I have three nasties on machines that keep comming back, I down loaded a file, saved it, virus checked it. it proved safe as far as norton was concerned so open it and all hell broke lose ... have cleared most of it but got this icon in task bar that looks like critical update icon, that keeps telling me I have been infected ( which I know cos they did it) and it can't be shut down, at risk opf further infection I have gone to sight they want me to so i can show you who they are and am posting SE log ta

Here is the Link http://antivirusgolden.com/?aid=1331

Here is SE log up to Item 29


Ad-Aware SE Build 1.06r1
Logfile Created on:25 June 2006 13:19:10
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar(TAC index:7):1 total references
Virtumonde(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R112 15.06.2006
Internal build : 134
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 687936 Bytes
Total size : 2246731 Bytes
Signature data size : 2199032 Bytes
Reference data size : 47187 Bytes
Signatures total : 61794
CSI Fingerprints total : 3014
CSI data size : 106276 Bytes
Target categories : 15
Target families : 913


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:20 %
Total physical memory:490992 kb
Available physical memory:94656 kb
Total page file size:1152880 kb
Available on page file:822172 kb
Total virtual memory:2097024 kb
Available virtual memory:2043660 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Disable manual quarantine if auto-quarantine is selected
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Create and save WebUpdate log file
Set : Play sound at scan completion if scan locates critical objects


25-06-2006 13:19:10 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 756
ThreadCreationTime : 25-06-2006 12:13:55
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 816
ThreadCreationTime : 25-06-2006 12:14:00
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 840
ThreadCreationTime : 25-06-2006 12:14:02
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\winlogon.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\WgaLogon.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\system32\winqre32.dll...
Scanning Module:C:\WINDOWS\system32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rasman.dll...
Scanning Module:C:\WINDOWS\system32\TAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rtutils.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\pmnkkjk.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\system32\ACTIVEDS.dll...
Scanning Module:C:\WINDOWS\system32\adsldpc.dll...
Scanning Module:C:\WINDOWS\system32\ATL.DLL...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
Scanning Module:C:\WINDOWS\System32\NavLogon.dll...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\ld101.tmp...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...
Scanning Module:C:\WINDOWS\system32\wsock32.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 888
ThreadCreationTime : 25-06-2006 12:14:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 900
ThreadCreationTime : 25-06-2006 12:14:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1056
ThreadCreationTime : 25-06-2006 12:14:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:C:\WINDOWS\system32\msi.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1164
ThreadCreationTime : 25-06-2006 12:14:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1248
ThreadCreationTime : 25-06-2006 12:14:16
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:C:\WINDOWS\System32\upnp.dll...
Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:C:\WINDOWS\System32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\system32\WBEM\wbemcore.dll...
Scanning Module:C:\WINDOWS\system32\WBEM\esscli.dll...
Scanning Module:C:\WINDOWS\system32\WBEM\FastProx.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\system32\MSXML3.dll...
Scanning Module:C:\WINDOWS\system32\wups.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemcons.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemprox.dll...

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 1276
ThreadCreationTime : 25-06-2006 12:14:18
BasePriority : Normal
FileVersion : 4, 2, 12, 0
ProductVersion : 4, 2, 12, 0
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe
Scanning Module:C:\Program Files\Ahead\InCD\InCDsrv.exe...
Scanning Module:C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll...
Scanning Module:C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll...
Scanning Module:C:\Program Files\Ahead\InCD\incdshx.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1404
ThreadCreationTime : 25-06-2006 12:14:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1468
ThreadCreationTime : 25-06-2006 12:14:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1700
ThreadCreationTime : 25-06-2006 12:14:35
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\CNMLM2R.DLL...
Scanning Module:C:\WINDOWS\system32\hpzlnt07.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1904
ThreadCreationTime : 25-06-2006 12:14:42
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\System32\themeui.dll...
Scanning Module:C:\WINDOWS\System32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\System32\actxprxy.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\System32\webcheck.dll...
Scanning Module:C:\WINDOWS\System32\stobject.dll...
Scanning Module:C:\WINDOWS\System32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\upnpui.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...

#:14 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1956
ThreadCreationTime : 25-06-2006 12:14:45
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP70.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR70.dll...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...

#:15 [defwatch.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\DefWatch.exe
Command Line : "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
ProcessID : 1992
ThreadCreationTime : 25-06-2006 12:14:49
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
Scanning Module:C:\Program Files\Symantec AntiVirus\DefWatch.exe...

#:16 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\GEARSec.exe
Command Line : C:\WINDOWS\System32\GEARSec.exe
ProcessID : 2028
ThreadCreationTime : 25-06-2006 12:14:51
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe
Scanning Module:C:\WINDOWS\System32\GEARSec.exe...

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 208
ThreadCreationTime : 25-06-2006 12:14:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\system32\hpgwiamd.dll...
Scanning Module:C:\WINDOWS\system32\hpotscl.dll...
Scanning Module:C:\WINDOWS\System32\wiavusd.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...

#:18 [rtvscan.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Command Line : "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
ProcessID : 276
ThreadCreationTime : 25-06-2006 12:14:57
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
Scanning Module:C:\Program Files\Symantec AntiVirus\Rtvscan.exe...
Scanning Module:C:\WINDOWS\system32\CBA.DLL...
Scanning Module:C:\WINDOWS\system32\MsgSys.dll...
Scanning Module:C:\WINDOWS\system32\NTS.dll...
Scanning Module:C:\WINDOWS\system32\PDS.DLL...
Scanning Module:C:\WINDOWS\system32\CTL3D32.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\NAVLU.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\I2ldvp3.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\ecmldr32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\SAVRT32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\ecmsvr32.dll...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NAVEX32a.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NAVENG32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\IMail.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\NotesExt.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\vpmsece.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\DecSDK.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ID.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2SS.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2CAB.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2LHA.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2LZ.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2AMG.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2TAR.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2RTF.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2Text.dll...

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 588
ThreadCreationTime : 25-06-2006 12:15:22
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:20 [pqv2isvc.exe]
ModuleName : C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Command Line : "C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe"
ProcessID : 1020
ThreadCreationTime : 25-06-2006 12:15:27
BasePriority : Normal
FileVersion : 2.0.1.309
ProductVersion : 2.0.1.309
ProductName : V2i Protector
CompanyName : PowerQuest Corporation
FileDescription : V2i Protector Service Module
InternalName : PQV2iSvc
LegalCopyright : Copyright© PowerQuest Corporation 2003.
OriginalFilename : PQV2iSvc.exe
Comments : V2i Protector Agent
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe...
Scanning Module:C:\WINDOWS\system32\mlang.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQV2iObj.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQNotify.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQScheduler.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQImaging.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQSmeCOM.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\gwrks32.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\GEARAW32.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\gwlangEN.dll...

#:21 [atmclk.exe]
ModuleName : C:\WINDOWS\system32\atmclk.exe
Command Line : "C:\WINDOWS\system32\atmclk.exe"
ProcessID : 1116
ThreadCreationTime : 25-06-2006 12:15:28
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\atmclk.exe...

#:22 [dcomcfg.exe]
ModuleName : C:\WINDOWS\system32\dcomcfg.exe
Command Line : "C:\WINDOWS\system32\dcomcfg.exe"
ProcessID : 1096
ThreadCreationTime : 25-06-2006 12:15:28
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\dcomcfg.exe...

#:23 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
ProcessID : 1396
ThreadCreationTime : 25-06-2006 12:15:31
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe...

#:24 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1016
ThreadCreationTime : 25-06-2006 12:15:37
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
Scanning Module:C:\Program Files\QuickTime\qttask.exe...

#:25 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1760
ThreadCreationTime : 25-06-2006 12:15:46
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...

#:26 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 2080
ThreadCreationTime : 25-06-2006 12:15:55
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll...

#:27 [hpobnz08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
ProcessID : 2108
ThreadCreationTime : 25-06-2006 12:15:58
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll...
Scanning Module:C:\WINDOWS\system32\hpzidr12.dll...
Scanning Module:C:\WINDOWS\system32\hpzipr12.dll...

#:28 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 2176
ThreadCreationTime : 25-06-2006 12:16:01
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe
Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...

#:29 [ccpsrv.exe]
ModuleName : C:\Program Files\CCP Server 4\ccpsrv.exe
Command Line : "C:\Program Files\CCP Server 4\ccpsrv.exe"
ProcessID : 2220
ThreadCreationTime : 25-06-2006 12:16:08
BasePriority : Normal
FileVersion : 4.01.0373
ProductVersion : 4.01.0373
ProductName : CyberCaféPro
CompanyName : Celco Software
InternalName : ccpsrv
OriginalFilename : ccpsrv.exe
Scanning Module:C:\Program Files\CCP Server 4\ccpsrv.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\WINDOWS\system32\asycfilt.dll...
Scanning Module:C:\WINDOWS\system32\MSWINSCK.OCX...
Scanning Module:C:\WINDOWS\System32\ccp4\absBtn2.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absBtn.ocx...
Scanning Module:C:\WINDOWS\system32\MSCOMCTL.OCX...
Scanning Module:C:\WINDOWS\System32\ccp4\SysTray.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\smtpsck2.ocx...
Scanning Module:C:\WINDOWS\system32\comdlg32.ocx...
Scanning Module:C:\WINDOWS\System32\ntsvc.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absVSR.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absSldr.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absTS.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absCB.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absTB.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\Vsflex7.ocx...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll...
Scanning Module:C:\WINDOWS\system32\MSJET40.DLL...
Scanning Module:C:\WINDOWS\system32\mswstr10.dll...
Scanning Module:C:\WINDOWS\system32\expsrv.dll...
Scanning Module:C:\WINDOWS\System32\msjtes40.dll...
Scanning Module:C:\WINDOWS\system32\VBAJET32.DLL...
Scanning Module:C:\Program Files\Common Files\System\ado\msado15.dll...
Scanning Module:C:\WINDOWS\system32\MSDART.DLL...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\oledb32.dll...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL...
Scanning Module:C:\WINDOWS\System32\msjetoledb40.dll...
Scanning Module:C:\WINDOWS\System32\msjter40.dll...
Scanning Module:C:\WINDOWS\System32\MSJINT40.DLL...
Scanning Module:C:\Program Files\Common Files\System\msadc\msadce.dll...
Scanning Module:C:\Program Files\Common Files\System\msadc\msadcer.dll...
Scanning Module:C:\Program Files\Common Files\System\ado\msader15.dll...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\msdaps.dll...
Scanning Module:C:\Program Files\Common Files\System\ado\msadrh15.dll...

here is the rest of the SE log

#:30 [vptray.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\VPTray.exe
Command Line : "C:\Program Files\Symantec AntiVirus\VPTray.exe"
ProcessID : 2236
ThreadCreationTime : 25-06-2006 12:16:14
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
Scanning Module:C:\Program Files\Symantec AntiVirus\VPTray.exe...
Scanning Module:C:\Program Files\Symantec AntiVirus\Cliscan.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Cliproxy.dll...

#:31 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 2320
ThreadCreationTime : 25-06-2006 12:16:23
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe...

#:32 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4e0]SUSDSf6ae5ea882b91349b3b5cefbbca4ccd1
ProcessID : 2592
ThreadCreationTime : 25-06-2006 12:17:04
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Scanning Module:C:\WINDOWS\system32\wuauclt.exe...
Scanning Module:C:\WINDOWS\system32\wuaucpl.cpl...

#:33 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2672
ThreadCreationTime : 25-06-2006 12:17:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvse.exe...
Scanning Module:C:\WINDOWS\System32\wbem\cimwin32.dll...
Scanning Module:C:\WINDOWS\System32\wbem\framedyn.dll...

#:34 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 3052
ThreadCreationTime : 25-06-2006 12:17:45
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Scanning Module:C:\WINDOWS\system32\HPZipm12.exe...

#:35 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\msiexec.exe
Command Line : C:\WINDOWS\system32\msiexec.exe /V
ProcessID : 3068
ThreadCreationTime : 25-06-2006 12:17:46
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\msiexec.exe...
Scanning Module:C:\WINDOWS\system32\MSCOREE.DLL...
Scanning Module:C:\WINDOWS\system32\perfproc.dll...

#:36 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3104
ThreadCreationTime : 25-06-2006 12:17:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3624
ThreadCreationTime : 25-06-2006 12:18:32
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\system32\RICHED20.dll...

#:38 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2170 series#1131109493" /Startup
ProcessID : 3728
ThreadCreationTime : 25-06-2006 12:18:51
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : File
Data : A0122178.dll
TAC Rating : 7
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{8F94460E-0D7D-42FA-88FA-254684A84AA7}\RP793\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : WindowsHelp
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® WindowsHelp
InternalName : WindowsHelp
LegalCopyright : Copyright © Microsoft Corp.
OriginalFilename : WINHELP.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

13:45:16 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:06.542
Objects scanned:199071
Objects identified:3
Objects ignored:0
New critical objects:3

charlieuk,
Please can you download VundoFix.exe to your desktop.
Double-click on the VundoFix.exe to run it.
Click the Scan for Vundo button.
When the scan is complete, click the Remove Vundo button.
click yes to remove the files,
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, Reboot (ie: Re-start your PC)


After your PC has restarted there will be a log called vundofix.txt will be created in your C:\ directory, please keep this log file as you may be asked to post it by the support staff

Lavasoft does have a BETA version of its own Virtumondo Remover
See Lavasoft Virtumondo Remover Released!

Then can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)at leat till your pc is clean of spyware/malware
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

GRAFX

Tnx GRAFX adaware now reports machine clear and last log below how ever my home page still hi-jacked and can't reset it and my pop-up blocker appears to be dis-abled even tho it says it's active any Ideas



Ad-Aware SE Build 1.06r1
Logfile Created on:26 June 2006 10:51:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R112 15.06.2006
Internal build : 134
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 687936 Bytes
Total size : 2246731 Bytes
Signature data size : 2199032 Bytes
Reference data size : 47187 Bytes
Signatures total : 61794
CSI Fingerprints total : 3014
CSI data size : 106276 Bytes
Target categories : 15
Target families : 913


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:21 %
Total physical memory:490992 kb
Available physical memory:102412 kb
Total page file size:1152088 kb
Available on page file:835240 kb
Total virtual memory:2097024 kb
Available virtual memory:2044072 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Disable manual quarantine if auto-quarantine is selected
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Create and save WebUpdate log file
Set : Play sound at scan completion if scan locates critical objects


26-06-2006 10:51:05 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\cybercafe\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-343818398-839522115-1343024091-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 764
ThreadCreationTime : 26-06-2006 09:45:34
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 816
ThreadCreationTime : 26-06-2006 09:45:39
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 840
ThreadCreationTime : 26-06-2006 09:45:41
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\winlogon.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\WgaLogon.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\system32\winqre32.dll...
Scanning Module:C:\WINDOWS\system32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rasman.dll...
Scanning Module:C:\WINDOWS\system32\TAPI32.dll...
Scanning Module:C:\WINDOWS\system32\rtutils.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\system32\ACTIVEDS.dll...
Scanning Module:C:\WINDOWS\system32\adsldpc.dll...
Scanning Module:C:\WINDOWS\system32\ATL.DLL...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
Scanning Module:C:\WINDOWS\System32\NavLogon.dll...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\ld101.tmp...
Scanning Module:C:\WINDOWS\system32\wininet.dll...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...
Scanning Module:C:\WINDOWS\system32\wsock32.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 888
ThreadCreationTime : 26-06-2006 09:45:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 900
ThreadCreationTime : 26-06-2006 09:45:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1056
ThreadCreationTime : 26-06-2006 09:45:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:C:\WINDOWS\system32\msi.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1164
ThreadCreationTime : 26-06-2006 09:45:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1248
ThreadCreationTime : 26-06-2006 09:45:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:C:\WINDOWS\System32\upnp.dll...
Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:C:\WINDOWS\System32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:C:\WINDOWS\system32\WBEM\wbemcore.dll...
Scanning Module:C:\WINDOWS\system32\WBEM\esscli.dll...
Scanning Module:C:\WINDOWS\system32\WBEM\FastProx.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\system32\wups.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 1276
ThreadCreationTime : 26-06-2006 09:45:57
BasePriority : Normal
FileVersion : 4, 2, 12, 0
ProductVersion : 4, 2, 12, 0
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe
Scanning Module:C:\Program Files\Ahead\InCD\InCDsrv.exe...
Scanning Module:C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll...
Scanning Module:C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll...
Scanning Module:C:\Program Files\Ahead\InCD\incdshx.dll...

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1404
ThreadCreationTime : 26-06-2006 09:46:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1468
ThreadCreationTime : 26-06-2006 09:46:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1676
ThreadCreationTime : 26-06-2006 09:46:07
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\CNMLM2R.DLL...
Scanning Module:C:\WINDOWS\system32\hpzlnt07.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\NETRAP.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1884
ThreadCreationTime : 26-06-2006 09:46:10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\System32\themeui.dll...
Scanning Module:C:\WINDOWS\System32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\System32\actxprxy.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\WINDOWS\System32\webcheck.dll...
Scanning Module:C:\WINDOWS\System32\stobject.dll...
Scanning Module:C:\WINDOWS\System32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\upnpui.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...

#:14 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1940
ThreadCreationTime : 26-06-2006 09:46:14
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP70.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR70.dll...
Scanning Module:C:\WINDOWS\system32\IMM32.DLL...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll...

#:15 [defwatch.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\DefWatch.exe
Command Line : "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
ProcessID : 1976
ThreadCreationTime : 26-06-2006 09:46:16
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
Scanning Module:C:\Program Files\Symantec AntiVirus\DefWatch.exe...

#:16 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\GEARSec.exe
Command Line : C:\WINDOWS\System32\GEARSec.exe
ProcessID : 2012
ThreadCreationTime : 26-06-2006 09:46:17
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe
Scanning Module:C:\WINDOWS\System32\GEARSec.exe...

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 192
ThreadCreationTime : 26-06-2006 09:46:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\CFGMGR32.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\system32\hpgwiamd.dll...
Scanning Module:C:\WINDOWS\system32\hpotscl.dll...
Scanning Module:C:\WINDOWS\System32\wiavusd.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...

#:18 [rtvscan.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Command Line : "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
ProcessID : 288
ThreadCreationTime : 26-06-2006 09:46:20
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
Scanning Module:C:\Program Files\Symantec AntiVirus\Rtvscan.exe...
Scanning Module:C:\WINDOWS\system32\CBA.DLL...
Scanning Module:C:\WINDOWS\system32\MsgSys.dll...
Scanning Module:C:\WINDOWS\system32\NTS.dll...
Scanning Module:C:\WINDOWS\system32\PDS.DLL...
Scanning Module:C:\WINDOWS\system32\CTL3D32.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\NAVLU.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\I2ldvp3.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\ecmldr32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\SAVRT32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\ecmsvr32.dll...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NAVEX32a.DLL...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NAVENG32.DLL...
Scanning Module:C:\Program Files\Symantec AntiVirus\IMail.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\NotesExt.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\vpmsece.dll...
Scanning Module:C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\DecSDK.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ID.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2SS.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2CAB.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2LHA.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2LZ.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2AMG.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2TAR.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2RTF.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Dec2Text.dll...

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 524
ThreadCreationTime : 26-06-2006 09:46:34
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
Scanning Module:C:\WINDOWS\system32\wdfmgr.exe...

#:20 [atmclk.exe]
ModuleName : C:\WINDOWS\system32\atmclk.exe
Command Line : "C:\WINDOWS\system32\atmclk.exe"
ProcessID : 596
ThreadCreationTime : 26-06-2006 09:46:36
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\atmclk.exe...

#:21 [pqv2isvc.exe]
ModuleName : C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Command Line : "C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe"
ProcessID : 1016
ThreadCreationTime : 26-06-2006 09:46:40
BasePriority : Normal
FileVersion : 2.0.1.309
ProductVersion : 2.0.1.309
ProductName : V2i Protector
CompanyName : PowerQuest Corporation
FileDescription : V2i Protector Service Module
InternalName : PQV2iSvc
LegalCopyright : Copyright© PowerQuest Corporation 2003.
OriginalFilename : PQV2iSvc.exe
Comments : V2i Protector Agent
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe...
Scanning Module:C:\WINDOWS\system32\MSXML3.dll...
Scanning Module:C:\WINDOWS\system32\mlang.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQV2iObj.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQNotify.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Shared\PQScheduler.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQImaging.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQSmeCOM.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\gwrks32.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\GEARAW32.dll...
Scanning Module:C:\Program Files\PowerQuest\Drive Image 7.0\Agent\gwlangEN.dll...

#:22 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
ProcessID : 1108
ThreadCreationTime : 26-06-2006 09:46:41
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe...

#:23 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1448
ThreadCreationTime : 26-06-2006 09:46:45
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
Scanning Module:C:\Program Files\QuickTime\qttask.exe...

#:24 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1528
ThreadCreationTime : 26-06-2006 09:46:49
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
Scanning Module:C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe...
Scanning Module:C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL...

#:25 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 1612
ThreadCreationTime : 26-06-2006 09:46:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll...

#:26 [hpobnz08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe"
ProcessID : 1844
ThreadCreationTime : 26-06-2006 09:46:57
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll...
Scanning Module:C:\WINDOWS\system32\hpzidr12.dll...
Scanning Module:C:\WINDOWS\system32\hpzipr12.dll...

#:27 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 660
ThreadCreationTime : 26-06-2006 09:46:59
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe
Scanning Module:C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe...
Scanning Module:C:\WINDOWS\system32\MSVCP71.dll...
Scanning Module:C:\WINDOWS\system32\MSVCR71.dll...

#:28 [ccpsrv.exe]
ModuleName : C:\Program Files\CCP Server 4\ccpsrv.exe
Command Line : "C:\Program Files\CCP Server 4\ccpsrv.exe"
ProcessID : 2128
ThreadCreationTime : 26-06-2006 09:47:06
BasePriority : Normal
FileVersion : 4.01.0373
ProductVersion : 4.01.0373
ProductName : CyberCaféPro
CompanyName : Celco Software
InternalName : ccpsrv
OriginalFilename : ccpsrv.exe
Scanning Module:C:\Program Files\CCP Server 4\ccpsrv.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\WINDOWS\system32\asycfilt.dll...
Scanning Module:C:\WINDOWS\system32\MSWINSCK.OCX...
Scanning Module:C:\WINDOWS\System32\ccp4\absBtn2.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absBtn.ocx...
Scanning Module:C:\WINDOWS\system32\MSCOMCTL.OCX...
Scanning Module:C:\WINDOWS\System32\ccp4\SysTray.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\smtpsck2.ocx...
Scanning Module:C:\WINDOWS\system32\comdlg32.ocx...
Scanning Module:C:\WINDOWS\System32\ntsvc.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absVSR.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absSldr.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absTS.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absCB.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\absTB.ocx...
Scanning Module:C:\WINDOWS\System32\ccp4\Vsflex7.ocx...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll...
Scanning Module:C:\WINDOWS\system32\MSJET40.DLL...
Scanning Module:C:\WINDOWS\system32\mswstr10.dll...
Scanning Module:C:\WINDOWS\system32\expsrv.dll...
Scanning Module:C:\WINDOWS\System32\msjtes40.dll...
Scanning Module:C:\WINDOWS\system32\VBAJET32.DLL...
Scanning Module:C:\Program Files\Common Files\System\ado\msado15.dll...
Scanning Module:C:\WINDOWS\system32\MSDART.DLL...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\oledb32.dll...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL...
Scanning Module:C:\WINDOWS\System32\msjetoledb40.dll...
Scanning Module:C:\WINDOWS\System32\msjter40.dll...
Scanning Module:C:\WINDOWS\System32\MSJINT40.DLL...
Scanning Module:C:\Program Files\Common Files\System\msadc\msadce.dll...
Scanning Module:C:\Program Files\Common Files\System\msadc\msadcer.dll...
Scanning Module:C:\Program Files\Common Files\System\ado\msader15.dll...
Scanning Module:C:\Program Files\Common Files\System\Ole DB\msdaps.dll...
Scanning Module:C:\Program Files\Common Files\System\ado\msadrh15.dll...

#:29 [vptray.exe]
ModuleName : C:\Program Files\Symantec AntiVirus\VPTray.exe
Command Line : "C:\Program Files\Symantec AntiVirus\VPTray.exe"
ProcessID : 2148
ThreadCreationTime : 26-06-2006 09:47:09
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.
Scanning Module:C:\Program Files\Symantec AntiVirus\VPTray.exe...
Scanning Module:C:\Program Files\Symantec AntiVirus\Cliscan.dll...
Scanning Module:C:\Program Files\Symantec AntiVirus\Cliproxy.dll...

#:30 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 2220
ThreadCreationTime : 26-06-2006 09:47:20
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe...

#:31 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4e0]SUSDSea6e33fbf2d7894e9141bc62542d1c3b
ProcessID : 2524
ThreadCreationTime : 26-06-2006 09:48:18
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Scanning Module:C:\WINDOWS\system32\wuauclt.exe...
Scanning Module:C:\WINDOWS\system32\wuaucpl.cpl...

#:32 [dcomcfg.exe]
ModuleName : C:\WINDOWS\system32\dcomcfg.exe
Command Line : C:\WINDOWS\system32\dcomcfg.exe
ProcessID : 2664
ThreadCreationTime : 26-06-2006 09:48:31
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\dcomcfg.exe...

#:33 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 2936
ThreadCreationTime : 26-06-2006 09:49:11
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Scanning Module:C:\WINDOWS\system32\HPZipm12.exe...

#:34 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\msiexec.exe
Command Line : C:\WINDOWS\system32\msiexec.exe /V
ProcessID : 3056
ThreadCreationTime : 26-06-2006 09:49:12
BasePriority : Normal

Scanning Module:C:\WINDOWS\system32\msiexec.exe...
Scanning Module:C:\WINDOWS\system32\perfproc.dll...

#:35 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3132
ThreadCreationTime : 26-06-2006 09:49:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:36 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 2170 series#1131109493" /Startup
ProcessID : 3604
ThreadCreationTime : 26-06-2006 09:49:51
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc...

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3756
ThreadCreationTime : 26-06-2006 09:50:34
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...
Scanning Module:C:\WINDOWS\system32\RICHED20.dll...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

11:10:12 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:07.180
Objects scanned:179504
Objects identified:0
Objects ignored:0
New critical objects:0

charlieuk,

ok can you download HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Logs forum.
Call it some ting like "my HijachThis log" in the Topic Title
and then put "referred by GRAFX" as the Topic Description

Also Please can you include a link to this post for reference

GRAFX