:\WINDOWS\system32\mswstr10.dll... Scanning Module:C:\WINDOWS\system32\odbcji32.dll... Scanning Module:C:\WINDOWS\system32\msjter40.dll... Scanning Module:C:\WINDOWS\system32\MSJINT40.DLL... Scanning Module:C:\WINDOWS\system32\odbccp32.dll... Scanning Module:C:\Program Files\Common Files\System\msadc\msadce.dll... Scanning Module:C:\Program Files\Common Files\System\msadc\msadcer.dll...#:10 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1500 ThreadCreationTime : 12-3-2006 1:07:15 AM BasePriority : Normal FileVersion : 6.00.2900.2649 (xpsp.050406-1732) ProductVersion : 6.00.2900.2649 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE Scanning Module:C:\WINDOWS\Explorer.EXE... Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll... Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll... Scanning Module:C:\WINDOWS\system32\themeui.dll... Scanning Module:C:\WINDOWS\system32\MSIMG32.dll... Scanning Module:C:\Program Files\Comodo\Firewall\appguard.dll... Scanning Module:C:\WINDOWS\system32\LINKINFO.dll... Scanning Module:C:\WINDOWS\system32\ntshrui.dll... Scanning Module:C:\WINDOWS\system32\urlmon.dll... Scanning Module:C:\WINDOWS\system32\ieframe.dll... Scanning Module:C:\WINDOWS\system32\MLANG.dll... Scanning Module:C:\Program Files\LClock\LC.dll... Scanning Module:C:\WINDOWS\system32\webcheck.dll... Scanning Module:C:\WINDOWS\system32\stobject.dll... Scanning Module:C:\WINDOWS\system32\BatMeter.dll... Scanning Module:C:\WINDOWS\system32\WPDShServiceObj.dll... Scanning Module:C:\WINDOWS\system32\PortableDeviceTypes.dll... Scanning Module:C:\WINDOWS\system32\PortableDeviceApi.dll... Scanning Module:C:\WINDOWS\system32\wzcdlg.dll... Scanning Module:C:\WINDOWS\System32\drprov.dll... Scanning Module:C:\WINDOWS\System32\ntlanman.dll... Scanning Module:C:\WINDOWS\System32\NETUI0.dll... Scanning Module:C:\WINDOWS\System32\NETUI1.dll... Scanning Module:C:\WINDOWS\System32\NETRAP.dll... Scanning Module:C:\WINDOWS\System32\davclnt.dll... Scanning Module:C:\WINDOWS\system32\browselc.dll... Scanning Module:C:\WINDOWS\system32\DUSER.dll... Scanning Module:C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL... Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll... Scanning Module:C:\WINDOWS\system32\erasext.dll... Scanning Module:C:\WINDOWS\system32\ERASER.dll... Scanning Module:C:\Program Files\7-Zip\7-zip.dll... Scanning Module:C:\WINDOWS\system32\xpsp1res.dll... Scanning Module:C:\WINDOWS\system32\actxprxy.dll... Scanning Module:C:\WINDOWS\system32\wmvcore.dll... Scanning Module:C:\WINDOWS\system32\WMASF.DLL... Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll... Scanning Module:C:\WINDOWS\system32\ShellExt\SelectAll.dll... Scanning Module:C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dll... Scanning Module:C:\WINDOWS\system32\ShellExt\FileExtToggle.dll... Scanning Module:C:\WINDOWS\system32\ShellExt\BrowserBack.dll... Scanning Module:C:\WINDOWS\system32\zipfldr.dll... Scanning Module:C:\WINDOWS\system32\MSISIP.DLL... Scanning Module:C:\WINDOWS\system32\wshext.dll... Scanning Module:C:\WINDOWS\system32\MFC42.DLL... Scanning Module:C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL...#:11 [s24evmon.exe] ModuleName : C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Command Line : "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ProcessID : 1584 ThreadCreationTime : 12-3-2006 1:07:16 AM BasePriority : Normal FileVersion : 10.5.0.34 ProductVersion : 10.5.0.1 ProductName : Intel® PROSet/Wireless Service CompanyName : Intel Corporation FileDescription : Wireless Management Service InternalName : S24EvMon LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : S24EvMon.exe Scanning Module:C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe... Scanning Module:C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL...#:12 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService ProcessID : 1624 ThreadCreationTime : 12-3-2006 1:07:16 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dnsrslvr.dll...#:13 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService ProcessID : 1728 ThreadCreationTime : 12-3-2006 1:07:16 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\lmhsvc.dll... Scanning Module:c:\windows\system32\webclnt.dll... Scanning Module:c:\windows\system32\regsvc.dll... Scanning Module:c:\windows\system32\ssdpsrv.dll...#:14 [wltrysvc.exe] ModuleName : C:\WINDOWS\System32\wltrysvc.exe Command Line : C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1896 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal Scanning Module:C:\WINDOWS\System32\wltrysvc.exe...#:15 [bcmwltry.exe] ModuleName : C:\WINDOWS\System32\bcmwltry.exe Command Line : C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1908 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal FileVersion : 3.140.16.0 ProductVersion : 3.140.16.0 ProductName : Broadcom 802.11 Network Adapter Wireless Network Controller CompanyName : Broadcom Corporation FileDescription : Broadcom 802.11 Network Adapter Wireless Network Controller InternalName : bcmwltry.exe LegalCopyright : 1998-2005, Broadcom Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe Scanning Module:C:\WINDOWS\System32\bcmwltry.exe... Scanning Module:C:\WINDOWS\System32\CFGMGR32.dll... Scanning Module:C:\WINDOWS\System32\AegisE5.dll... Scanning Module:C:\WINDOWS\System32\mfc42u.dll... Scanning Module:C:\WINDOWS\System32\wltrynt.dll...#:16 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1972 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp.050610-1527) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Scanning Module:C:\WINDOWS\system32\spoolsv.exe... Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL... Scanning Module:C:\WINDOWS\system32\localspl.dll... Scanning Module:C:\WINDOWS\system32\mdimon.dll... Scanning Module:C:\WINDOWS\system32\tcpmon.dll... Scanning Module:C:\WINDOWS\system32\usbmon.dll... Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll... Scanning Module:C:\WINDOWS\system32\win32spl.dll... Scanning Module:C:\WINDOWS\system32\inetpp.dll...#:17 [sched.exe] ModuleName : C:\Program Files\AntiVir PersonalEdition Classic\sched.exe Command Line : "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ProcessID : 196 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\sched.exe... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\MSVCP71.dll... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\schedr.dll...#:18 [avguard.exe] ModuleName : C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe Command Line : "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ProcessID : 208 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\GUARDMSG.DLL... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\AVPREF.DLL... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\SMTPLIB.DLL... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\AVEWIN32.DLL... Scanning Module:C:\WINDOWS\system32\FLTLIB.DLL...#:19 [guard.exe] ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Command Line : n/a ProcessID : 224 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal FileVersion : 7, 5, 0, 47 ProductVersion : 7, 5, 0, 47 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : guard.exe Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe... Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll...#:20 [cmdagent.exe] ModuleName : C:\Program Files\Comodo\Firewall\cmdagent.exe Command Line : n/a ProcessID : 240 ThreadCreationTime : 12-3-2006 1:07:17 AM BasePriority : Normal FileVersion : 2.4.0.18 ProductVersion : 2.4.0.0 ProductName : Comodo Firewall CompanyName : COMODO FileDescription : Comodo Agent Service InternalName : cmdagent LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved LegalTrademarks : Copyright © 2005-2006 COMODO ®. All rights reserved OriginalFilename : cmdagent.exe Scanning Module:C:\Program Files\Comodo\Firewall\cmdagent.exe... Scanning Module:C:\Program Files\Comodo\Firewall\dbghelp.dll...#:21 [regsrvc.exe] ModuleName : C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Command Line : "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ProcessID : 492 ThreadCreationTime : 12-3-2006 1:07:18 AM BasePriority : Normal FileVersion : 10.5.0.4 ProductVersion : 10.5.0.1 ProductName : Intel® PROSet/Wireless Registry Service CompanyName : Intel Corporation FileDescription : Intel® PROSet/Wireless Registry Service InternalName : RegSrvc LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : RegSrvc.EXE Comments : Registry Interface for Intel Wireless Products Scanning Module:C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe...#:22 [agrsmmsg.exe] ModuleName : C:\WINDOWS\AGRSMMSG.exe Command Line : "C:\WINDOWS\AGRSMMSG.exe" ProcessID : 1708 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 2.1.51 2.1.51 03/04/2005 12:01:54 ProductVersion : 2.1.51 2.1.51 03/04/2005 12:01:54 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe Scanning Module:C:\WINDOWS\AGRSMMSG.exe...#:23 [avgas.exe] ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe Command Line : "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized ProcessID : 1760 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 7, 5, 0, 50 ProductVersion : 7, 5, 0, 50 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware InternalName : AVG Anti-Spyware LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : avgas.exe Scanning Module:C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe...#:24 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 1784 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe Scanning Module:C:\WINDOWS\System32\alg.exe...#:25 [lclock.exe] ModuleName : C:\Program Files\LClock\LClock.exe Command Line : "C:\Program Files\LClock\LClock.exe" ProcessID : 1792 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : LClock Application FileDescription : LClock Application InternalName : LClock LegalCopyright : Copyright © 2004 OriginalFilename : LClock.exe Scanning Module:C:\Program Files\LClock\LClock.exe... Scanning Module:C:\Program Files\LClock\Calendar.dll...#:26 [zcfgsvc.exe] ModuleName : C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe Command Line : "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" ProcessID : 1800 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 10.5.0.5 ProductVersion : 10.5.0.1 ProductName : ZeroCfgSvc Application CompanyName : Intel Corporation FileDescription : ZeroCfgSvc MFC Application InternalName : ZeroCfgSvc LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : ZeroCfgSvc.EXE Scanning Module:C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe... Scanning Module:C:\WINDOWS\system32\oledlg.dll...#:27 [ifrmewrk.exe] ModuleName : C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe Command Line : "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless ProcessID : 1812 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal FileVersion : 10.5.0.1 ProductVersion : 10.5.0.1 ProductName : Intel® PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel Framework MFC Application InternalName : Framework LegalCopyright : Copyright © Intel Corporation 1999-2006 OriginalFilename : iFramewrk.exe Scanning Module:C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe... Scanning Module:C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll...#:28 [avgnt.exe] ModuleName : C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe Command Line : "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min ProcessID : 1820 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL... Scanning Module:C:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll...#:29 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" ProcessID : 1828 ThreadCreationTime : 12-3-2006 1:07:21 AM BasePriority : Normal Scanning Module:C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe...#:30 [dot1xcfg.exe] ModuleName : C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe Command Line : "C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe" -Embedding ProcessID : 2884 ThreadCreationTime : 12-3-2006 1:07:28 AM BasePriority : Normal FileVersion : 10.5.0.3 ProductVersion : 10.5.0.1 ProductName : Intel PROSet/Wireless CompanyName : Intel Corporation FileDescription : Intel 802.1x Server InternalName : Dot1xCfg LegalCopyright : Copyright © Intel Corporation 2006 OriginalFilename : Dot1xCfg.exe Scanning Module:C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe... Scanning Module:C:\Program Files\Intel\Wireless\Bin\acAuth.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll... Scanning Module:C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll...#:31 [cpf.exe] ModuleName : C:\Program Files\Comodo\Firewall\cpf.exe Command Line : n/a ProcessID : 3552 ThreadCreationTime : 12-3-2006 2:13:59 AM BasePriority : Normal FileVersion : 2.4.0.56 ProductVersion : 2.4.0.0 ProductName : Comodo Firewall CompanyName : COMODO FileDescription : Comodo Firewall InternalName : cpf.exe LegalCopyright : Copyright © 2005-2006 COMODO ®. All rights reserved OriginalFilename : cpf.exe Scanning Module:C:\Program Files\Comodo\Firewall\cpf.exe... Scanning Module:C:\Program Files\Comodo\Firewall\clicapi.dll... Scanning Module:C:\WINDOWS\system32\RICHED20.DLL... Scanning Module:C:\WINDOWS\system32\asycfilt.dll...#:32 [firefox.exe] ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe" /prefetch:1 ProcessID : 3196 ThreadCreationTime : 12-3-2006 2:18:49 AM BasePriority : Normal Scanning Module:C:\Program Files\Mozilla Firefox\firefox.exe... Scanning Module:C:\Program Files\Mozilla Firefox\js3250.dll... Scanning Module:C:\Program Files\Mozilla Firefox\nspr4.dll... Scanning Module:C:\Program Files\Mozilla Firefox\xpcom_core.dll... Scanning Module:C:\Program Files\Mozilla Firefox\plc4.dll... Scanning Module:C:\Program Files\Mozilla Firefox\plds4.dll... Scanning Module:C:\Program Files\Mozilla Firefox\smime3.dll... Scanning Module:C:\Program Files\Mozilla Firefox\nss3.dll... Scanning Module:C:\Program Files\Mozilla Firefox\softokn3.dll... Scanning Module:C:\Program Files\Mozilla Firefox\ssl3.dll... Scanning Module:C:\Program Files\Mozilla Firefox\xpcom_compat.dll... Scanning Module:C:\Program Files\Mozilla Firefox\components\myspell.dll... Scanning Module:C:\Program Files\Mozilla Firefox\components\jar50.dll... Scanning Module:C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll... Scanning Module:C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL... Scanning Module:C:\WINDOWS\system32\msimtf.dll... Scanning Module:C:\WINDOWS\system32\MSCTF.dll... Scanning Module:C:\Program Files\Mozilla Firefox\freebl3.dll... Scanning Module:C:\Program Files\Mozilla Firefox\nssckbi.dll... Scanning Module:C:\Program Files\Mozilla Firefox\components\spellchk.dll...#:33 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" ProcessID : 3028 ThreadCreationTime : 12-3-2006 3:08:07 AM BasePriority : Idle FileVersion : 6.2.0.238 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe... Scanning Module:C:\WINDOWS\system32\olepro32.dll... Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...Memory scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 4Started registry scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Registry Scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 4Started deep registry scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Deep registry scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 4Started Tracking Cookie scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Tracking cookie scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 4Deep scanning and examining files (C:)»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Disk Scan Result for C:\»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 4Scanning Hosts file......Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Hosts file scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»11835 entries scanned.New critical objects:0Objects found so far: 4Performing conditional scans...»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Conditional scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 0Objects found so far: 410:13:16 PM Scan CompleteSummary Of This Scan»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Total scanning time:00:04:52.344Objects scanned:151919Objects identified:0Objects ignored:0New critical objects:0Reanalyzing scan result»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»No objects have been removed from the result list. Link to comment Share on other sites More sharing options...
tvalenti Posted December 3, 2006 Author Share Posted December 3, 2006 (edited) Full scan with Spybot with latest definitions... nothingEDIT: Full scan with AVG found nothing, but i tried to download again and am able to.hmmm.. im skeptical, but if the issues continues ill repost, thanks! Edited December 3, 2006 by tvalenti Link to comment Share on other sites More sharing options...
Jeremy Posted December 3, 2006 Share Posted December 3, 2006 For future reference, please attach logs to your post, don't make them so inconceivably long. Don't scan with AVG, you have AntiVir installed, which has a much higher detection rate than AVG (and Symantec, believe that?). AVG is a waste of harddrive space and time at this point. Link to comment Share on other sites More sharing options...
Tarun Posted December 3, 2006 Share Posted December 3, 2006 Well he's using AVG AntiSpyware, not the Anti-Virus.If you notice any suspicious behavior, document it and let us know. Link to comment Share on other sites More sharing options...
Jeremy Posted December 3, 2006 Share Posted December 3, 2006 Well he's using AVG AntiSpyware, not the Anti-Virus.Ah yes, I keep forgetting AVG bought out Ewido. Anyway, Ad-Aware SE and Spybot pretty much take care of all spyware from my experience (dozens of PCs brought into a tech shop). Link to comment Share on other sites More sharing options...
Tarun Posted December 3, 2006 Share Posted December 3, 2006 AVG ruined ewido, really. The memory scan now acts more like a memory defrag program; making it more harmful than good. Link to comment Share on other sites More sharing options...
profmike Posted December 6, 2006 Share Posted December 6, 2006 Try Removeit Pro - get it from majorgeeks.com, it's small; fast and cleans things other applications never find. I run avast! in all 7 modes, as well as two firewalls and routinely find stuff that sneaks in [ my eldest son plays online games... ] Link to comment Share on other sites More sharing options...
tvalenti Posted December 7, 2006 Author Share Posted December 7, 2006 OH Boy!It says im infected withSys32.sys32.mmmIts finding a bunch of files that itss saying are infected, and it looks like many are legit files so im kinda nervous and dont know what to do.. Link to comment Share on other sites More sharing options...
tvalenti Posted December 7, 2006 Author Share Posted December 7, 2006 Nevermind.. i restarted everything came back clean... im starting to get frustrated.. i am having the same issue come back tonight though... seems its only an issue with firefox though.. anyone have any suggestions? Link to comment Share on other sites More sharing options...
Tarun Posted December 7, 2006 Share Posted December 7, 2006 Check out my Anti-Malware package. Get Avast and do a full system scan (including boot time scan), then apply and/or scan with SpywareBlaster, CWShredder, Ad-Aware, Spybot, AVG AntiSpyware, and then post another HijackThis log. Link to comment Share on other sites More sharing options...
tvalenti Posted December 8, 2006 Author Share Posted December 8, 2006 @Tarun: Ive fixed my issue. I used the programs on your site, but you didnt include the one thing that found 5 various pieces of spyware that all the others DIDNT pickup I strongly suggest you add the free online trend micro spyware scanner to your list at housecall.trendmicro.com. Thanks for all your help everyone, and if you smart youll scan with this site too its a miracle!Thanks guys Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now