Author Topic: Microsoft windows internal protect (Read 3338 times)

sdivad87 · « **on:** January 14, 2006, 03:12:52 PM »

Hey this is my first post here so I don't know if this is the right topic area but I recently found out I have a problem. From time to time when I use my computer or when I reboot, I get a message in the corner of my taskbar that says: (word for word)

---------------------------------------------------------------------------

Microsoft Windows has detected abnormal activity on your computer

Attention: Your system has been infected

Your PC Status:

OS Type: Windows

IP: (has IP listed)

Infected files: 11%

Spyware detected: HIGH RISK

Recommendations: Install spyware and antivirus software and clear your system. Spyware can be easily detected and removed with a free spyware scanner available for download at the link below

-----------------------------------------------------------------

(Then it has a button "Next page" that I am allegedly supposed to click)

When I click on X button on the top a window comes out with:

Do you really want to exit? Information on your PC may be corrupted

(with a "Microsoft windows internal protect" heading)

I ran spyware scanners such as Ad-aware and Spybot and ran virus scanners and although they detected spyware items and I removed them from my computer, this was still exists. Any suggestions would be very appreciated. Thanks.

GR@PH;<'S · « **Reply #1 on:** January 14, 2006, 03:54:00 PM »

sdivad87,
I recommend that you try this shoot the messenger
Also can you make sure that you are using
Ad-aware SE Build 106 (Free/Personal)
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
(SE1R.85.04.01.2006)
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98/ME users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default
GR@PH;<'S

sdivad87 · « **Reply #2 on:** January 15, 2006, 12:32:53 AM »

Ok here are the scan results:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, January 14, 2006 5:46:46 PM
Using definitions file:SE1R86 11.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):55 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

1-14-2006 5:46:46 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\David\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\David\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

sdivad87 · « **Reply #3 on:** January 15, 2006, 12:33:39 AM »

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 908
ThreadCreationTime : 1-14-2006 3:55:46 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 1-14-2006 3:55:54 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 1-14-2006 3:55:57 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 1-14-2006 3:55:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 1-14-2006 3:55:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1260
ThreadCreationTime : 1-14-2006 3:55:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1328
ThreadCreationTime : 1-14-2006 3:56:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1452
ThreadCreationTime : 1-14-2006 3:56:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1500
ThreadCreationTime : 1-14-2006 3:56:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1680
ThreadCreationTime : 1-14-2006 3:56:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2004
ThreadCreationTime : 1-14-2006 3:56:03 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 332
ThreadCreationTime : 1-14-2006 3:56:06 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 532
ThreadCreationTime : 1-14-2006 3:56:07 PM
BasePriority : Normal
FileVersion : 6.0.0.99
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 576
ThreadCreationTime : 1-14-2006 3:56:07 PM
BasePriority : Normal
FileVersion : 2,0,0,73
ProductVersion : 2,0,0,73
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 1-14-2006 3:56:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1412
ThreadCreationTime : 1-14-2006 3:56:12 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1784
ThreadCreationTime : 1-14-2006 3:56:16 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:18 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\
ProcessID : 1808
ThreadCreationTime : 1-14-2006 3:56:16 PM
BasePriority : Normal
FileVersion : 8.0.1.60
ProductVersion : 8.0.1.60
ProductName : Drag-to-Disc
CompanyName : Sonic Solutions
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright (c) 1994-2005 Sonic Solutions
LegalTrademarks : Copyright (c) 1994-2005 Sonic Solutions
OriginalFilename : BurnCtrl.EXE

#:19 [icasserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1816
ThreadCreationTime : 1-14-2006 3:56:16 PM
BasePriority : Normal

#:20 [wlancfg5.exe]
FilePath : C:\Program Files\NETGEAR WG311v2 Adapter\
ProcessID : 1912
ThreadCreationTime : 1-14-2006 3:56:17 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 7
ProductVersion : 2, 0, 0, 7
ProductName : NetgearCUv2 Application
FileDescription : NetgearCUv2 MFC Application
InternalName : NETGEAR WG511v2 Smart Configuration
LegalCopyright : Copyright (C) 2003
OriginalFilename : NetgearCUv2.EXE

#:21 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1980
ThreadCreationTime : 1-14-2006 3:56:18 PM
BasePriority : Normal
FileVersion : 3.0.0.150
ProductVersion : 3.0.0.150
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:22 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 220
ThreadCreationTime : 1-14-2006 3:56:20 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:23 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 416
ThreadCreationTime : 1-14-2006 3:56:21 PM
BasePriority : Normal
FileVersion : 12.1.0.20
ProductVersion : 12.1.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:24 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 528
ThreadCreationTime : 1-14-2006 3:56:23 PM
BasePriority : Normal
FileVersion : 12.1.0.20
ProductVersion : 12.1.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:25 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 1-14-2006 3:56:24 PM
BasePriority : Normal
FileVersion : 6.14.10.8185
ProductVersion : 6.14.10.8185
ProductName : NVIDIA Driver Helper Service, Version 81.85
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.85
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:26 [wrsssdk.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 996
ThreadCreationTime : 1-14-2006 3:56:26 PM
BasePriority : Normal
FileVersion : 2,0,8,483
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright (C) 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:27 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2168
ThreadCreationTime : 1-14-2006 3:56:38 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:28 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2192
ThreadCreationTime : 1-14-2006 3:56:39 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:29 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 3476
ThreadCreationTime : 1-14-2006 3:57:03 PM
BasePriority : Normal
FileVersion : 9.7.0.10
ProductVersion : 9.7
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2005 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3896
ThreadCreationTime : 1-14-2006 3:57:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 1212
ThreadCreationTime : 1-14-2006 3:57:20 PM
BasePriority : Normal
FileVersion : 2006.1.3.2
ProductVersion : 2006.1.3
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:32 [btdownloadgui.exe]
FilePath : C:\Program Files\bittorrent2\BitTornado\
ProcessID : 2304
ThreadCreationTime : 1-14-2006 4:54:07 PM
BasePriority : Normal

#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 4004
ThreadCreationTime : 1-14-2006 10:44:43 PM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:david@live365.com/
Expires : 1-18-2011 4:19:22 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 56

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 56

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

6:22:15 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:35:28.460
Objects scanned:185314
Objects identified:1
Objects ignored:0
New critical objects:1

GR@PH;<'S · « **Reply #4 on:** January 15, 2006, 11:08:22 AM »

sdivad87,
go to Add and Remove and scroll down and remove the icasserv.exe as this

Quote

#:19 [icasserv.exe]

is a

Quote

Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN!

once you have removved I recommend that you Reboot (ie: Re-start your PC)
Then do a trojan scan with a dedicated trojan scanner ie:TrojanHunter (Note Trojan Scanner 30 day Trial)
or a2
(Either way chech for updates before scanning)
then remove any think that the scan find then Reboot (ie: Re-start your PC)

Then once you have done clear out your cache folder again ie: Run
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours").

then rescan with Ad-aware doing a "Full Scan" and post your logfile here by using the "Add-reply" feature
GR@PH;<'S

sdivad87 · « **Reply #5 on:** January 15, 2006, 02:11:58 PM »

I couldn't find it in my Add/Remove Programs but I did find it in my Registry when I searched for the key. I deleted it from my Registry and I will post the Ad-aware results when finished. I had one question though. One of the ICASSERV.exe keys was found in my Webroot Spy Sweeper folder. Does that mean this program is infected and I should remove/uninstall it?

GR@PH;<'S · « **Reply #6 on:** January 15, 2006, 04:37:45 PM »

sdivad87,

Quote

ICASSERV.exe keys was found in my Webroot Spy Sweeper folder. Does that mean this program is infected It may be in there Quaratine folder if you have had it already removed with there programand I should remove/uninstall it?

if you have already tried to remove it using there program then it is more than lighly in there quarantine folder

to clean up the left overs can you please download
HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Logs forum.
Call it some ting like "my HijachThis log" in the Topic Title
and then put "referred by GR@PH;<'S" as the Topic Description
Also Please can you include a link to this post for reference

GR@PH;<'S

sdivad87 · « **Reply #7 on:** January 15, 2006, 07:50:31 PM »

Here are my Ad-aware scan results:

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, January 15, 2006 1:53:54 PM
Using definitions file:SE1R86 11.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):28 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects

1-15-2006 1:53:54 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\David\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\office\9.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-790525478-1935655697-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 500
ThreadCreationTime : 1-15-2006 6:49:36 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 1-15-2006 6:49:43 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 1-15-2006 6:49:47 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 1-15-2006 6:49:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 1-15-2006 6:49:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 1-15-2006 6:49:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 1-15-2006 6:49:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 1-15-2006 6:49:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 1-15-2006 6:49:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 1-15-2006 6:49:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1100
ThreadCreationTime : 1-15-2006 6:49:52 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1128
ThreadCreationTime : 1-15-2006 6:49:54 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1304
ThreadCreationTime : 1-15-2006 6:49:57 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1336
ThreadCreationTime : 1-15-2006 6:49:58 PM
BasePriority : Normal
FileVersion : 6.0.0.99
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation
OriginalFilename : SndSrvc.exe

sdivad87 · « **Reply #8 on:** January 15, 2006, 07:51:22 PM »

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1376
ThreadCreationTime : 1-15-2006 6:49:58 PM
BasePriority : Normal
FileVersion : 2,0,0,73
ProductVersion : 2,0,0,73
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1504
ThreadCreationTime : 1-15-2006 6:49:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1648
ThreadCreationTime : 1-15-2006 6:50:01 PM
BasePriority : Normal
FileVersion : 3.0.0.150
ProductVersion : 3.0.0.150
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:18 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1788
ThreadCreationTime : 1-15-2006 6:50:03 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:19 [drgtodsc.exe]
FilePath : C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\
ProcessID : 1856
ThreadCreationTime : 1-15-2006 6:50:04 PM
BasePriority : Normal
FileVersion : 8.0.1.60
ProductVersion : 8.0.1.60
ProductName : Drag-to-Disc
CompanyName : Sonic Solutions
FileDescription : Drag To Disc Application
InternalName : D2D
LegalCopyright : Copyright (c) 1994-2005 Sonic Solutions
LegalTrademarks : Copyright (c) 1994-2005 Sonic Solutions
OriginalFilename : BurnCtrl.EXE

#:20 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1928
ThreadCreationTime : 1-15-2006 6:50:05 PM
BasePriority : Normal
FileVersion : 12.1.0.20
ProductVersion : 12.1.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:21 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 1968
ThreadCreationTime : 1-15-2006 6:50:08 PM
BasePriority : Normal
FileVersion : 12.1.0.20
ProductVersion : 12.1.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:22 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2024
ThreadCreationTime : 1-15-2006 6:50:09 PM
BasePriority : Normal
FileVersion : 6.14.10.8185
ProductVersion : 6.14.10.8185
ProductName : NVIDIA Driver Helper Service, Version 81.85
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 81.85
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:23 [wlancfg5.exe]
FilePath : C:\Program Files\NETGEAR WG311v2 Adapter\
ProcessID : 264
ThreadCreationTime : 1-15-2006 6:50:10 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 7
ProductVersion : 2, 0, 0, 7
ProductName : NetgearCUv2 Application
FileDescription : NetgearCUv2 MFC Application
InternalName : NETGEAR WG511v2 Smart Configuration
LegalCopyright : Copyright (C) 2003
OriginalFilename : NetgearCUv2.EXE

#:24 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 292
ThreadCreationTime : 1-15-2006 6:50:12 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:25 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 316
ThreadCreationTime : 1-15-2006 6:50:12 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:26 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 1-15-2006 6:50:16 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2640
ThreadCreationTime : 1-15-2006 6:51:09 PM
BasePriority : Normal
FileVersion : 9.7.0.10
ProductVersion : 9.7
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2005 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:28 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2748
ThreadCreationTime : 1-15-2006 6:51:21 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 2812
ThreadCreationTime : 1-15-2006 6:51:23 PM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2896
ThreadCreationTime : 1-15-2006 6:51:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 2940
ThreadCreationTime : 1-15-2006 6:51:48 PM
BasePriority : Normal
FileVersion : 2006.1.3.2
ProductVersion : 2006.1.3
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 28

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28

2:29:06 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:35:11.607
Objects scanned:174389
Objects identified:0
Objects ignored:0
New critical objects:0

GR@PH;<'S · « **Reply #9 on:** January 15, 2006, 08:15:52 PM »

sdivad87,
You can safely remove the MRU's items that Ad-aware finds, or you can un-check / un-tick the the option to scan for them ie:un-check the "Search for negligible risk entries" .

GR@PH;<'S

SpiritWind · « **Reply #10 on:** January 15, 2006, 08:17:34 PM »

Sdivad87 :

   I see you took my advise on the pcmag.com "Discussion" forums & came here for
   help; as you probably realize by now you have made an excellent decision.
   One note : It is best to uncheck the "Search for negligible risk entries" settings
   so that the no-threat "MRU"s do NOT show up in the logfile. And it is usually
   recommended to "check" the "Search for low-risk threats".
   I see the "icasserv.exe" is gone from your "Running Processes" .

GR@PH;<'S · « **Reply #11 on:** January 15, 2006, 08:21:43 PM »

SpiritWind,

Quote

I see you took my advise on the pcmag.com "Discussion" forums & came here for
help

Thanks for getting the word out in the big wide world

GR@PH;<'S

sdivad87 · « **Reply #12 on:** January 15, 2006, 08:36:55 PM »

Hehe hey Spiritwind,

Yes I am glad I came here =]

So just one quick question, the negligible entries Ad-aware found, should I get rid of them or not? (because GR@PH you said I could while Spiritwind thinks it's best not to?) For future reference though, I will uncheck the scan of those kind of entries.

SpiritWind · « **Reply #13 on:** January 15, 2006, 08:44:42 PM »

sdivad87 :

GR@PH;<'S said it is ok to delete them; I said uncheck the "Search for negligible
risk entries" setting so that they will NOT show up in the logfile. If they do not
show up in logfile, there is no need to delete what has not shown up.

GR@PH;<'S · « **Reply #14 on:** January 15, 2006, 09:00:15 PM »

sdivad87,
Search for negligible risk entries
Negligible risk entries are not considered to be a threat. They consist of MRU (Most Recently Used items) lists which store information about the most recently used items, for example files, search words and programs.
So if you want the MRU lists can be removed.

Some tend to un-check / un-tick the Search for negligible risk entries and select it say once a week then remove it (or month depending on there PC usage)

GR@PH;<'S

LandzDown Forum

News: