I have pop64 on my computer

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Geeks to Go Discussion » Recycle Bin » Lavasoft Support (Ad-aware)

2 Pages

1 2 >

I have pop64 on my computer, attempted launches of .exe programs

Options

godzila145 View Member Profile	May 4 2005, 10:49 AM Post #1
New Member Posts: 9 OS: xp sp2	Hi, This is my first post so please forgive any silly errors! I was being an idiot and trying to download a silly little online game yesterday. Now my computer has become infected with an application that is called (in windows task manager) pop64. It has an associated process called seeve.exe. I have followed the guide on this site (install adware, cwshredder, spybot) and tried to clean with them. However when i reboot my computer the problem reappears! I also run norton antivirus and norton internet security. A norton scan yielded 18 adware threats but it can only remove 8. I include below my ad aware se log... i hope it can help. Many thanks for taking the time to help me. Ad-Aware SE Build 1.05 Logfile Created on:04 May 2005 17:23:09 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ References detected during the scan: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt(TAC index:3):4 total references Tracking Cookie(TAC index:3):1 total references ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:31 % Total physical memory:457712 kb Available physical memory:138340 kb Total page file size:1079468 kb Available on page file:750584 kb Total virtual memory:2097024 kb Available virtual memory:2047364 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 04-05-2005 17:23:09 - Scan started. (Full System Scan) Listing running processes ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 460 ThreadCreationTime : 04-05-2005 16:18:10 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 520 ThreadCreationTime : 04-05-2005 16:18:17 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 556 ThreadCreationTime : 04-05-2005 16:18:24 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 600 ThreadCreationTime : 04-05-2005 16:18:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 612 ThreadCreationTime : 04-05-2005 16:18:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 788 ThreadCreationTime : 04-05-2005 16:18:26 BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 804 ThreadCreationTime : 04-05-2005 16:18:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 884 ThreadCreationTime : 04-05-2005 16:18:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 952 ThreadCreationTime : 04-05-2005 16:18:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1020 ThreadCreationTime : 04-05-2005 16:18:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1148 ThreadCreationTime : 04-05-2005 16:18:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1236 ThreadCreationTime : 04-05-2005 16:18:29 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1248 ThreadCreationTime : 04-05-2005 16:18:29 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1280 ThreadCreationTime : 04-05-2005 16:18:31 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1720 ThreadCreationTime : 04-05-2005 16:18:31 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1864 ThreadCreationTime : 04-05-2005 16:18:34 BasePriority : Normal #:17 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1980 ThreadCreationTime : 04-05-2005 16:18:34 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:18 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 160 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal FileVersion : 5.5.7.136 ProductVersion : 5.5.7.136 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:19 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 176 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:20 [ezsp_px.exe] ModuleName : C:\WINDOWS\System32\ezSP_Px.exe Command Line : "C:\WINDOWS\System32\ezSP_Px.exe" ProcessID : 164 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal #:21 [ico.exe] ModuleName : C:\WINDOWS\system32\ICO.EXE Command Line : "C:\WINDOWS\system32\ICO.EXE" ProcessID : 184 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:22 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 196 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:23 [hkserv.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ProcessID : 212 ThreadCreationTime : 04-05-2005 16:18:35 BasePriority : Normal #:24 [vaioupdt.exe] ModuleName : C:\Program Files\sony\vaio update 2\VAIOUpdt.exe Command Line : "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary ProcessID : 216 ThreadCreationTime : 04-05-2005 16:18:36 BasePriority : Normal #:25 [spmgr.exe] ModuleName : C:\Program Files\sony\vaio power management\SPMgr.exe Command Line : "C:\Program Files\sony\vaio power management\SPMgr.exe" ProcessID : 224 ThreadCreationTime : 04-05-2005 16:18:36 BasePriority : Normal FileVersion : 1.1.00.11060 ProductVersion : 1.1.0 ProductName : Sony Power Management CompanyName : Sony Corporation FileDescription : SPM Module LegalCopyright : © Sony Corporation. All rights reserved. #:26 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 232 ThreadCreationTime : 04-05-2005 16:18:36 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : Љ Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:27 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 312 ThreadCreationTime : 04-05-2005 16:18:36 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:28 [seeve.exe] ModuleName : C:\WINDOWS\seeve.exe Command Line : "C:\WINDOWS\seeve.exe" ProcessID : 320 ThreadCreationTime : 04-05-2005 16:18:36 BasePriority : Normal FileVersion : 6.04 ProductVersion : 6.04 ProductName : pop64 CompanyName : Network1 InternalName : seeve OriginalFilename : seeve.exe #:29 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background ProcessID : 512 ThreadCreationTime : 04-05-2005 16:18:38 BasePriority : Normal FileVersion : 7.0.0777 ProductVersion : 7.0.0777 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:30 [xjnyjh.exe] ModuleName : c:\windows\system32\xjnyjh.exe Command Line : "c:\windows\system32\xjnyjh.exe" ssbgqhp ProcessID : 504 ThreadCreationTime : 04-05-2005 16:18:39 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. #:31 [hkwnd.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe" ProcessID : 576 ThreadCreationTime : 04-05-2005 16:18:39 BasePriority : Normal #:32 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 752 ThreadCreationTime : 04-05-2005 16:18:39 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:33 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ProcessID : 928 ThreadCreationTime : 04-05-2005 16:18:40 BasePriority : Normal FileVersion : 6.0.0.2003073000 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:34 [digitv.exe] ModuleName : C:\Program Files\Nebula\DigiTV\DigiTV.exe Command Line : "C:\Program Files\Nebula\DigiTV\DigiTV.exe" SLEEP ProcessID : 980 ThreadCreationTime : 04-05-2005 16:18:40 BasePriority : Normal FileVersion : 3, 1, 2, 8 ProductVersion : 3, 1, 2, 8 ProductName : DigiTV CompanyName : Nebula Electronics Ltd FileDescription : DigiTV InternalName : DigiTV LegalCopyright : Copyright Љ 2002, 2003, 2004 LegalTrademarks : Nebula Electronics Ltd, DigiTV OriginalFilename : DigiTV.exe Comments : Digital Terrestrial Television reception equipment #:35 [lgsyncmanager.exe] ModuleName : C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe Command Line : "C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe" ProcessID : 1040 ThreadCreationTime : 04-05-2005 16:18:40 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : LG SyncManager Application CompanyName : LG Electronics Inc. FileDescription : LG SyncManager InternalName : LGSyncManager LegalCopyright : Copyright © 2002 LG Electronics Inc. OriginalFilename : LGSyncManager.exe #:36 [nkvmon.exe] ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe" ProcessID : 1088 ThreadCreationTime : 04-05-2005 16:18:40 BasePriority : Normal FileVersion : 6, 1, 0, 3002 ProductVersion : 6, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:37 [psnlite.exe] ModuleName : C:\Program Files\3M\PSNLite\PsnLite.exe Command Line : "C:\Program Files\3M\PSNLite\PsnLite.exe" ProcessID : 1180 ThreadCreationTime : 04-05-2005 16:18:40 BasePriority : Normal FileVersion : 3, 1, 1, 1073 ProductVersion : 3, 1, 1, 1073 ProductName : Post-it® Software Notes Lite CompanyName : 3M FileDescription : Post-it® Software Notes: System InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN2VIEW.EXE #:38 [psngive.exe] ModuleName : C:\PROGRA~1\3M\PSNLite\PSNGive.exe Command Line : "C:\PROGRA~1\3M\PSNLite\PSNGive.exe" ProcessID : 1432 ThreadCreationTime : 04-05-2005 16:18:41 BasePriority : Normal FileVersion : 3, 1, 2, 2073 ProductVersion : 3, 1, 2, 2073 ProductName : Post-it® Software Notes CompanyName : 3M FileDescription : Post-it® Software Notes: GiveNote InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN.EXE #:39 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 2128 ThreadCreationTime : 04-05-2005 16:18:56 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:40 [navapsvc.exe] ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe" ProcessID : 2180 ThreadCreationTime : 04-05-2005 16:18:56 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:41 [nprotect.exe] ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ProcessID : 2216 ThreadCreationTime : 04-05-2005 16:18:56 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:42 [savscan.exe] ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe" ProcessID : 2276 ThreadCreationTime : 04-05-2005 16:18:56 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:43 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 2580 ThreadCreationTime : 04-05-2005 16:19:08 BasePriority : Normal FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:44 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 2608 ThreadCreationTime : 04-05-2005 16:19:09 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:45 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 2752 ThreadCreationTime : 04-05-2005 16:19:10 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:46 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 2952 ThreadCreationTime : 04-05-2005 16:19:13 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:47 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 3172 ThreadCreationTime : 04-05-2005 16:19:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:48 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3496 ThreadCreationTime : 04-05-2005 16:19:24 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:49 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" ProcessID : 3916 ThreadCreationTime : 04-05-2005 16:19:56 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:50 [wuauclt.exe] ModuleName : C:\WINDOWS\system32\wuauclt.exe Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b8]SUSDS594addaa913ed347af3037f946e44d86 ProcessID : 3936 ThreadCreationTime : 04-05-2005 16:19:57 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:51 [ad-aware.exe] ModuleName : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2068 ThreadCreationTime : 04-05-2005 16:21:01 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright Љ Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Registry Scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started deep registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Trusted zone presumably compromised : media-motor.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Value : * Trusted zone presumably compromised : popuppers.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Value : * Deep registry scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 4 Objects found so far: 4 Started Tracking Cookie scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Tracking Cookie Object Recognized! Type : IECache Entry Data : james@tribalfusion[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 1 Objects found so far: 5 Deep scanning and examining files (C:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for C:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 5 Deep scanning and examining files (D:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for D:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 5 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Hosts file scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ 1 entries scanned. New critical objects:0 Objects found so far: 5 Performing conditional scans... ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Conditional scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 5 17:41:44 Scan Complete Summary Of This Scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Total scanning time:00:18:34.543 Objects scanned:155373 Objects identified:5 Objects ignored:0 New critical objects:5

Rawe View Member Profile	May 4 2005, 10:50 AM Post #2
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	Welcome! Ad-aware has found object(s) on your computer If you chose to clean your computer from what Ad-aware found, follow these instructions below Make sure that you are using the * SE1R42 28.04.2005 * definition file. Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied. Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder); Run CCleaner to help in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click Ok. Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to. When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok. If problems are caused by deleting a family, just leave it. Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time. Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type. Remember to post your fresh scanlog in THIS topic. - Rawe

godzila145 View Member Profile	May 4 2005, 12:13 PM Post #3
New Member Posts: 9 OS: xp sp2	Hi Rawe, did as you asked and below is the log. However when i was in C:\Documents and Settings\My Profile\Local Settings\Temporary Internet Files I was not able to delete a folder called Content.IE5 as it said it was in use/ couldn't be deleted. This was after running CCleaner. Ad-Aware SE Build 1.05 Logfile Created on:04 May 2005 18:43:43 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ References detected during the scan: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt(TAC index:3):4 total references ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:36 % Total physical memory:457712 kb Available physical memory:160216 kb Total page file size:1079468 kb Available on page file:761168 kb Total virtual memory:2097024 kb Available virtual memory:2047920 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 04-05-2005 18:43:43 - Scan started. (Full System Scan) Listing running processes ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 440 ThreadCreationTime : 04-05-2005 17:42:25 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 500 ThreadCreationTime : 04-05-2005 17:42:32 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 536 ThreadCreationTime : 04-05-2005 17:42:35 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 580 ThreadCreationTime : 04-05-2005 17:42:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 592 ThreadCreationTime : 04-05-2005 17:42:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 732 ThreadCreationTime : 04-05-2005 17:42:37 BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 752 ThreadCreationTime : 04-05-2005 17:42:37 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 840 ThreadCreationTime : 04-05-2005 17:42:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 880 ThreadCreationTime : 04-05-2005 17:42:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 952 ThreadCreationTime : 04-05-2005 17:42:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1036 ThreadCreationTime : 04-05-2005 17:42:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1116 ThreadCreationTime : 04-05-2005 17:42:40 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1128 ThreadCreationTime : 04-05-2005 17:42:40 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1152 ThreadCreationTime : 04-05-2005 17:42:41 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1340 ThreadCreationTime : 04-05-2005 17:42:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 1436 ThreadCreationTime : 04-05-2005 17:42:42 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:17 [navapsvc.exe] ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe" ProcessID : 1488 ThreadCreationTime : 04-05-2005 17:42:42 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:18 [nprotect.exe] ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ProcessID : 1536 ThreadCreationTime : 04-05-2005 17:42:43 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:19 [savscan.exe] ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe" ProcessID : 1592 ThreadCreationTime : 04-05-2005 17:42:43 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:20 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 1696 ThreadCreationTime : 04-05-2005 17:42:44 BasePriority : Normal FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:21 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 1748 ThreadCreationTime : 04-05-2005 17:42:44 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 1856 ThreadCreationTime : 04-05-2005 17:42:45 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:23 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 172 ThreadCreationTime : 04-05-2005 17:42:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:24 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 356 ThreadCreationTime : 04-05-2005 17:42:50 BasePriority : Normal #:25 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 496 ThreadCreationTime : 04-05-2005 17:42:50 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:26 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 1636 ThreadCreationTime : 04-05-2005 17:42:56 BasePriority : Normal FileVersion : 5.5.7.136 ProductVersion : 5.5.7.136 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:27 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 2012 ThreadCreationTime : 04-05-2005 17:42:56 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:28 [ezsp_px.exe] ModuleName : C:\WINDOWS\System32\ezSP_Px.exe Command Line : "C:\WINDOWS\System32\ezSP_Px.exe" ProcessID : 584 ThreadCreationTime : 04-05-2005 17:42:56 BasePriority : Normal #:29 [ico.exe] ModuleName : C:\WINDOWS\system32\ICO.EXE Command Line : "C:\WINDOWS\system32\ICO.EXE" ProcessID : 2052 ThreadCreationTime : 04-05-2005 17:42:56 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:30 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 2060 ThreadCreationTime : 04-05-2005 17:42:56 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:31 [hkserv.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ProcessID : 2080 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal #:32 [vaioupdt.exe] ModuleName : C:\Program Files\sony\vaio update 2\VAIOUpdt.exe Command Line : "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary ProcessID : 2096 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal #:33 [spmgr.exe] ModuleName : C:\Program Files\sony\vaio power management\SPMgr.exe Command Line : "C:\Program Files\sony\vaio power management\SPMgr.exe" ProcessID : 2104 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal FileVersion : 1.1.00.11060 ProductVersion : 1.1.0 ProductName : Sony Power Management CompanyName : Sony Corporation FileDescription : SPM Module LegalCopyright : © Sony Corporation. All rights reserved. #:34 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 2116 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : Љ Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:35 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 2160 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:36 [seeve.exe] ModuleName : C:\WINDOWS\seeve.exe Command Line : "C:\WINDOWS\seeve.exe" ProcessID : 2172 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal FileVersion : 6.04 ProductVersion : 6.04 ProductName : pop64 CompanyName : Network1 InternalName : seeve OriginalFilename : seeve.exe #:37 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background ProcessID : 2216 ThreadCreationTime : 04-05-2005 17:42:57 BasePriority : Normal FileVersion : 7.0.0777 ProductVersion : 7.0.0777 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:38 [nhsgid.exe] ModuleName : c:\windows\system32\nhsgid.exe Command Line : "c:\windows\system32\nhsgid.exe" aptnwab ProcessID : 2268 ThreadCreationTime : 04-05-2005 17:42:58 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. #:39 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ProcessID : 2304 ThreadCreationTime : 04-05-2005 17:42:58 BasePriority : Normal FileVersion : 6.0.0.2003073000 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:40 [digitv.exe] ModuleName : C:\Program Files\Nebula\DigiTV\DigiTV.exe Command Line : "C:\Program Files\Nebula\DigiTV\DigiTV.exe" SLEEP ProcessID : 2312 ThreadCreationTime : 04-05-2005 17:42:59 BasePriority : Normal FileVersion : 3, 1, 2, 8 ProductVersion : 3, 1, 2, 8 ProductName : DigiTV CompanyName : Nebula Electronics Ltd FileDescription : DigiTV InternalName : DigiTV LegalCopyright : Copyright Љ 2002, 2003, 2004 LegalTrademarks : Nebula Electronics Ltd, DigiTV OriginalFilename : DigiTV.exe Comments : Digital Terrestrial Television reception equipment #:41 [lgsyncmanager.exe] ModuleName : C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe Command Line : "C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe" ProcessID : 2320 ThreadCreationTime : 04-05-2005 17:42:59 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : LG SyncManager Application CompanyName : LG Electronics Inc. FileDescription : LG SyncManager InternalName : LGSyncManager LegalCopyright : Copyright © 2002 LG Electronics Inc. OriginalFilename : LGSyncManager.exe #:42 [nkvmon.exe] ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe" ProcessID : 2348 ThreadCreationTime : 04-05-2005 17:42:59 BasePriority : Normal FileVersion : 6, 1, 0, 3002 ProductVersion : 6, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:43 [psnlite.exe] ModuleName : C:\Program Files\3M\PSNLite\PsnLite.exe Command Line : "C:\Program Files\3M\PSNLite\PsnLite.exe" ProcessID : 2376 ThreadCreationTime : 04-05-2005 17:43:00 BasePriority : Normal FileVersion : 3, 1, 1, 1073 ProductVersion : 3, 1, 1, 1073 ProductName : Post-it® Software Notes Lite CompanyName : 3M FileDescription : Post-it® Software Notes: System InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN2VIEW.EXE #:44 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 2444 ThreadCreationTime : 04-05-2005 17:43:00 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:45 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 2580 ThreadCreationTime : 04-05-2005 17:43:02 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:46 [hkwnd.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe" ProcessID : 2600 ThreadCreationTime : 04-05-2005 17:43:02 BasePriority : Normal #:47 [psngive.exe] ModuleName : C:\PROGRA~1\3M\PSNLite\PSNGive.exe Command Line : "C:\PROGRA~1\3M\PSNLite\PSNGive.exe" ProcessID : 2648 ThreadCreationTime : 04-05-2005 17:43:03 BasePriority : Normal FileVersion : 3, 1, 2, 2073 ProductVersion : 3, 1, 2, 2073 ProductName : Post-it® Software Notes CompanyName : 3M FileDescription : Post-it® Software Notes: GiveNote InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN.EXE #:48 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 2776 ThreadCreationTime : 04-05-2005 17:43:05 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:49 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 3044 ThreadCreationTime : 04-05-2005 17:43:09 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:50 [wuauclt.exe] ModuleName : C:\WINDOWS\system32\wuauclt.exe Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[370]SUSDS05f4e3e8ddb1df41aa8a2733bf7566e0 ProcessID : 3324 ThreadCreationTime : 04-05-2005 17:43:30 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:51 [ad-aware.exe] ModuleName : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3364 ThreadCreationTime : 04-05-2005 17:43:32 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright Љ Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Registry Scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started deep registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Trusted zone presumably compromised : media-motor.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Value : * Trusted zone presumably compromised : popuppers.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Value : * Deep registry scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 4 Objects found so far: 4 Started Tracking Cookie scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Tracking cookie scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 4 Deep scanning and examining files (C:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for C:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 4 Deep scanning and examining files (D:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for D:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 4 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Hosts file scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ 1 entries scanned. New critical objects:0 Objects found so far: 4 Performing conditional scans... ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Conditional scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 4 18:58:54 Scan Complete Summary Of This Scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Total scanning time:00:15:10.510 Objects scanned:147372 Objects identified:4 Objects ignored:0 New critical objects:4

Rawe View Member Profile	May 4 2005, 02:23 PM Post #4
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	Hello again.. Try these online virus scans; - Trend Micro - Panda Activescan Post the results here.. - Rawe

Rawe View Member Profile	May 7 2005, 07:32 AM Post #5
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	Hi again. New update has released to the defs file... Perform Webupdate- feature, and post a fresh log... - Rawe

godzila145 View Member Profile	May 7 2005, 09:55 AM Post #6
New Member Posts: 9 OS: xp sp2	What is webupdate?

Rawe View Member Profile	May 7 2005, 09:58 AM Post #7
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	1. Open up your Ad-aware SE 2. Click on the world globe icon at the top. 3. Click connect 4. Click ok 5. Click finish. Then run a "Full system scan". Post the scanlog here.. - Rawe

godzila145 View Member Profile	May 8 2005, 06:13 AM Post #8
New Member Posts: 9 OS: xp sp2	hi, below is my scanlog after running all those antivirus programs and updating my ad aware. Trend microcal found 2 trojans - one called buddy, which it tried to heal but could not. pandavision found 18 (same as my norton antivirus) infected files - however both of the latter can't clean the files either! can the log provide any clues? thanks Ad-Aware SE Build 1.05 Logfile Created on:07 May 2005 17:47:15 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R43 06.05.2005 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ References detected during the scan: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt(TAC index:3):4 total references Tracking Cookie(TAC index:3):3 total references ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 07-05-2005 17:45:55 Performing WebUpdate... Installing Update... Definitions File Loaded: Reference Number : SE1R43 06.05.2005 Internal build : 50 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 467649 Bytes Total size : 1414672 Bytes Signature data size : 1383852 Bytes Reference data size : 30308 Bytes Signatures total : 39494 Fingerprints total : 847 Fingerprints size : 28739 Bytes Target categories : 15 Target families : 663 07-05-2005 17:46:00 Success Update successfully downloaded and installed. Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:43 % Total physical memory:457712 kb Available physical memory:196684 kb Total page file size:1079468 kb Available on page file:805776 kb Total virtual memory:2097024 kb Available virtual memory:2046452 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 07-05-2005 17:47:15 - Scan started. (Full System Scan) Listing running processes ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 460 ThreadCreationTime : 07-05-2005 13:20:25 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 516 ThreadCreationTime : 07-05-2005 13:20:29 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 548 ThreadCreationTime : 07-05-2005 13:20:31 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 592 ThreadCreationTime : 07-05-2005 13:20:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 604 ThreadCreationTime : 07-05-2005 13:20:32 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 748 ThreadCreationTime : 07-05-2005 13:20:34 BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 768 ThreadCreationTime : 07-05-2005 13:20:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 860 ThreadCreationTime : 07-05-2005 13:20:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 928 ThreadCreationTime : 07-05-2005 13:20:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 988 ThreadCreationTime : 07-05-2005 13:20:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1108 ThreadCreationTime : 07-05-2005 13:20:35 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1208 ThreadCreationTime : 07-05-2005 13:20:36 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1220 ThreadCreationTime : 07-05-2005 13:20:36 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1276 ThreadCreationTime : 07-05-2005 13:20:37 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1472 ThreadCreationTime : 07-05-2005 13:20:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1660 ThreadCreationTime : 07-05-2005 13:20:46 BasePriority : Normal #:17 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1780 ThreadCreationTime : 07-05-2005 13:20:46 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:18 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 1872 ThreadCreationTime : 07-05-2005 13:20:47 BasePriority : Normal FileVersion : 5.5.7.136 ProductVersion : 5.5.7.136 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:19 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 1884 ThreadCreationTime : 07-05-2005 13:20:47 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:20 [ezsp_px.exe] ModuleName : C:\WINDOWS\System32\ezSP_Px.exe Command Line : "C:\WINDOWS\System32\ezSP_Px.exe" ProcessID : 1892 ThreadCreationTime : 07-05-2005 13:20:47 BasePriority : Normal #:21 [ico.exe] ModuleName : C:\WINDOWS\system32\ICO.EXE Command Line : "C:\WINDOWS\system32\ICO.EXE" ProcessID : 1900 ThreadCreationTime : 07-05-2005 13:20:47 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:22 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 1908 ThreadCreationTime : 07-05-2005 13:20:47 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:23 [hkserv.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ProcessID : 1928 ThreadCreationTime : 07-05-2005 13:20:48 BasePriority : Normal #:24 [spmgr.exe] ModuleName : C:\Program Files\sony\vaio power management\SPMgr.exe Command Line : "C:\Program Files\sony\vaio power management\SPMgr.exe" ProcessID : 1980 ThreadCreationTime : 07-05-2005 13:20:48 BasePriority : Normal FileVersion : 1.1.00.11060 ProductVersion : 1.1.0 ProductName : Sony Power Management CompanyName : Sony Corporation FileDescription : SPM Module LegalCopyright : © Sony Corporation. All rights reserved. #:25 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 2044 ThreadCreationTime : 07-05-2005 13:20:48 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:26 [seeve.exe] ModuleName : C:\WINDOWS\seeve.exe Command Line : "C:\WINDOWS\seeve.exe" ProcessID : 128 ThreadCreationTime : 07-05-2005 13:20:48 BasePriority : Normal FileVersion : 6.04 ProductVersion : 6.04 ProductName : pop64 CompanyName : Network1 InternalName : seeve OriginalFilename : seeve.exe #:27 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background ProcessID : 220 ThreadCreationTime : 07-05-2005 13:20:49 BasePriority : Normal FileVersion : 7.0.0777 ProductVersion : 7.0.0777 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:28 [egpzen.exe] ModuleName : c:\windows\system32\egpzen.exe Command Line : "c:\windows\system32\egpzen.exe" ugvlrz ProcessID : 232 ThreadCreationTime : 07-05-2005 13:20:50 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. #:29 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ProcessID : 244 ThreadCreationTime : 07-05-2005 13:20:50 BasePriority : Normal FileVersion : 6.0.0.2003073000 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:30 [nkvmon.exe] ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe" ProcessID : 364 ThreadCreationTime : 07-05-2005 13:20:51 BasePriority : Normal FileVersion : 6, 1, 0, 3002 ProductVersion : 6, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:31 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 388 ThreadCreationTime : 07-05-2005 13:20:51 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:32 [hkwnd.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe" ProcessID : 908 ThreadCreationTime : 07-05-2005 13:20:52 BasePriority : Normal #:33 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 2056 ThreadCreationTime : 07-05-2005 13:21:03 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:34 [navapsvc.exe] ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe" ProcessID : 2108 ThreadCreationTime : 07-05-2005 13:21:03 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:35 [nprotect.exe] ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ProcessID : 2156 ThreadCreationTime : 07-05-2005 13:21:04 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:36 [savscan.exe] ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe" ProcessID : 2392 ThreadCreationTime : 07-05-2005 13:21:16 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:37 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 2504 ThreadCreationTime : 07-05-2005 13:21:17 BasePriority : Normal FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:38 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 2556 ThreadCreationTime : 07-05-2005 13:21:17 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:39 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 2664 ThreadCreationTime : 07-05-2005 13:21:17 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:40 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 2848 ThreadCreationTime : 07-05-2005 13:21:21 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:41 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 3132 ThreadCreationTime : 07-05-2005 13:21:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:42 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3432 ThreadCreationTime : 07-05-2005 13:21:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:43 [ad-aware.exe] ModuleName : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 796 ThreadCreationTime : 07-05-2005 16:45:43 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright Љ Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:44 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" ProcessID : 1732 ThreadCreationTime : 07-05-2005 16:46:07 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE Memory scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Registry Scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started deep registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Trusted zone presumably compromised : media-motor.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Value : * Trusted zone presumably compromised : popuppers.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Value : * Deep registry scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 4 Objects found so far: 4 Started Tracking Cookie scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[3].txt Category : Data Miner Comment : Hits:6 Value : Cookie:james@cas.org/cgi-bin Expires : 29-04-2006 20:46:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@tribalfusion[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:james@imrworldwide.com/cgi-bin Expires : 19-01-2009 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking cookie scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 3 Objects found so far: 7 Deep scanning and examining files (C:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for C:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 Deep scanning and examining files (D:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for D:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Hosts file scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ 1 entries scanned. New critical objects:0 Objects found so far: 7 Performing conditional scans... ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Conditional scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 18:00:33 Scan Complete Summary Of This Scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Total scanning time:00:13:17.857 Objects scanned:149757 Objects identified:7 Objects ignored:0 New critical objects:7

Rawe View Member Profile	May 8 2005, 07:51 AM Post #9
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	Let's try ending Seeve.exe with Task Manager.. Do the following; Hit, Ctrl - alt + del, go to "processes"- tab, search for Seeve.exe, click on it and hit "End process". Close task manager, run a new scan with Ad-aware, and post the log. - Rawe

godzila145 View Member Profile	May 8 2005, 02:07 PM Post #10
New Member Posts: 9 OS: xp sp2	Ended seeve.exe as you suggested. then ran ad-aware, here is the log..... i didn't delete anything it found though. Ad-Aware SE Build 1.05 Logfile Created on:08 May 2005 20:43:51 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R43 06.05.2005 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ References detected during the scan: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt(TAC index:3):4 total references Tracking Cookie(TAC index:3):3 total references ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Definition File: ========================= Definitions File Loaded: Reference Number : SE1R43 06.05.2005 Internal build : 50 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 467649 Bytes Total size : 1414672 Bytes Signature data size : 1383852 Bytes Reference data size : 30308 Bytes Signatures total : 39494 Fingerprints total : 847 Fingerprints size : 28739 Bytes Target categories : 15 Target families : 663 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:35 % Total physical memory:457712 kb Available physical memory:156652 kb Total page file size:1079468 kb Available on page file:802596 kb Total virtual memory:2097024 kb Available virtual memory:2047920 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 08-05-2005 20:43:51 - Scan started. (Full System Scan) Listing running processes ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 448 ThreadCreationTime : 08-05-2005 11:43:38 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 504 ThreadCreationTime : 08-05-2005 11:43:42 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 568 ThreadCreationTime : 08-05-2005 11:43:52 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 612 ThreadCreationTime : 08-05-2005 11:43:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 624 ThreadCreationTime : 08-05-2005 11:43:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 776 ThreadCreationTime : 08-05-2005 11:43:55 BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 792 ThreadCreationTime : 08-05-2005 11:43:55 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 884 ThreadCreationTime : 08-05-2005 11:43:55 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 924 ThreadCreationTime : 08-05-2005 11:43:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1040 ThreadCreationTime : 08-05-2005 11:43:57 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1080 ThreadCreationTime : 08-05-2005 11:43:57 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1156 ThreadCreationTime : 08-05-2005 11:43:59 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1168 ThreadCreationTime : 08-05-2005 11:44:00 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1196 ThreadCreationTime : 08-05-2005 11:44:00 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1384 ThreadCreationTime : 08-05-2005 11:44:01 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 1488 ThreadCreationTime : 08-05-2005 11:44:02 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:17 [navapsvc.exe] ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe" ProcessID : 1544 ThreadCreationTime : 08-05-2005 11:44:02 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:18 [nprotect.exe] ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ProcessID : 1604 ThreadCreationTime : 08-05-2005 11:44:03 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:19 [savscan.exe] ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe" ProcessID : 1652 ThreadCreationTime : 08-05-2005 11:44:04 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:20 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1776 ThreadCreationTime : 08-05-2005 11:44:06 BasePriority : Normal #:21 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1920 ThreadCreationTime : 08-05-2005 11:44:07 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:22 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 1960 ThreadCreationTime : 08-05-2005 11:44:07 BasePriority : Normal FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:23 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 2004 ThreadCreationTime : 08-05-2005 11:44:08 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:24 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 232 ThreadCreationTime : 08-05-2005 11:44:10 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:25 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 500 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal FileVersion : 5.5.7.136 ProductVersion : 5.5.7.136 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:26 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 108 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:27 [ezsp_px.exe] ModuleName : C:\WINDOWS\System32\ezSP_Px.exe Command Line : "C:\WINDOWS\System32\ezSP_Px.exe" ProcessID : 732 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal #:28 [ico.exe] ModuleName : C:\WINDOWS\system32\ICO.EXE Command Line : "C:\WINDOWS\system32\ICO.EXE" ProcessID : 740 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:29 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 828 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:30 [hkserv.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ProcessID : 664 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal #:31 [spmgr.exe] ModuleName : C:\Program Files\sony\vaio power management\SPMgr.exe Command Line : "C:\Program Files\sony\vaio power management\SPMgr.exe" ProcessID : 1004 ThreadCreationTime : 08-05-2005 11:44:17 BasePriority : Normal FileVersion : 1.1.00.11060 ProductVersion : 1.1.0 ProductName : Sony Power Management CompanyName : Sony Corporation FileDescription : SPM Module LegalCopyright : © Sony Corporation. All rights reserved. #:32 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 1500 ThreadCreationTime : 08-05-2005 11:44:18 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:33 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background ProcessID : 1744 ThreadCreationTime : 08-05-2005 11:44:20 BasePriority : Normal FileVersion : 7.0.0777 ProductVersion : 7.0.0777 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:34 [vjfotdq.exe] ModuleName : c:\windows\system32\vjfotdq.exe Command Line : "c:\windows\system32\vjfotdq.exe" mhczzta ProcessID : 2056 ThreadCreationTime : 08-05-2005 11:44:23 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. #:35 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 2100 ThreadCreationTime : 08-05-2005 11:44:23 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:36 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ProcessID : 2116 ThreadCreationTime : 08-05-2005 11:44:24 BasePriority : Normal FileVersion : 6.0.0.2003073000 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:37 [nkvmon.exe] ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe" ProcessID : 2176 ThreadCreationTime : 08-05-2005 11:44:25 BasePriority : Normal FileVersion : 6, 1, 0, 3002 ProductVersion : 6, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:38 [psnlite.exe] ModuleName : C:\Program Files\3M\PSNLite\PsnLite.exe Command Line : "C:\Program Files\3M\PSNLite\PsnLite.exe" ProcessID : 2192 ThreadCreationTime : 08-05-2005 11:44:25 BasePriority : Normal FileVersion : 3, 1, 1, 1073 ProductVersion : 3, 1, 1, 1073 ProductName : Post-it® Software Notes Lite CompanyName : 3M FileDescription : Post-it® Software Notes: System InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN2VIEW.EXE #:39 [hkwnd.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe" ProcessID : 2252 ThreadCreationTime : 08-05-2005 11:44:27 BasePriority : Normal #:40 [psngive.exe] ModuleName : C:\PROGRA~1\3M\PSNLite\PSNGive.exe Command Line : "C:\PROGRA~1\3M\PSNLite\PSNGive.exe" ProcessID : 2280 ThreadCreationTime : 08-05-2005 11:44:27 BasePriority : Normal FileVersion : 3, 1, 2, 2073 ProductVersion : 3, 1, 2, 2073 ProductName : Post-it® Software Notes CompanyName : 3M FileDescription : Post-it® Software Notes: GiveNote InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN.EXE #:41 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 3032 ThreadCreationTime : 08-05-2005 11:44:41 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : Љ 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:42 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 3088 ThreadCreationTime : 08-05-2005 11:44:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:43 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 3216 ThreadCreationTime : 08-05-2005 11:44:43 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:44 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding ProcessID : 2868 ThreadCreationTime : 08-05-2005 19:42:22 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:45 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 2816 ThreadCreationTime : 08-05-2005 19:43:14 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:46 [ad-aware.exe] ModuleName : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2828 ThreadCreationTime : 08-05-2005 19:43:42 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright Љ Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Registry Scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 0 Started deep registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Trusted zone presumably compromised : media-motor.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Value : * Trusted zone presumably compromised : popuppers.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Value : * Deep registry scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 4 Objects found so far: 4 Started Tracking Cookie scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[3].txt Category : Data Miner Comment : Hits:6 Value : Cookie:james@cas.org/cgi-bin Expires : 29-04-2006 20:46:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@tribalfusion[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:james@imrworldwide.com/cgi-bin Expires : 19-01-2009 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking cookie scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 3 Objects found so far: 7 Deep scanning and examining files (C:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for C:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 Deep scanning and examining files (D:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Disk Scan Result for D:\ ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Hosts file scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ 1 entries scanned. New critical objects:0 Objects found so far: 7 Performing conditional scans... ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Conditional scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 7 20:59:18 Scan Complete Summary Of This Scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Total scanning time:00:15:26.472 Objects scanned:152082 Objects identified:7 Objects ignored:0 New critical objects:7

Rawe View Member Profile	May 8 2005, 11:38 PM Post #11
Visiting Staff Posts: 4,746 From: Finland OS: XP Home - SP2	IF Seeve.exe isn't running, let's try this; Make sure that you are using the * SE1R43 06.05.2005 * definition file. Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied. Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder); Run CCleaner to help in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click Ok. Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to. When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok. If problems are caused by deleting a family, just leave it. Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time. Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type. Remember to post your fresh scanlog in THIS topic. - Rawe

godzila145 View Member Profile	Jun 24 2005, 07:27 AM Post #12
New Member Posts: 9 OS: xp sp2	Hi, Sorry i had to go away for a bit but my thesis was due and i didn't want to go messing around with the computer too much in case it all crashed or worse and i lost my work. Anyway that is all sorted now and i'm keen to get this problem sorted, namely this program pop64 which runs at startup and its associated program seeve.exe. I also think i might have other malware spyware as programs like aurora.exe and others continually try and connect to the internet while i'm using my computer (although my norton can block them it is still really annoying as it can't remove them - every time it tries they always reappear, and some it can't touch it seems) help really appreciated.

Guest_Andy_veal_*	Jun 26 2005, 03:57 PM Post #13
	In order to assist you, we need to see the log from an Ad-Aware SE 1.06r1 full system scan. Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R51 21.06.2005 * is the most recent definition file. Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type. Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile". Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted. When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems. Good luck Andy

godzila145 View Member Profile	Jun 26 2005, 05:11 PM Post #14
New Member Posts: 9 OS: xp sp2	Here is the logfile: is it ok that i used the older 1.05 version of ad-aware rather than 1.06? Ad-Aware SE Build 1.05 Logfile Created on:26 June 2005 23:25:51 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R51 21.06.2005 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ References detected during the scan: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt(TAC index:3):11 total references Tracking Cookie(TAC index:3):8 total references Windows(TAC index:3):1 total references VX2(TAC index:10):213 total references Zango(TAC index:6):8 total references ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Definition File: ========================= Definitions File Loaded: Reference Number : SE1R51 21.06.2005 Internal build : 59 File location : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\defs.ref File size : 483435 Bytes Total size : 1461660 Bytes Signature data size : 1429955 Bytes Reference data size : 31193 Bytes Signatures total : 40756 Fingerprints total : 906 Fingerprints size : 31253 Bytes Target categories : 15 Target families : 694 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:24 % Total physical memory:457712 kb Available physical memory:108704 kb Total page file size:1079468 kb Available on page file:716672 kb Total virtual memory:2097024 kb Available virtual memory:2029284 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 26-06-2005 23:25:51 - Scan started. (Full System Scan) Listing running processes ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 460 ThreadCreationTime : 26-06-2005 21:52:45 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 516 ThreadCreationTime : 26-06-2005 21:52:48 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 548 ThreadCreationTime : 26-06-2005 21:52:50 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 592 ThreadCreationTime : 26-06-2005 21:52:51 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 604 ThreadCreationTime : 26-06-2005 21:52:51 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 764 ThreadCreationTime : 26-06-2005 21:52:53 BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 780 ThreadCreationTime : 26-06-2005 21:52:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 860 ThreadCreationTime : 26-06-2005 21:52:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 928 ThreadCreationTime : 26-06-2005 21:52:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 988 ThreadCreationTime : 26-06-2005 21:52:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1112 ThreadCreationTime : 26-06-2005 21:52:54 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1224 ThreadCreationTime : 26-06-2005 21:52:57 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:13 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1256 ThreadCreationTime : 26-06-2005 21:52:57 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1492 ThreadCreationTime : 26-06-2005 21:52:57 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1680 ThreadCreationTime : 26-06-2005 21:52:58 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll) VX2 Object Recognized! Type : Process Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright © 2005 OriginalFilename : DrPMon.dll #:16 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 1828 ThreadCreationTime : 26-06-2005 21:53:22 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:17 [navapsvc.exe] ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe" ProcessID : 1880 ThreadCreationTime : 26-06-2005 21:53:22 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:18 [nprotect.exe] ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ProcessID : 1936 ThreadCreationTime : 26-06-2005 21:53:22 BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:19 [savscan.exe] ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe" ProcessID : 2004 ThreadCreationTime : 26-06-2005 21:53:23 BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright © 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:20 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 340 ThreadCreationTime : 26-06-2005 21:53:35 BasePriority : Normal FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:21 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 368 ThreadCreationTime : 26-06-2005 21:53:36 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 480 ThreadCreationTime : 26-06-2005 21:53:36 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:23 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 1108 ThreadCreationTime : 26-06-2005 21:53:37 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:24 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 656 ThreadCreationTime : 26-06-2005 21:59:21 BasePriority : Normal #:25 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.exe Command Line : Explorer.exe C:\WINDOWS\Nail.exe ProcessID : 1544 ThreadCreationTime : 26-06-2005 21:59:22 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:26 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 2196 ThreadCreationTime : 26-06-2005 21:59:27 BasePriority : Normal FileVersion : 5.5.7.136 ProductVersion : 5.5.7.136 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:27 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 2208 ThreadCreationTime : 26-06-2005 21:59:27 BasePriority : Normal FileVersion : 6.14.10.5102 ProductVersion : 6.14.10.5102 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:28 [ezsp_px.exe] ModuleName : C:\WINDOWS\System32\ezSP_Px.exe Command Line : "C:\WINDOWS\System32\ezSP_Px.exe" ProcessID : 2220 ThreadCreationTime : 26-06-2005 21:59:27 BasePriority : Normal #:29 [ico.exe] ModuleName : C:\WINDOWS\system32\ICO.EXE Command Line : "C:\WINDOWS\system32\ICO.EXE" ProcessID : 2232 ThreadCreationTime : 26-06-2005 21:59:27 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:30 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 2268 ThreadCreationTime : 26-06-2005 21:59:28 BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:31 [hkserv.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ProcessID : 2284 ThreadCreationTime : 26-06-2005 21:59:28 BasePriority : Normal #:32 [vaioupdt.exe] ModuleName : C:\Program Files\sony\vaio update 2\VAIOUpdt.exe Command Line : "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary ProcessID : 2292 ThreadCreationTime : 26-06-2005 21:59:28 BasePriority : Normal #:33 [spmgr.exe] ModuleName : C:\Program Files\sony\vaio power management\SPMgr.exe Command Line : "C:\Program Files\sony\vaio power management\SPMgr.exe" ProcessID : 2300 ThreadCreationTime : 26-06-2005 21:59:28 BasePriority : Normal FileVersion : 1.1.00.11060 ProductVersion : 1.1.0 ProductName : Sony Power Management CompanyName : Sony Corporation FileDescription : SPM Module LegalCopyright : © Sony Corporation. All rights reserved. #:34 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 2312 ThreadCreationTime : 26-06-2005 21:59:29 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : Љ Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:35 [seeve.exe] ModuleName : C:\WINDOWS\seeve.exe Command Line : "C:\WINDOWS\seeve.exe" ProcessID : 2364 ThreadCreationTime : 26-06-2005 21:59:29 BasePriority : Normal FileVersion : 6.04 ProductVersion : 6.04 ProductName : pop64 CompanyName : Network1 InternalName : seeve OriginalFilename : seeve.exe #:36 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 2372 ThreadCreationTime : 26-06-2005 21:59:29 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : Љ 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:37 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background ProcessID : 2388 ThreadCreationTime : 26-06-2005 21:59:29 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:38 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ProcessID : 2412 ThreadCreationTime : 26-06-2005 21:59:30 BasePriority : Normal FileVersion : 6.0.0.2003073000 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:39 [digitv.exe] ModuleName : C:\Program Files\Nebula\DigiTV\DigiTV.exe Command Line : "C:\Program Files\Nebula\DigiTV\DigiTV.exe" SLEEP ProcessID : 2424 ThreadCreationTime : 26-06-2005 21:59:30 BasePriority : Normal FileVersion : 3, 1, 2, 8 ProductVersion : 3, 1, 2, 8 ProductName : DigiTV CompanyName : Nebula Electronics Ltd FileDescription : DigiTV InternalName : DigiTV LegalCopyright : Copyright Љ 2002, 2003, 2004 LegalTrademarks : Nebula Electronics Ltd, DigiTV OriginalFilename : DigiTV.exe Comments : Digital Terrestrial Television reception equipment #:40 [lgsyncmanager.exe] ModuleName : C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe Command Line : "C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe" ProcessID : 2452 ThreadCreationTime : 26-06-2005 21:59:30 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : LG SyncManager Application CompanyName : LG Electronics Inc. FileDescription : LG SyncManager InternalName : LGSyncManager LegalCopyright : Copyright © 2002 LG Electronics Inc. OriginalFilename : LGSyncManager.exe #:41 [nkvmon.exe] ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe" ProcessID : 2476 ThreadCreationTime : 26-06-2005 21:59:31 BasePriority : Normal FileVersion : 6, 1, 0, 3002 ProductVersion : 6, 1 ProductName : Nikon Monitor CompanyName : Nikon Corporation FileDescription : Nikon Monitor InternalName : NkvMon LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003 OriginalFilename : NkvMon.exe Comments : Nikon Monitor #:42 [psnlite.exe] ModuleName : C:\Program Files\3M\PSNLite\PsnLite.exe Command Line : "C:\Program Files\3M\PSNLite\PsnLite.exe" ProcessID : 2488 ThreadCreationTime : 26-06-2005 21:59:31 BasePriority : Normal FileVersion : 3, 1, 1, 1073 ProductVersion : 3, 1, 1, 1073 ProductName : Post-it® Software Notes Lite CompanyName : 3M FileDescription : Post-it® Software Notes: System InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN2VIEW.EXE #:43 [kryzcq.exe] ModuleName : c:\windows\system32\kryzcq.exe Command Line : "c:\windows\system32\kryzcq.exe" ieayxy ProcessID : 2668 ThreadCreationTime : 26-06-2005 21:59:33 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. #:44 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 2700 ThreadCreationTime : 26-06-2005 21:59:33 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:45 [hkwnd.exe] ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe" ProcessID : 2744 ThreadCreationTime : 26-06-2005 21:59:34 BasePriority : Normal #:46 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 2832 ThreadCreationTime : 26-06-2005 21:59:35 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : Љ 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:47 [psngive.exe] ModuleName : C:\PROGRA~1\3M\PSNLite\PSNGive.exe Command Line : "C:\PROGRA~1\3M\PSNLite\PSNGive.exe" ProcessID : 2924 ThreadCreationTime : 26-06-2005 21:59:35 BasePriority : Normal FileVersion : 3, 1, 2, 2073 ProductVersion : 3, 1, 2, 2073 ProductName : Post-it® Software Notes CompanyName : 3M FileDescription : Post-it® Software Notes: GiveNote InternalName : PSN LegalCopyright : Љ 1995-2004 3M Company. All Rights Reserved. LegalTrademarks : "Post-it" and canary yellow are a registered trademarks of 3M. OriginalFilename : PSN.EXE #:48 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 3064 ThreadCreationTime : 26-06-2005 21:59:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:49 [msimn.exe] ModuleName : C:\Program Files\Outlook Express\msimn.exe Command Line : "C:\Program Files\Outlook Express\msimn.exe" ProcessID : 1248 ThreadCreationTime : 26-06-2005 22:09:53 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Outlook Express InternalName : MSIMN LegalCopyright : Љ 2004 Microsoft Corporation. All rights reserved. OriginalFilename : MSIMN.EXE #:50 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding ProcessID : 2824 ThreadCreationTime : 26-06-2005 22:12:03 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : MicrosoftЎ WindowsЎ Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : Љ Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:51 [ad-aware.exe] ModuleName : D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "D:\Chemistry stuff\Software for Part II\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3932 ThreadCreationTime : 26-06-2005 22:23:23 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright Љ Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:52 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 3676 ThreadCreationTime : 26-06-2005 22:25:26 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe Memory scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 0 Objects found so far: 1 Started registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{302a3240-4805-4a34-97d7-1645a0b08410} Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bolgerdll.bolgerdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bolgerdll.bolgerdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bolgerdll.bolgerdllobj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bolgerdll.bolgerdllobj Value : Zango Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Zango Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Value : Zango Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Zango Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Value : Zango Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} Zango Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} Value : Zango Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLI9d1OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLC9n1trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLT9o1pListSPos VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLs9t1icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLs9t1icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLs9t1icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLs9t1icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLC1o9d1eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLT9i1m4eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLD9s1tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BL9N1a4tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLP9D1om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLT9h1rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLT9h1rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLM9o1deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLI9n1ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLI9n1ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLI9n1ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLL9a1stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLL9a1stSSChckin VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLC9n1tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\bolger Value : BLE9v1nt VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3d5OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUC3n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUs3t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUs3t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUs3t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUs3t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUC1o3d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUT3i5m7eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUD3s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AU3N5a7tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUP3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUT3h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUT3h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUM3o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUB3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUE3v5nt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUT3h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUT3h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUL3n5Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUC3u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUC3n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUI3g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUS3t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUL3a5stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2733218350-798901649-874762058-1005\software\aurora Value : AUL3a5stSSChckin VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{302a3240-4805-4a34-97d7-1645a0b08410} Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\nail.exe Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\nail.exe Registry Scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 68 Objects found so far: 69 Started deep registry scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE

godzila145 View Member Profile	Jun 26 2005, 05:15 PM Post #15
New Member Posts: 9 OS: xp sp2	Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : UninstallString Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : DisplayName Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : HelpLink Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Contact Trusted zone presumably compromised : media-motor.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : media-motor.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net Value : * Trusted zone presumably compromised : popuppers.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : popuppers.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com Value : * Deep registry scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 11 Objects found so far: 80 Started Tracking Cookie scan ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[3].txt Category : Data Miner Comment : Hits:42 Value : Cookie:james@cas.org/cgi-bin Expires : 31-05-2006 17:11:02 LastSync : Hits:42 UseCount : 0 Hits : 42 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@tradedoubler[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:james@tradedoubler.com/ Expires : 12-06-2005 00:33:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@qksrv[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@qksrv.net/ Expires : 10-06-2010 12:33:22 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@2o7[2].txt Category : Data Miner Comment : Hits:6 Value : Cookie:james@2o7.net/ Expires : 10-06-2010 12:33:52 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@apmebf[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@apmebf.com/ Expires : 10-06-2010 12:33:22 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@tribalfusion[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:james@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@cgi-bin[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:james@imrworldwide.com/cgi-bin Expires : 19-01-2009 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : james@adserver.akqa[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:james@adserver.akqa.net/ Expires : 20-06-2015 18:53:04 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ New critical objects: 8 Objects found so far: 88 Deep scanning and examining files (C:) ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ VX2 Object Recognized! Type : File Data : A0019056.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP167\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019059.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP167\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019060.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP167\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019082.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP167\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019252.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP167\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019299.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019300.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019302.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019377.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019430.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019455.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019456.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019469.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019470.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP170\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019478.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP171\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0019485.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP171\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019531.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP171\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019654.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019657.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019658.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019659.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019660.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019740.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019741.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019799.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0019813.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0019818.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP172\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0020834.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0020846.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0020865.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0020874.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0020887.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0020893.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP173\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0020943.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP175\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0021029.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP176\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0021085.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP176\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021088.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021105.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021113.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021114.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021115.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021118.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021119.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021133.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP177\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021136.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP178\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0021150.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP178\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021151.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP178\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021153.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP178\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021157.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP178\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021174.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0021184.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021260.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1.0.2.4 ProductVersion : 1.0.2.4 ProductName : Buddy Window CompanyName : Direct Revenue FileDescription : Buddy InternalName : Buddy.exe LegalCopyright : © Direct Revenue. All rights reserved. OriginalFilename : Buddy.exe Comments : Browser window for Direct Revenue VX2 Object Recognized! Type : File Data : A0021267.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021268.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021288.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021289.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021290.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021291.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021314.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021315.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021318.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021319.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021320.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021321.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021378.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021433.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021434.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021435.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021436.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021437.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021645.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021646.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021647.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021648.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021719.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP179\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021810.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021811.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021812.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021813.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021814.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021815.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021906.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021907.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{27BF8BC1-B4A6-4A3C-A23D-E9533E23D685}\RP181\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> LegalCopyright : TODO: © <Company name>. All rights reserved. VX2 Object Recognized! Type : File Data : A0021933.exe Category : Malware Comment : Object : C:\System

« Next Oldest · Lavasoft Support (Ad-aware) · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Recent identity theft victim, do I have anything on my computer?	1 / 666	11th June 2007 - 02:11 PM 4:20 started - last by 4:20
Virus, Spyware and Trojan Removal Help. I have Mirar on my computer [CLOSED]	2 / 732	12th July 2007 - 01:27 AM B_T started - last by Crustyoldbloke
Virus, Spyware and Trojan Removal Do I have Acebot on my computer? [RESOLVED]	14 / 1,383	1st May 2008 - 05:49 PM redhattitude started - last by Rorschach112
Virus, Spyware and Trojan Removal I believe I have a keylogger on my computer.	0 / 115	27th September 2009 - 11:10 PM Nick hehe started - last by Nick hehe