This virus refuses to get out of my system....
how do I deal with it...;Thanks
Frodo
Full Version: not-virus:Hoax.Win32.Renos.gg, Virus
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi There,
This virus refuses to get out of my system.... how do I deal with it...;
Thanks
Frodo
This virus refuses to get out of my system....
how do I deal with it...;Thanks
Frodo
Hi Frodo,
In order for the log-reading malware experts to assist you, please post scan-logs from both Ad-Aware and a program called HijackThis.
Log-posting instructions are included in my post in this thread: Infected ??, found this
Please also notice my comment in that post on possible delays - thanks
Regards,
Spike
In order for the log-reading malware experts to assist you, please post scan-logs from both Ad-Aware and a program called HijackThis.
Log-posting instructions are included in my post in this thread: Infected ??, found this
Please also notice my comment in that post on possible delays - thanks
Regards,
Spike
Click to view attachment
Click to view attachment
Thank you for the prompt reply....please see teh attached logs (I have dated them accordingly)
Click to view attachment
Thank you for the prompt reply....please see teh attached logs (I have dated them accordingly)
QUOTE(Frodo @ Nov 23 2006, 06:49 PM) 
Hi There,
This virus refuses to get out of my system.... how do I deal with it...;
Thanks
Frodo
This virus refuses to get out of my system....
how do I deal with it...;Thanks
Frodo
Hi Spike,
Have run Hijack this again and here is the report:
Logfile of HijackThis v1.99.1
Scan saved at 9:22:51 AM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
\edgstaff1\sys\public\winsqclient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Novell\GroupWise\notify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Novell\GroupWise\grpwise.exe
C:\PROGRA~1\Advansys\Formativ\uiload.dll
C:\PROGRA~1\Advansys\Formativ\formativ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://innerweb.und.ac.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://innerweb.und.ac.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.ukzn.ac.za/config.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nu.ac.za:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.nu.ac.za; *.und.ac.za; *.unp.ac.za; *.ukzn.ac.za;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Silver Codec\isaddon.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Notify.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160548789296
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\System32\Novell\XtNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NetOp Helper ver. 7.60 (2003246) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
also here is the Adaware report:
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, November 28, 2006 9:26:11 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-28-2006 9:26:12 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 11-27-2006 3:09:17 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [xtagent.exe]
FilePath : C:\WINDOWS\System32\Novell\
ProcessID : 900
ThreadCreationTime : 11-27-2006 3:09:21 PM
BasePriority : Normal
FileVersion : 1.2.3.1
ProductVersion : 1.2.3
ProductName : NetIdentity
CompanyName : Novell, Inc.
FileDescription : NetIdentity Service
InternalName : XTAgent.exe
LegalCopyright : Copyright 2002-2004 Novell, Inc.
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 11-27-2006 3:09:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1020
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 11-27-2006 3:09:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1372
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [servic~1.exe]
FilePath : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\
ProcessID : 1520
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
#:15 [fsgk32st.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1560
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler
#:16 [fsbwsys.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 1576
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 7.00.1
ProductVersion : 7.00
ProductName : F-Secure BackWeb
CompanyName : F-Secure Corp.
FileDescription : fsbwsys
InternalName : fsbwsys
LegalCopyright : Copyright © 2005 F-Secure Corporation
OriginalFilename : fsbwsys.exe
#:17 [fsgk32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1588
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.10.11380
ProductVersion : 6.10.11380
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fsgk32.exe
Comments : release
#:18 [fsma32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1608
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE
#:19 [fssm32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1656
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.10.11360
ProductVersion : 6.10.11360
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fssm32.exe
Comments : release
#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1680
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [fsmb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1704
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE
#:22 [nalntsrv.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 1760
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
CompanyName : Novell, Inc.
FileDescription : NT Service for Novell Application Launcher (Zenlite)
InternalName : nalntsrv
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : nalntsrv.exe
Comments : Visit: http://www.novell.com/coolsolutions/zenworks
#:23 [nhostsvc.exe]
FilePath : C:\Program Files\Danware Data\NetOp Remote Control\HOST\
ProcessID : 1900
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
#:24 [wm.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 2036
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : v6.5.2 (20050104)
ProductVersion : v6.5.2 (20050104)
ProductName : ZENworks Desktop Management
CompanyName : Novell, Inc.
FileDescription : Workstation Manager Service
InternalName : WM
LegalCopyright : Copyright © 1992-2005 Novell, Inc.
OriginalFilename : WM.EXE
#:25 [fch32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 504
ThreadCreationTime : 11-27-2006 3:09:26 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 552
ThreadCreationTime : 11-27-2006 3:09:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [fnrb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1144
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE
#:28 [fsqh.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1184
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.00.6.00.11150
ProductVersion : 6.00 Build 6.00.11150
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure Quarantine Handler
InternalName : FSQH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSQH.EXE
#:29 [fameh32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1196
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE
#:30 [fsdfwd.exe]
FilePath : C:\Program Files\F-Secure\FWES\Program\
ProcessID : 1412
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 6.02.540
ProductVersion : 6.02 Build 540
ProductName : F-Secure Anti-Virus Internet Shield
CompanyName : F-Secure Corporation
FileDescription : F-Secure Anti-Virus Internet Shield daemon
InternalName : fsdfwd
LegalCopyright : Copyright © F-Secure Corporation 1997-2005
OriginalFilename : fsdfwd.exe
#:31 [fsrw.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1456
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 1.1.222
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure System Control
InternalName : FSRW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSRW.EXE
#:32 [fih32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1460
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE
#:33 [fsav32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2372
ThreadCreationTime : 11-27-2006 3:09:38 PM
BasePriority : Normal
FileVersion : 6.01.11400
ProductVersion : 6.01.11400
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2005, F-Secure Corporation
OriginalFilename : FSAV32.exe
#:34 [winsqclient.exe]
FilePath : \\edgstaff1\sys\public\
ProcessID : 340
ThreadCreationTime : 11-28-2006 6:47:22 AM
BasePriority : Normal
#:35 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1236
ThreadCreationTime : 11-28-2006 6:47:25 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:36 [nalagent.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 1176
ThreadCreationTime : 11-28-2006 6:47:26 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
ProductName : ZENworks for Desktops
CompanyName : Novell, Inc
FileDescription : ZENworks Application Engine
InternalName : NalAgent
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : NalAgent.exe
Comments : Requires Windows 98, W2K, XP
#:37 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3156
ThreadCreationTime : 11-28-2006 6:47:32 AM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:38 [nwtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2820
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE
#:39 [fsm32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2972
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE
#:40 [dpmw32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3252
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : v3.0.1
ProductVersion : v3.0.1
ProductName : NDPS RPM & Notification Listener
CompanyName : Novell, Inc.
FileDescription : NDPS RPM & Notification Listener
InternalName : DPMW32
LegalCopyright : Copyright © 1992 - 2004, by Novell, Inc. All rights reserved.
OriginalFilename : DPMW32.EXE
#:41 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2900
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:42 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 592
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\
ProcessID : 4040
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:44 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 3272
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 8,0,0,716
ProductVersion : 8,0,0,716
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:45 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3528
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:46 [fsaw.exe]
FilePath : C:\PROGRA~1\F-Secure\ANTI-S~1\
ProcessID : 2768
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 1.1.192
ProductName : F-Secure Anti-Spyware
CompanyName : F-Secure Corporation
FileDescription : F-Secure Browser Control
InternalName : FSAW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSAW.EXE
#:47 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3520
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:48 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3440
ThreadCreationTime : 11-28-2006 6:47:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:49 [fsguidll.exe]
FilePath : C:\Program Files\F-Secure\FSGUI\
ProcessID : 3188
ThreadCreationTime : 11-28-2006 6:47:37 AM
BasePriority : Normal
FileVersion : 6, 20, 11, 0
ProductVersion : 6, 10, 60, 0
ProductName : F-Secure Internet Security 2006 version 6.10
CompanyName : F-Secure Corporation
FileDescription : F-Secure GUI component
InternalName : fsguiexe
LegalCopyright : Copyright © 2003-2006 F-Secure Corporation
OriginalFilename : fsguiexe.exe
#:50 [f-secure automatic update.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 3148
ThreadCreationTime : 11-28-2006 6:47:43 AM
BasePriority : Normal
#:51 [notify.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 348
ThreadCreationTime : 11-28-2006 6:47:46 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Notify
InternalName : Notify
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : NOTIFY.EXE
#:52 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 660
ThreadCreationTime : 11-28-2006 6:47:48 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:53 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2984
ThreadCreationTime : 11-28-2006 6:48:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:54 [grpwise.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 4968
ThreadCreationTime : 11-28-2006 6:49:39 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Client
InternalName : GrpWise
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : GrpWise.exe
#:55 [uiload.dll]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 5272
ThreadCreationTime : 11-28-2006 6:49:45 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Interface Loader
InternalName : uiload
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : uiload
Comments : www.advansyscorp.com
#:56 [formativ.exe]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 5312
ThreadCreationTime : 11-28-2006 6:49:46 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Tray Interface
InternalName : Formativ
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : formativ.exe
Comments : www.advansyscorp.com
#:57 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 4988
ThreadCreationTime : 11-28-2006 7:13:43 AM
BasePriority : Normal
#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4780
ThreadCreationTime : 11-28-2006 7:23:12 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@atdmt.com/
Expires : 11-26-2011 2:00:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@statse.webtrendslive.com/
Expires : 11-25-2016 8:52:40 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@ads.addynamix.com/
Expires : 11-29-2006 8:48:40 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 14
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
9:38:35 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:23.671
Objects scanned:136590
Objects identified:4
Objects ignored:0
New critical objects:4
********************************************************************************
*********
Hi there,
Could someone help me with this please.....see the attached reports....not-virus:Hoax.Win32.Renos.gg, Virus
I am unable to get rid of it....
I have found the file....but am not sure if I should just delete it......
Frodo
http://www.lavasoftsupport.com/index.php?a...post&id=962
Have run Hijack this again and here is the report:
Logfile of HijackThis v1.99.1
Scan saved at 9:22:51 AM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
\edgstaff1\sys\public\winsqclient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Novell\GroupWise\notify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Novell\GroupWise\grpwise.exe
C:\PROGRA~1\Advansys\Formativ\uiload.dll
C:\PROGRA~1\Advansys\Formativ\formativ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://innerweb.und.ac.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://innerweb.und.ac.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.ukzn.ac.za/config.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nu.ac.za:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.nu.ac.za; *.und.ac.za; *.unp.ac.za; *.ukzn.ac.za;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Silver Codec\isaddon.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Notify.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160548789296
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\System32\Novell\XtNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NetOp Helper ver. 7.60 (2003246) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
also here is the Adaware report:
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, November 28, 2006 9:26:11 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-28-2006 9:26:12 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 616
ThreadCreationTime : 11-27-2006 3:09:17 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 11-27-2006 3:09:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [xtagent.exe]
FilePath : C:\WINDOWS\System32\Novell\
ProcessID : 900
ThreadCreationTime : 11-27-2006 3:09:21 PM
BasePriority : Normal
FileVersion : 1.2.3.1
ProductVersion : 1.2.3
ProductName : NetIdentity
CompanyName : Novell, Inc.
FileDescription : NetIdentity Service
InternalName : XTAgent.exe
LegalCopyright : Copyright 2002-2004 Novell, Inc.
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 11-27-2006 3:09:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1020
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 11-27-2006 3:09:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 11-27-2006 3:09:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1372
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [servic~1.exe]
FilePath : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\
ProcessID : 1520
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
#:15 [fsgk32st.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1560
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler
#:16 [fsbwsys.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 1576
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 7.00.1
ProductVersion : 7.00
ProductName : F-Secure BackWeb
CompanyName : F-Secure Corp.
FileDescription : fsbwsys
InternalName : fsbwsys
LegalCopyright : Copyright © 2005 F-Secure Corporation
OriginalFilename : fsbwsys.exe
#:17 [fsgk32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1588
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.10.11380
ProductVersion : 6.10.11380
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fsgk32.exe
Comments : release
#:18 [fsma32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1608
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE
#:19 [fssm32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1656
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.10.11360
ProductVersion : 6.10.11360
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fssm32.exe
Comments : release
#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1680
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [fsmb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1704
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE
#:22 [nalntsrv.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 1760
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
CompanyName : Novell, Inc.
FileDescription : NT Service for Novell Application Launcher (Zenlite)
InternalName : nalntsrv
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : nalntsrv.exe
Comments : Visit: http://www.novell.com/coolsolutions/zenworks
#:23 [nhostsvc.exe]
FilePath : C:\Program Files\Danware Data\NetOp Remote Control\HOST\
ProcessID : 1900
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
#:24 [wm.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 2036
ThreadCreationTime : 11-27-2006 3:09:25 PM
BasePriority : Normal
FileVersion : v6.5.2 (20050104)
ProductVersion : v6.5.2 (20050104)
ProductName : ZENworks Desktop Management
CompanyName : Novell, Inc.
FileDescription : Workstation Manager Service
InternalName : WM
LegalCopyright : Copyright © 1992-2005 Novell, Inc.
OriginalFilename : WM.EXE
#:25 [fch32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 504
ThreadCreationTime : 11-27-2006 3:09:26 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 552
ThreadCreationTime : 11-27-2006 3:09:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [fnrb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1144
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE
#:28 [fsqh.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1184
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.00.6.00.11150
ProductVersion : 6.00 Build 6.00.11150
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure Quarantine Handler
InternalName : FSQH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSQH.EXE
#:29 [fameh32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1196
ThreadCreationTime : 11-27-2006 3:09:29 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE
#:30 [fsdfwd.exe]
FilePath : C:\Program Files\F-Secure\FWES\Program\
ProcessID : 1412
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 6.02.540
ProductVersion : 6.02 Build 540
ProductName : F-Secure Anti-Virus Internet Shield
CompanyName : F-Secure Corporation
FileDescription : F-Secure Anti-Virus Internet Shield daemon
InternalName : fsdfwd
LegalCopyright : Copyright © F-Secure Corporation 1997-2005
OriginalFilename : fsdfwd.exe
#:31 [fsrw.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1456
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 1.1.222
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure System Control
InternalName : FSRW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSRW.EXE
#:32 [fih32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1460
ThreadCreationTime : 11-27-2006 3:09:30 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE
#:33 [fsav32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2372
ThreadCreationTime : 11-27-2006 3:09:38 PM
BasePriority : Normal
FileVersion : 6.01.11400
ProductVersion : 6.01.11400
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2005, F-Secure Corporation
OriginalFilename : FSAV32.exe
#:34 [winsqclient.exe]
FilePath : \\edgstaff1\sys\public\
ProcessID : 340
ThreadCreationTime : 11-28-2006 6:47:22 AM
BasePriority : Normal
#:35 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1236
ThreadCreationTime : 11-28-2006 6:47:25 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:36 [nalagent.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 1176
ThreadCreationTime : 11-28-2006 6:47:26 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
ProductName : ZENworks for Desktops
CompanyName : Novell, Inc
FileDescription : ZENworks Application Engine
InternalName : NalAgent
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : NalAgent.exe
Comments : Requires Windows 98, W2K, XP
#:37 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3156
ThreadCreationTime : 11-28-2006 6:47:32 AM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:38 [nwtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2820
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE
#:39 [fsm32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2972
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE
#:40 [dpmw32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3252
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : v3.0.1
ProductVersion : v3.0.1
ProductName : NDPS RPM & Notification Listener
CompanyName : Novell, Inc.
FileDescription : NDPS RPM & Notification Listener
InternalName : DPMW32
LegalCopyright : Copyright © 1992 - 2004, by Novell, Inc. All rights reserved.
OriginalFilename : DPMW32.EXE
#:41 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2900
ThreadCreationTime : 11-28-2006 6:47:33 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:42 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 592
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\
ProcessID : 4040
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:44 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 3272
ThreadCreationTime : 11-28-2006 6:47:34 AM
BasePriority : Normal
FileVersion : 8,0,0,716
ProductVersion : 8,0,0,716
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:45 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3528
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:46 [fsaw.exe]
FilePath : C:\PROGRA~1\F-Secure\ANTI-S~1\
ProcessID : 2768
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 1.1.192
ProductName : F-Secure Anti-Spyware
CompanyName : F-Secure Corporation
FileDescription : F-Secure Browser Control
InternalName : FSAW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSAW.EXE
#:47 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3520
ThreadCreationTime : 11-28-2006 6:47:35 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:48 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3440
ThreadCreationTime : 11-28-2006 6:47:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:49 [fsguidll.exe]
FilePath : C:\Program Files\F-Secure\FSGUI\
ProcessID : 3188
ThreadCreationTime : 11-28-2006 6:47:37 AM
BasePriority : Normal
FileVersion : 6, 20, 11, 0
ProductVersion : 6, 10, 60, 0
ProductName : F-Secure Internet Security 2006 version 6.10
CompanyName : F-Secure Corporation
FileDescription : F-Secure GUI component
InternalName : fsguiexe
LegalCopyright : Copyright © 2003-2006 F-Secure Corporation
OriginalFilename : fsguiexe.exe
#:50 [f-secure automatic update.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 3148
ThreadCreationTime : 11-28-2006 6:47:43 AM
BasePriority : Normal
#:51 [notify.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 348
ThreadCreationTime : 11-28-2006 6:47:46 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Notify
InternalName : Notify
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : NOTIFY.EXE
#:52 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 660
ThreadCreationTime : 11-28-2006 6:47:48 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:53 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2984
ThreadCreationTime : 11-28-2006 6:48:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:54 [grpwise.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 4968
ThreadCreationTime : 11-28-2006 6:49:39 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Client
InternalName : GrpWise
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : GrpWise.exe
#:55 [uiload.dll]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 5272
ThreadCreationTime : 11-28-2006 6:49:45 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Interface Loader
InternalName : uiload
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : uiload
Comments : www.advansyscorp.com
#:56 [formativ.exe]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 5312
ThreadCreationTime : 11-28-2006 6:49:46 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Tray Interface
InternalName : Formativ
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : formativ.exe
Comments : www.advansyscorp.com
#:57 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 4988
ThreadCreationTime : 11-28-2006 7:13:43 AM
BasePriority : Normal
#:58 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4780
ThreadCreationTime : 11-28-2006 7:23:12 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@atdmt.com/
Expires : 11-26-2011 2:00:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@statse.webtrendslive.com/
Expires : 11-25-2016 8:52:40 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@ads.addynamix.com/
Expires : 11-29-2006 8:48:40 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:administrator@serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 14
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
9:38:35 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:23.671
Objects scanned:136590
Objects identified:4
Objects ignored:0
New critical objects:4
********************************************************************************
*********
Hi there,
Could someone help me with this please.....see the attached reports....not-virus:Hoax.Win32.Renos.gg, Virus
I am unable to get rid of it....
I have found the file....but am not sure if I should just delete it......
Frodo
http://www.lavasoftsupport.com/index.php?a...post&id=962
Hello,Frodo & Welcome
First have a look at the quote box at the bottom of this page.
do as is asked at the links then show us a new HijackThis logfile
note i will not download any files on the forums so please post it here.
Gogo
First have a look at the quote box at the bottom of this page.
do as is asked at the links then show us a new HijackThis logfile
note i will not download any files on the forums so please post it here.
Gogo
Hi Frodo,
Thank you for editing in your logs for HJThis
Link Back to previous post: http://www.lavasoftsupport.com/index.php?s...ic=4864&hl=
Regards,
Spike
Thank you for editing in your logs for HJThis
Link Back to previous post: http://www.lavasoftsupport.com/index.php?s...ic=4864&hl=
Regards,
Spike
Hi,Frodo
Sorry you seem to have been passed by here.
Please download:
SmitfraudFix (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press"Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.
Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Gogo ;
Sorry you seem to have been passed by here.
Please download:
SmitfraudFix (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press"Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.
Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Gogo ;
Pasting in your logs for easier reading
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 24, 2006 8:25:07 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-24-2006 8:25:07 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 620
ThreadCreationTime : 11-24-2006 6:08:13 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [xtagent.exe]
FilePath : C:\WINDOWS\System32\Novell\
ProcessID : 936
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 1.2.3.1
ProductVersion : 1.2.3
ProductName : NetIdentity
CompanyName : Novell, Inc.
FileDescription : NetIdentity Service
InternalName : XTAgent.exe
LegalCopyright : Copyright 2002-2004 Novell, Inc.
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1116
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 11-24-2006 6:08:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [servic~1.exe]
FilePath : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\
ProcessID : 1772
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
#:15 [fsgk32st.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1812
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler
#:16 [fsbwsys.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 1828
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 7.00.1
ProductVersion : 7.00
ProductName : F-Secure BackWeb
CompanyName : F-Secure Corp.
FileDescription : fsbwsys
InternalName : fsbwsys
LegalCopyright : Copyright © 2005 F-Secure Corporation
OriginalFilename : fsbwsys.exe
#:17 [fsgk32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1840
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.10.11380
ProductVersion : 6.10.11380
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fsgk32.exe
Comments : release
#:18 [fsma32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1852
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE
#:19 [fssm32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1904
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.10.11360
ProductVersion : 6.10.11360
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fssm32.exe
Comments : release
#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1924
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [fsmb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1940
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE
#:22 [nalntsrv.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 2016
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
CompanyName : Novell, Inc.
FileDescription : NT Service for Novell Application Launcher (Zenlite)
InternalName : nalntsrv
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : nalntsrv.exe
Comments : Visit: http://www.novell.com/coolsolutions/zenworks
#:23 [nhostsvc.exe]
FilePath : C:\Program Files\Danware Data\NetOp Remote Control\HOST\
ProcessID : 284
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
#:24 [wm.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 468
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
FileVersion : v6.5.2 (20050104)
ProductVersion : v6.5.2 (20050104)
ProductName : ZENworks Desktop Management
CompanyName : Novell, Inc.
FileDescription : Workstation Manager Service
InternalName : WM
LegalCopyright : Copyright © 1992-2005 Novell, Inc.
OriginalFilename : WM.EXE
#:25 [fch32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1356
ThreadCreationTime : 11-24-2006 6:08:23 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1488
ThreadCreationTime : 11-24-2006 6:08:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [fnrb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2112
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE
#:28 [fsqh.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2128
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.00.6.00.11150
ProductVersion : 6.00 Build 6.00.11150
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure Quarantine Handler
InternalName : FSQH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSQH.EXE
#:29 [fameh32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2140
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE
#:30 [fsdfwd.exe]
FilePath : C:\Program Files\F-Secure\FWES\Program\
ProcessID : 2284
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 6.02.540
ProductVersion : 6.02 Build 540
ProductName : F-Secure Anti-Virus Internet Shield
CompanyName : F-Secure Corporation
FileDescription : F-Secure Anti-Virus Internet Shield daemon
InternalName : fsdfwd
LegalCopyright : Copyright © F-Secure Corporation 1997-2005
OriginalFilename : fsdfwd.exe
#:31 [fsrw.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2300
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 1.1.222
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure System Control
InternalName : FSRW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSRW.EXE
#:32 [fih32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2304
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE
#:33 [fsav32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 3048
ThreadCreationTime : 11-24-2006 6:08:34 AM
BasePriority : Normal
FileVersion : 6.01.11400
ProductVersion : 6.01.11400
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2005, F-Secure Corporation
OriginalFilename : FSAV32.exe
#:34 [winsqclient.exe]
FilePath : \\edgstaff1\sys\public\
ProcessID : 3184
ThreadCreationTime : 11-24-2006 6:08:35 AM
BasePriority : Normal
#:35 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3364
ThreadCreationTime : 11-24-2006 6:08:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:36 [nalagent.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 3636
ThreadCreationTime : 11-24-2006 6:08:43 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
ProductName : ZENworks for Desktops
CompanyName : Novell, Inc
FileDescription : ZENworks Application Engine
InternalName : NalAgent
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : NalAgent.exe
Comments : Requires Windows 98, W2K, XP
#:37 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3912
ThreadCreationTime : 11-24-2006 6:08:44 AM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:38 [nwtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4000
ThreadCreationTime : 11-24-2006 6:08:44 AM
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE
#:39 [fsm32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 4048
ThreadCreationTime : 11-24-2006 6:08:45 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE
#:40 [dpmw32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 344
ThreadCreationTime : 11-24-2006 6:08:45 AM
BasePriority : Normal
FileVersion : v3.0.1
ProductVersion : v3.0.1
ProductName : NDPS RPM & Notification Listener
CompanyName : Novell, Inc.
FileDescription : NDPS RPM & Notification Listener
InternalName : DPMW32
LegalCopyright : Copyright © 1992 - 2004, by Novell, Inc. All rights reserved.
OriginalFilename : DPMW32.EXE
#:41 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 644
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:42 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 672
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [fsaw.exe]
FilePath : C:\PROGRA~1\F-Secure\ANTI-S~1\
ProcessID : 536
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 1.1.192
ProductName : F-Secure Anti-Spyware
CompanyName : F-Secure Corporation
FileDescription : F-Secure Browser Control
InternalName : FSAW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSAW.EXE
#:44 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\
ProcessID : 1364
ThreadCreationTime : 11-24-2006 6:08:47 AM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:45 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 1688
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 8,0,0,716
ProductVersion : 8,0,0,716
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:46 [fsguidll.exe]
FilePath : C:\Program Files\F-Secure\FSGUI\
ProcessID : 2260
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 6, 20, 11, 0
ProductVersion : 6, 10, 60, 0
ProductName : F-Secure Internet Security 2006 version 6.10
CompanyName : F-Secure Corporation
FileDescription : F-Secure GUI component
InternalName : fsguiexe
LegalCopyright : Copyright © 2003-2006 F-Secure Corporation
OriginalFilename : fsguiexe.exe
#:47 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2540
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:48 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2172
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:49 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2652
ThreadCreationTime : 11-24-2006 6:08:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:50 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3324
ThreadCreationTime : 11-24-2006 6:08:52 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:51 [f-secure automatic update.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 348
ThreadCreationTime : 11-24-2006 6:08:57 AM
BasePriority : Normal
#:52 [notify.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 280
ThreadCreationTime : 11-24-2006 6:08:57 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Notify
InternalName : Notify
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : NOTIFY.EXE
#:53 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3492
ThreadCreationTime : 11-24-2006 6:09:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:54 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 4472
ThreadCreationTime : 11-24-2006 6:09:43 AM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:55 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 5772
ThreadCreationTime : 11-24-2006 6:10:15 AM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:56 [grpwise.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 4192
ThreadCreationTime : 11-24-2006 6:14:05 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Client
InternalName : GrpWise
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : GrpWise.exe
#:57 [uiload.dll]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 4804
ThreadCreationTime : 11-24-2006 6:14:22 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Interface Loader
InternalName : uiload
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : uiload
Comments : www.advansyscorp.com
#:58 [formativ.exe]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 4864
ThreadCreationTime : 11-24-2006 6:14:23 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Tray Interface
InternalName : Formativ
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : formativ.exe
Comments : www.advansyscorp.com
#:59 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5320
ThreadCreationTime : 11-24-2006 6:24:55 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@atdmt.com/
Expires : 11-22-2011 2:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@statse.webtrendslive.com/
Expires : 11-20-2016 6:36:10 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@tribalfusion.com/
Expires : 1-1-2038 2:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
8:42:37 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:30.0
Objects scanned:143268
Objects identified:3
Objects ignored:0
New critical objects:3
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 24, 2006 8:25:07 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-24-2006 8:25:07 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2081899588-1170548251-902174492-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 620
ThreadCreationTime : 11-24-2006 6:08:13 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 11-24-2006 6:08:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [xtagent.exe]
FilePath : C:\WINDOWS\System32\Novell\
ProcessID : 936
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 1.2.3.1
ProductVersion : 1.2.3
ProductName : NetIdentity
CompanyName : Novell, Inc.
FileDescription : NetIdentity Service
InternalName : XTAgent.exe
LegalCopyright : Copyright 2002-2004 Novell, Inc.
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 11-24-2006 6:08:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1116
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 11-24-2006 6:08:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 11-24-2006 6:08:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [servic~1.exe]
FilePath : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\
ProcessID : 1772
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
#:15 [fsgk32st.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1812
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 1, 0, 7360, 0
ProductVersion : 1, 0, 7360, 56
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corp.
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2001
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler
#:16 [fsbwsys.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 1828
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 7.00.1
ProductVersion : 7.00
ProductName : F-Secure BackWeb
CompanyName : F-Secure Corp.
FileDescription : fsbwsys
InternalName : fsbwsys
LegalCopyright : Copyright © 2005 F-Secure Corporation
OriginalFilename : fsbwsys.exe
#:17 [fsgk32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1840
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.10.11380
ProductVersion : 6.10.11380
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fsgk32.exe
Comments : release
#:18 [fsma32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1852
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE
#:19 [fssm32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 1904
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.10.11360
ProductVersion : 6.10.11360
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fssm32.exe
Comments : release
#:20 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1924
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [fsmb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1940
ThreadCreationTime : 11-24-2006 6:08:21 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE
#:22 [nalntsrv.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 2016
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
CompanyName : Novell, Inc.
FileDescription : NT Service for Novell Application Launcher (Zenlite)
InternalName : nalntsrv
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : nalntsrv.exe
Comments : Visit: http://www.novell.com/coolsolutions/zenworks
#:23 [nhostsvc.exe]
FilePath : C:\Program Files\Danware Data\NetOp Remote Control\HOST\
ProcessID : 284
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
#:24 [wm.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 468
ThreadCreationTime : 11-24-2006 6:08:22 AM
BasePriority : Normal
FileVersion : v6.5.2 (20050104)
ProductVersion : v6.5.2 (20050104)
ProductName : ZENworks Desktop Management
CompanyName : Novell, Inc.
FileDescription : Workstation Manager Service
InternalName : WM
LegalCopyright : Copyright © 1992-2005 Novell, Inc.
OriginalFilename : WM.EXE
#:25 [fch32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 1356
ThreadCreationTime : 11-24-2006 6:08:23 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1488
ThreadCreationTime : 11-24-2006 6:08:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [fnrb32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2112
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Network Request Broker
InternalName : FNRB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FNRB32.EXE
#:28 [fsqh.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2128
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.00.6.00.11150
ProductVersion : 6.00 Build 6.00.11150
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure Quarantine Handler
InternalName : FSQH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSQH.EXE
#:29 [fameh32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2140
ThreadCreationTime : 11-24-2006 6:08:25 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE
#:30 [fsdfwd.exe]
FilePath : C:\Program Files\F-Secure\FWES\Program\
ProcessID : 2284
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 6.02.540
ProductVersion : 6.02 Build 540
ProductName : F-Secure Anti-Virus Internet Shield
CompanyName : F-Secure Corporation
FileDescription : F-Secure Anti-Virus Internet Shield daemon
InternalName : fsdfwd
LegalCopyright : Copyright © F-Secure Corporation 1997-2005
OriginalFilename : fsdfwd.exe
#:31 [fsrw.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 2300
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 1.1.222
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure System Control
InternalName : FSRW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSRW.EXE
#:32 [fih32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 2304
ThreadCreationTime : 11-24-2006 6:08:29 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Installation Launcher
InternalName : ILAUNCHR
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : ILAUNCHR.EXE
#:33 [fsav32.exe]
FilePath : C:\Program Files\F-Secure\Anti-Virus\
ProcessID : 3048
ThreadCreationTime : 11-24-2006 6:08:34 AM
BasePriority : Normal
FileVersion : 6.01.11400
ProductVersion : 6.01.11400
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2005, F-Secure Corporation
OriginalFilename : FSAV32.exe
#:34 [winsqclient.exe]
FilePath : \\edgstaff1\sys\public\
ProcessID : 3184
ThreadCreationTime : 11-24-2006 6:08:35 AM
BasePriority : Normal
#:35 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3364
ThreadCreationTime : 11-24-2006 6:08:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:36 [nalagent.exe]
FilePath : C:\Program Files\Novell\ZENworks\
ProcessID : 3636
ThreadCreationTime : 11-24-2006 6:08:43 AM
BasePriority : Normal
FileVersion : 6.5.20.0
ProductVersion : 6.5.20.0
ProductName : ZENworks for Desktops
CompanyName : Novell, Inc
FileDescription : ZENworks Application Engine
InternalName : NalAgent
LegalCopyright : Copyright © 1996-2005 Novell, Inc. All rights reserved. U.S. Patent No. 5,692,129 and other Patents Pending.
OriginalFilename : NalAgent.exe
Comments : Requires Windows 98, W2K, XP
#:37 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3912
ThreadCreationTime : 11-24-2006 6:08:44 AM
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:38 [nwtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4000
ThreadCreationTime : 11-24-2006 6:08:44 AM
BasePriority : Normal
FileVersion : v4.90
ProductVersion : v4.90
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE
#:39 [fsm32.exe]
FilePath : C:\Program Files\F-Secure\Common\
ProcessID : 4048
ThreadCreationTime : 11-24-2006 6:08:45 AM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE
#:40 [dpmw32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 344
ThreadCreationTime : 11-24-2006 6:08:45 AM
BasePriority : Normal
FileVersion : v3.0.1
ProductVersion : v3.0.1
ProductName : NDPS RPM & Notification Listener
CompanyName : Novell, Inc.
FileDescription : NDPS RPM & Notification Listener
InternalName : DPMW32
LegalCopyright : Copyright © 1992 - 2004, by Novell, Inc. All rights reserved.
OriginalFilename : DPMW32.EXE
#:41 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 644
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:42 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 672
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:43 [fsaw.exe]
FilePath : C:\PROGRA~1\F-Secure\ANTI-S~1\
ProcessID : 536
ThreadCreationTime : 11-24-2006 6:08:46 AM
BasePriority : Normal
FileVersion : 1.1.192
ProductName : F-Secure Anti-Spyware
CompanyName : F-Secure Corporation
FileDescription : F-Secure Browser Control
InternalName : FSAW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSAW.EXE
#:44 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\
ProcessID : 1364
ThreadCreationTime : 11-24-2006 6:08:47 AM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:45 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 1688
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 8,0,0,716
ProductVersion : 8,0,0,716
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.
#:46 [fsguidll.exe]
FilePath : C:\Program Files\F-Secure\FSGUI\
ProcessID : 2260
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 6, 20, 11, 0
ProductVersion : 6, 10, 60, 0
ProductName : F-Secure Internet Security 2006 version 6.10
CompanyName : F-Secure Corporation
FileDescription : F-Secure GUI component
InternalName : fsguiexe
LegalCopyright : Copyright © 2003-2006 F-Secure Corporation
OriginalFilename : fsguiexe.exe
#:47 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2540
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe
#:48 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2172
ThreadCreationTime : 11-24-2006 6:08:48 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:49 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2652
ThreadCreationTime : 11-24-2006 6:08:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:50 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3324
ThreadCreationTime : 11-24-2006 6:08:52 AM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:51 [f-secure automatic update.exe]
FilePath : C:\Program Files\F-Secure\BackWeb\7681197\program\
ProcessID : 348
ThreadCreationTime : 11-24-2006 6:08:57 AM
BasePriority : Normal
#:52 [notify.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 280
ThreadCreationTime : 11-24-2006 6:08:57 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Notify
InternalName : Notify
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : NOTIFY.EXE
#:53 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3492
ThreadCreationTime : 11-24-2006 6:09:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:54 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 4472
ThreadCreationTime : 11-24-2006 6:09:43 AM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:55 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 5772
ThreadCreationTime : 11-24-2006 6:10:15 AM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:56 [grpwise.exe]
FilePath : C:\Novell\GroupWise\
ProcessID : 4192
ThreadCreationTime : 11-24-2006 6:14:05 AM
BasePriority : Normal
FileVersion : 7.0.1
ProductVersion : 7.0.1
ProductName : Novell GroupWise
CompanyName : Novell, Inc.
FileDescription : Novell GroupWise Client
InternalName : GrpWise
LegalCopyright : Copyright © 1993-2006 Novell, Inc. All rights reserved.
OriginalFilename : GrpWise.exe
#:57 [uiload.dll]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 4804
ThreadCreationTime : 11-24-2006 6:14:22 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Interface Loader
InternalName : uiload
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : uiload
Comments : www.advansyscorp.com
#:58 [formativ.exe]
FilePath : C:\PROGRA~1\Advansys\Formativ\
ProcessID : 4864
ThreadCreationTime : 11-24-2006 6:14:23 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.1
ProductName : Advansys Formativ: Novell GroupWise Client Extender
CompanyName : Advansys Pty Limited
FileDescription : Advansys Formativ Tray Interface
InternalName : Formativ
LegalCopyright : Copyright © 2005 Advansys Pty Limited
OriginalFilename : formativ.exe
Comments : www.advansyscorp.com
#:59 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5320
ThreadCreationTime : 11-24-2006 6:24:55 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@atdmt.com/
Expires : 11-22-2011 2:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@statse.webtrendslive.com/
Expires : 11-20-2016 6:36:10 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@tribalfusion.com/
Expires : 1-1-2038 2:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
8:42:37 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:30.0
Objects scanned:143268
Objects identified:3
Objects ignored:0
New critical objects:3
Logfile of HijackThis v1.99.1
Scan saved at 8:43:17 AM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
\edgstaff1\sys\public\winsqclient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Novell\GroupWise\notify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://innerweb.und.ac.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://innerweb.und.ac.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.ukzn.ac.za/config.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nu.ac.za:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.nu.ac.za; *.und.ac.za; *.unp.ac.za; *.ukzn.ac.za;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Silver Codec\isaddon.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Silver Codec\iesplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Notify.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160548789296
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\System32\Novell\XtNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NetOp Helper ver. 7.60 (2003246) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
Scan saved at 8:43:17 AM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
\edgstaff1\sys\public\winsqclient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Novell\GroupWise\notify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://innerweb.und.ac.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://innerweb.und.ac.za/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.ukzn.ac.za/config.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nu.ac.za:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.nu.ac.za; *.und.ac.za; *.unp.ac.za; *.ukzn.ac.za;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Silver Codec\isaddon.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Silver Codec\iesplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Notify.lnk = C:\Novell\GroupWise\notify.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_04\bin\npjpi141_04.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160548789296
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\System32\Novell\XtNotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: amaranthaceous - {4fc003c3-87a0-489c-85cd-878246eb2d18} - C:\WINDOWS\system32\oebxpba.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NetOp Helper ver. 7.60 (2003246) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.