can't get rid of virus

**danbluk** · 20-01-2007

I keep getting the same virus picked up by nortons every few seconds until i disable auto protect. Ad-aware also picked it up and deleted it but norton still picked it up upon reboot. Now ad-aware no longer picks it up but nortons still des every few seconds. I save the ad-aware log files when it picked it up and when it stopped picking it up. I even started the pc in safe mode and deleted the file manually but it still comes eventually. I have attached2 a screen shot of norton picking it up as well as pasted both the log files.
I don't know what else to do

Please help

log file when ad-aware picked it up

Ad-Aware SE Build 1.06r1
Logfile Created on:20 January 2007 12:55:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R145 17.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
win32.Trojan.Dnschanger(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

20-01-2007 12:55:41 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 764
ThreadCreationTime : 20-01-2007 11:38:49
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 20-01-2007 11:38:52
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : High

#:4 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1004
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1176
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1252
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 20-01-2007 11:38:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1596
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 1668
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [sndsrvc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 1688
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [ati2evxx.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1744
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:15 [spbbcsvc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1776
ThreadCreationTime : 20-01-2007 11:38:56
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [ccevtmgr.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 224
ThreadCreationTime : 20-01-2007 11:38:58
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:17 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 20-01-2007 11:38:59
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [aluschedulersvc.exe]
FilePath : D:\Program Files\Symantec\LiveUpdate\
ProcessID : 528
ThreadCreationTime : 20-01-2007 11:38:59
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:19 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 20-01-2007 11:38:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [navapsvc.exe]
FilePath : D:\Program Files\Norton SystemWorks\Norton AntiVirus\
ProcessID : 688
ThreadCreationTime : 20-01-2007 11:38:59
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:21 [npfmntor.exe]
FilePath : D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\
ProcessID : 812
ThreadCreationTime : 20-01-2007 11:38:59
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:22 [nprotect.exe]
FilePath : D:\PROGRA~1\NORTON~1\NORTON~1\
ProcessID : 896
ThreadCreationTime : 20-01-2007 11:39:00
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:23 [snmp.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1388
ThreadCreationTime : 20-01-2007 11:39:00
BasePriority : Normal
FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)
ProductVersion : 5.1.2600.3038
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:24 [nopdb.exe]
FilePath : D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\
ProcessID : 1488
ThreadCreationTime : 20-01-2007 11:39:00
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll

#:25 [symlcsvc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1580
ThreadCreationTime : 20-01-2007 11:39:01
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:26 [jusched.exe]
FilePath : D:\Program Files\Java\jre1.5.0_09\bin\
ProcessID : 1964
ThreadCreationTime : 20-01-2007 11:39:01
BasePriority : Normal

#:27 [itouch.exe]
FilePath : D:\Program Files\Logitech\iTouch\
ProcessID : 1996
ThreadCreationTime : 20-01-2007 11:39:01
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : (C) 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:28 [a_msn_monitor.exe]
FilePath : D:\Program Files\AwinSoft\MsnMonitor\
ProcessID : 2108
ThreadCreationTime : 20-01-2007 11:39:01
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
CompanyName : AwinSoft

#:29 [hpztsb07.exe]
FilePath : D:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 2204
ThreadCreationTime : 20-01-2007 11:39:03
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002

#:30 [rundll32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 2220
ThreadCreationTime : 20-01-2007 11:39:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:31 [ccapp.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 2316
ThreadCreationTime : 20-01-2007 11:39:03
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:32 [pg2.exe]
FilePath : D:\Program Files\PeerGuardian2\
ProcessID : 2464
ThreadCreationTime : 20-01-2007 11:39:04
BasePriority : Normal
FileVersion : 1, 0, 6, 3
ProductVersion : 2, 0, 6, 3
ProductName : PeerGuardian 2
CompanyName : Methlabs
FileDescription : PeerGuardian 2
InternalName : PG2
LegalCopyright : Copyright (C) 2004-2005 Cory Nelson
OriginalFilename : pg2.exe
Comments : http://peerguardian.methlabs.org

#:33 [wcescomm.exe]
FilePath : D:\PROGRA~1\MICROS~3\
ProcessID : 2484
ThreadCreationTime : 20-01-2007 11:39:04
BasePriority : Normal
FileVersion : 4.2.4876.0
ProductVersion : 4.2.4876
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:34 [ddk.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 2544
ThreadCreationTime : 20-01-2007 11:39:04
BasePriority : Normal

#:35 [rapimgr.exe]
FilePath : D:\PROGRA~1\MICROS~3\
ProcessID : 2628
ThreadCreationTime : 20-01-2007 11:39:04
BasePriority : Normal
FileVersion : 4.2.4876.0
ProductVersion : 4.2.4876
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync RAPI Manager
InternalName : rapimgr
LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : rapimgr.exe

#:36 [alg.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 3920
ThreadCreationTime : 20-01-2007 11:39:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:37 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1716
ThreadCreationTime : 20-01-2007 11:39:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [msmsgs.exe]
FilePath : D:\Program Files\Messenger\
ProcessID : 3132
ThreadCreationTime : 20-01-2007 12:34:29
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 852
ThreadCreationTime : 20-01-2007 12:40:06
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3864
ThreadCreationTime : 20-01-2007 12:51:33
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [iexplore.exe]
FilePath : D:\Program Files\Internet Explorer\
ProcessID : 2944
ThreadCreationTime : 20-01-2007 12:55:40
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (C

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (D

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

win32.Trojan.Dnschanger Object Recognized!
Type : File
Data : A0047971.exe
TAC Rating : 10
Category : Monitoring Tool
Comment :
Object : D:\System Volume Information\_restore{73F1A42D-241C-45C3-9F9C-308CD5291E3A}\RP98\

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

13:06:12 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:30.750
Objects scanned:183270
Objects identified:1
Objects ignored:0
New critical objects:1

log file after when ad-aware no longer detected it

Ad-Aware SE Build 1.06r1
Logfile Created on:20 January 2007 18:25:28
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R145 17.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R145 17.01.2007
Internal build : 182
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 937830 Bytes
Total size : 3058681 Bytes
Signature data size : 3008938 Bytes
Reference data size : 49231 Bytes
Signatures total : 81396
CSI Fingerprints total : 5284
CSI data size : 242638 Bytes
Target categories : 15
Target families : 1019

Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:66 %
Total physical memory:1048048 kb
Available physical memory:682792 kb
Total page file size:2521220 kb
Available on page file:2236416 kb
Total virtual memory:2097024 kb
Available virtual memory:2032728 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : Use permanent archive caching
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Disable manual quarantine if auto-quarantine is selected
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include alternate data stream details in log file
Set : Snap windows to desktop borders
Set : Use gridlines in results lists
Set : Create and save WebUpdate log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects

20-01-2007 18:25:28 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 788
ThreadCreationTime : 20-01-2007 18:23:51
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\csrss.exe
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 924
ThreadCreationTime : 20-01-2007 18:23:52
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 960
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : High

#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\services.exe
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 1004
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\lsass.exe
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 1016
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : D:\WINDOWS\system32\Ati2evxx.exe
Command Line : D:\WINDOWS\system32\Ati2evxx.exe
ProcessID : 1184
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1204
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1252
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\System32\svchost.exe
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1416
ThreadCreationTime : 20-01-2007 18:23:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1532
ThreadCreationTime : 20-01-2007 18:23:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1628
ThreadCreationTime : 20-01-2007 18:23:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1700
ThreadCreationTime : 20-01-2007 18:23:56
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [sndsrvc.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1716
ThreadCreationTime : 20-01-2007 18:23:56
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [ati2evxx.exe]
ModuleName : D:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1784
ThreadCreationTime : 20-01-2007 18:23:57
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:15 [spbbcsvc.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1840
ThreadCreationTime : 20-01-2007 18:23:57
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [explorer.exe]
ModuleName : D:\WINDOWS\Explorer.EXE
Command Line : D:\WINDOWS\Explorer.EXE
ProcessID : 128
ThreadCreationTime : 20-01-2007 18:23:58
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 268
ThreadCreationTime : 20-01-2007 18:23:58
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:18 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\spoolsv.exe
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 500
ThreadCreationTime : 20-01-2007 18:23:59
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:19 [jusched.exe]
ModuleName : D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
Command Line : "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
ProcessID : 676
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal

#:20 [itouch.exe]
ModuleName : D:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "D:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 688
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : (C) 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:21 [a_msn_monitor.exe]
ModuleName : D:\Program Files\AwinSoft\MsnMonitor\A_MSN_Monitor.exe
Command Line : "D:\Program Files\AwinSoft\MsnMonitor\A_MSN_Monitor.exe"
ProcessID : 608
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
CompanyName : AwinSoft

#:22 [hpztsb07.exe]
ModuleName : D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
Command Line : "D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb 07.exe"
ProcessID : 772
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2002

#:23 [rundll32.exe]
ModuleName : D:\WINDOWS\system32\rundll32.exe
Command Line : "D:\WINDOWS\system32\rundll32.exe" D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
ProcessID : 816
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:24 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 864
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:25 [pg2.exe]
ModuleName : D:\Program Files\PeerGuardian2\pg2.exe
Command Line : "D:\Program Files\PeerGuardian2\pg2.exe"
ProcessID : 904
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 1, 0, 6, 3
ProductVersion : 2, 0, 6, 3
ProductName : PeerGuardian 2
CompanyName : Methlabs
FileDescription : PeerGuardian 2
InternalName : PG2
LegalCopyright : Copyright (C) 2004-2005 Cory Nelson
OriginalFilename : pg2.exe
Comments : http://peerguardian.methlabs.org

#:26 [wcescomm.exe]
ModuleName : D:\PROGRA~1\MICROS~3\wcescomm.exe
Command Line : "D:\PROGRA~1\MICROS~3\wcescomm.exe"
ProcessID : 132
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal
FileVersion : 4.2.4876.0
ProductVersion : 4.2.4876
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:27 [ddk.exe]
ModuleName : D:\WINDOWS\system32\ddk.exe
Command Line : D:\WINDOWS\system32\ddk.exe
ProcessID : 1316
ThreadCreationTime : 20-01-2007 18:24:00
BasePriority : Normal

#:28 [rapimgr.exe]
ModuleName : D:\PROGRA~1\MICROS~3\rapimgr.exe
Command Line : D:\PROGRA~1\MICROS~3\rapimgr.exe -Embedding
ProcessID : 1356
ThreadCreationTime : 20-01-2007 18:24:01
BasePriority : Normal
FileVersion : 4.2.4876.0
ProductVersion : 4.2.4876
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync RAPI Manager
InternalName : rapimgr
LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : rapimgr.exe

#:29 [aluschedulersvc.exe]
ModuleName : D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Command Line : n/a
ProcessID : 1644
ThreadCreationTime : 20-01-2007 18:24:05
BasePriority : Normal
FileVersion : 3.0.0.171
ProductVersion : 3.0.0.171
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:30 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k bthsvcs
ProcessID : 1728
ThreadCreationTime : 20-01-2007 18:24:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [navapsvc.exe]
ModuleName : D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1832
ThreadCreationTime : 20-01-2007 18:24:05
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:32 [npfmntor.exe]
ModuleName : D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1968
ThreadCreationTime : 20-01-2007 18:24:05
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:33 [nprotect.exe]
ModuleName : D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
Command Line : n/a
ProcessID : 300
ThreadCreationTime : 20-01-2007 18:24:09
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:34 [snmp.exe]
ModuleName : D:\WINDOWS\System32\snmp.exe
Command Line : D:\WINDOWS\System32\snmp.exe
ProcessID : 664
ThreadCreationTime : 20-01-2007 18:24:09
BasePriority : Normal
FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)
ProductVersion : 5.1.2600.3038
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:35 [nopdb.exe]
ModuleName : D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Command Line : n/a
ProcessID : 884
ThreadCreationTime : 20-01-2007 18:24:09
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll

#:36 [symlcsvc.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 804
ThreadCreationTime : 20-01-2007 18:24:09
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:37 [alg.exe]
ModuleName : D:\WINDOWS\System32\alg.exe
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 3520
ThreadCreationTime : 20-01-2007 18:24:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [msmsgs.exe]
ModuleName : D:\Program Files\Messenger\msmsgs.exe
Command Line : "D:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 2872
ThreadCreationTime : 20-01-2007 18:24:24
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [svchost.exe]
ModuleName : D:\WINDOWS\System32\svchost.exe
Command Line : D:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3544
ThreadCreationTime : 20-01-2007 18:24:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:40 [wuauclt.exe]
ModuleName : D:\WINDOWS\system32\wuauclt.exe
Command Line : "D:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[588]SUSDS3544d8307ac2e143838084e751d2a6e4
ProcessID : 2544
ThreadCreationTime : 20-01-2007 18:24:55
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2980
ThreadCreationTime : 20-01-2007 18:25:06
BasePriority : Idle
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-842925246-1606980848-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Deep scanning and examining files (D

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

18:29:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:31.47
Objects scanned:144596
Objects identified:0
Objects ignored:0
New critical objects:0

Reanalyzing scan result
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
No objects have been removed from the result list.

**danbluk** · 20-01-2007

sorry forgot about the hijack this log file, my bad

Logfile of HijackThis v1.99.1
Scan saved at 18:48:23, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\Program Files\AwinSoft\MsnMonitor\A_MSN_Monitor.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\PeerGuardian2\pg2.exe
D:\PROGRA~1\MICROS~3\wcescomm.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\WINDOWS\System32\snmp.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\V6B6NFIO\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AMsnMonitor] "D:\Program Files\AwinSoft\MsnMonitor\A_MSN_Monitor.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] -D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Unknown owner - -D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

can't get rid of virus

can't get rid of virus

Similar Threads

Virus that won't let me open or run any anti-virus software

Virus!

Virus

Virus

Virus