Ad-Aware SE Build 1.05 Logfile Created on:Monday, May 16, 2005 11:08:07 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R45 13.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):2 total references MRU List(TAC index:0):11 total references PromulGate(TAC index:5):14 total references Windows(TAC index:3):1 total references VX2(TAC index:10):52 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R8 13.09.2004 Internal build : 12 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 344723 Bytes Total size : 1092481 Bytes Signature data size : 1068971 Bytes Reference data size : 22998 Bytes Signatures total : 30122 Fingerprints total : 154 Fingerprints size : 7129 Bytes Target categories : 15 Target families : 560 5-16-2005 11:04:14 PM Performing WebUpdate... Installing Update... Definitions File Loaded: Reference Number : SE1R45 13.05.2005 Internal build : 53 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 473168 Bytes Total size : 1430575 Bytes Signature data size : 1399518 Bytes Reference data size : 30545 Bytes Signatures total : 39932 Fingerprints total : 881 Fingerprints size : 30173 Bytes Target categories : 15 Target families : 672 5-16-2005 11:04:30 PM Success Update successfully downloaded and installed. Memory + processor status: ========================== Number of processors : 2 Processor architecture : Intel Pentium IV Memory available:48 % Total physical memory:523240 kb Available physical memory:247248 kb Total page file size:1279504 kb Available on page file:1062036 kb Total virtual memory:2097024 kb Available virtual memory:2043620 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-16-2005 11:08:07 PM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 472 ThreadCreationTime : 5-17-2005 6:01:35 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 528 ThreadCreationTime : 5-17-2005 6:01:37 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 552 ThreadCreationTime : 5-17-2005 6:01:38 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 596 ThreadCreationTime : 5-17-2005 6:01:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 608 ThreadCreationTime : 5-17-2005 6:01:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : C:\WINDOWS\system32\Ati2evxx.exe ProcessID : 768 ThreadCreationTime : 5-17-2005 6:01:39 AM BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 784 ThreadCreationTime : 5-17-2005 6:01:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 844 ThreadCreationTime : 5-17-2005 6:01:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 912 ThreadCreationTime : 5-17-2005 6:01:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1004 ThreadCreationTime : 5-17-2005 6:01:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1056 ThreadCreationTime : 5-17-2005 6:01:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1220 ThreadCreationTime : 5-17-2005 6:01:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll) VX2 Object Recognized! Type : Process Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll #:13 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1520 ThreadCreationTime : 5-17-2005 6:01:41 AM BasePriority : Normal #:14 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.exe Command Line : Explorer.exe C:\WINDOWS\Nail.exe ProcessID : 1592 ThreadCreationTime : 5-17-2005 6:01:42 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:15 [mcagent.exe] ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe" ProcessID : 1704 ThreadCreationTime : 5-17-2005 6:01:43 AM BasePriority : Normal FileVersion : 5, 0, 0, 2 ProductVersion : 5, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc. OriginalFilename : mcagent.exe #:16 [mcvsshld.exe] ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" ProcessID : 1736 ThreadCreationTime : 5-17-2005 6:01:43 AM BasePriority : Normal FileVersion : 9, 0, 0, 7 ProductVersion : 9, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsshld.exe Comments : McAfee VirusScan ActiveShield Resource #:17 [hplamp.exe] ModuleName : C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe Command Line : "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" ProcessID : 1756 ThreadCreationTime : 5-17-2005 6:01:43 AM BasePriority : Normal #:18 [mcvsescn.exe] ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled ProcessID : 1764 ThreadCreationTime : 5-17-2005 6:01:43 AM BasePriority : Normal FileVersion : 9, 0, 0, 7 ProductVersion : 9, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:19 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 1772 ThreadCreationTime : 5-17-2005 6:01:43 AM BasePriority : Normal FileVersion : 6.14.10.5113 ProductVersion : 6.14.10.5113 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:20 [esched.exe] ModuleName : C:\Program Files\a la mode\Sched\eSched.exe Command Line : "C:\Program Files\a la mode\Sched\eSched.exe" ProcessID : 1800 ThreadCreationTime : 5-17-2005 6:01:44 AM BasePriority : Normal FileVersion : 2.00 ProductVersion : 2.00 ProductName : eDomina Scheduler CompanyName : a la mode, inc. FileDescription : a la mode Schedule Tool InternalName : eSched OriginalFilename : eSched.exe #:21 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ProcessID : 1840 ThreadCreationTime : 5-17-2005 6:01:44 AM BasePriority : Normal #:22 [avgcc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP ProcessID : 1868 ThreadCreationTime : 5-17-2005 6:01:44 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:23 [nsvsvc.exe] ModuleName : C:\WINDOWS\system32\nsvsvc\nsvsvc.exe Command Line : "C:\WINDOWS\system32\nsvsvc\nsvsvc.exe" ProcessID : 1884 ThreadCreationTime : 5-17-2005 6:01:44 AM BasePriority : Normal FileVersion : 2.17.0000 ProductVersion : 2, 1, 7, 0 #:24 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background ProcessID : 1960 ThreadCreationTime : 5-17-2005 6:01:45 AM BasePriority : Normal FileVersion : 6.2.0205 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:25 [vdvenc.exe] ModuleName : c:\windows\system32\vdvenc.exe Command Line : "c:\windows\system32\vdvenc.exe" aucpssq ProcessID : 2000 ThreadCreationTime : 5-17-2005 6:01:45 AM BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. #:26 [pdfsaver3.exe] ModuleName : C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe Command Line : "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" ProcessID : 2036 ThreadCreationTime : 5-17-2005 6:01:46 AM BasePriority : Normal FileVersion : 3.30.0058 ProductVersion : 3.30 ProductName : PDF-XChange 3.0: pdfSaver by Tracker Software Products Ltd. CompanyName : Tracker Software Products Ltd. FileDescription : pdfSaver for PDF-XChange 3.0 InternalName : pdfSaver LegalCopyright : Copyright © 2001-2004 by Tracker Software Products Ltd. LegalTrademarks : Tracker Software Products Ltd. OriginalFilename : pdfSaver3.exe Comments : PDF-XChange 3.0: pdfSaver #:27 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe" ProcessID : 164 ThreadCreationTime : 5-17-2005 6:01:46 AM BasePriority : Normal #:28 [mcvsftsn.exe] ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding ProcessID : 324 ThreadCreationTime : 5-17-2005 6:01:47 AM BasePriority : Normal FileVersion : 9, 0, 0, 0 ProductVersion : 9, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Instant Messenger Scan Module InternalName : mcvsftsn LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsftsn.EXE Comments : McAfee VirusScan Instant Messenger Scan Module #:29 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 504 ThreadCreationTime : 5-17-2005 6:01:47 AM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:30 [avgamsvr.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe ProcessID : 952 ThreadCreationTime : 5-17-2005 6:01:48 AM BasePriority : Normal FileVersion : 7,1,0,307 ProductVersion : 7.1.0.307 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:31 [avgupsvc.exe] ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ProcessID : 1036 ThreadCreationTime : 5-17-2005 6:01:55 AM BasePriority : Normal FileVersion : 7,1,0,285 ProductVersion : 7.1.0.285 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:32 [cisvc.exe] ModuleName : C:\WINDOWS\system32\cisvc.exe Command Line : C:\WINDOWS\system32\cisvc.exe ProcessID : 1152 ThreadCreationTime : 5-17-2005 6:01:55 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:33 [mcvsrte.exe] ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding ProcessID : 1300 ThreadCreationTime : 5-17-2005 6:01:55 AM BasePriority : Normal FileVersion : 9, 0, 0, 10 ProductVersion : 9, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsrte.exe Comments : McAfee VirusScan Real-time Engine #:34 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 1232 ThreadCreationTime : 5-17-2005 6:01:58 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:35 [wdfmgr.exe] ModuleName : C:\WINDOWS\system32\wdfmgr.exe Command Line : C:\WINDOWS\system32\wdfmgr.exe ProcessID : 728 ThreadCreationTime : 5-17-2005 6:01:58 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:36 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 1668 ThreadCreationTime : 5-17-2005 6:01:58 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:37 [mcshield.exe] ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe ProcessID : 2360 ThreadCreationTime : 5-17-2005 6:02:01 AM BasePriority : High #:38 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 2668 ThreadCreationTime : 5-17-2005 6:02:03 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:39 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" ProcessID : 3120 ThreadCreationTime : 5-17-2005 6:02:18 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:40 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3600 ThreadCreationTime : 5-17-2005 6:04:06 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUI3d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUC3n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUs3t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUs3t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUs3t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUs3t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUC1o3d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUT3i5m7eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUD3s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AU3N5a7tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUP3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUT3h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUT3h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUM3o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUI3n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUI3n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUI3n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUB3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUE3v5nt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUT3h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUT3h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUL3n5Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUC3u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUC3n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUI3g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUS3t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUL3a5stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora Value : AUL3a5stSSChckin PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865} PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865} Value : PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839} PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839} Value : PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} Value : PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783} PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783} Value : PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073} PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1 PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1 Value : Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\nail.exe Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\nail.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 41 Objects found so far: 42 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 42 MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3321047756-2433024118-2921857696-1006\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 53 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : File Data : A0111022.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1063\ FileVersion : 5, 15, 0, 15 ProductVersion : 5, 15, 0, 15 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : File Data : A0111023.dll Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1063\ VX2 Object Recognized! Type : File Data : MFEX-1.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1064\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : MFEX-20.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1064\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : MFEX-1.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1065\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : MFEX-20.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1065\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : A0111256.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1066\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : A0111266.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1066\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : MFEX-1.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1066\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : MFEX-20.DAT Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1066\snapshot\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll VX2 Object Recognized! Type : File Data : A0111287.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111288.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111327.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111351.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1068\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111352.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1068\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111449.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1068\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111470.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1068\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0111472.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1068\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\SYSTEM32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 72 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 72 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} PromulGate Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dvx PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dvx Value : stubid PromulGate Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dvx Value : id Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 80 11:30:02 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:21:54.953 Objects scanned:208974 Objects identified:68 Objects ignored:0 New critical objects:68