so here we go, any help appreciated
Ad-Aware SE Build 1.05
Logfile Created on:27 April 2005 11:05:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor(TAC index:8):40 total references
MRU List(TAC index:0):27 total references
Other(TAC index:5):1 total references
SahAgent(TAC index:9):20 total references
Tracking Cookie(TAC index:3):11 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
27-04-2005 11:05:17 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Matt\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1004336348-789336058-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 27-04-2005 08:23:07
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 27-04-2005 08:23:08
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 27-04-2005 08:23:09
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 27-04-2005 08:23:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 932
ThreadCreationTime : 27-04-2005 08:23:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 27-04-2005 08:23:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1392
ThreadCreationTime : 27-04-2005 08:23:13
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1412
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:13 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1424
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 27-04-2005 08:23:14
BasePriority : Normal
FileVersion : 5.13.01.2183
ProductVersion : 5.13.01.2183
ProductName : NVIDIA Driver Helper Service, Version 21.83
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 21.83
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1568
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1628
ThreadCreationTime : 27-04-2005 08:23:15
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:17 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1772
ThreadCreationTime : 27-04-2005 08:23:16
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 644
ThreadCreationTime : 27-04-2005 08:23:57
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:19 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 27-04-2005 08:23:59
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 22
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\System32\devldr32.exe"Process terminated successfully
#:20 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 1640
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 5.10 (105)
ProductVersion : 5.10 (105)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"Process terminated successfully
#:21 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\
ProcessID : 1652
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 1.0.10.0
ProductVersion : 1.00.10
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2001 Creative Technology Ltd
OriginalFilename : diagent.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE"Process terminated successfully
#:22 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 1680
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"Process terminated successfully
#:23 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1688
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully
#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1696
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully
#:25 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ProcessID : 1704
ThreadCreationTime : 27-04-2005 08:24:00
BasePriority : Normal
FileVersion : 6.0.0.1208
ProductVersion : 6.0.0.1208
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2001 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE"Process terminated successfully
#:26 [versioncuetray.exe]
FilePath : C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\
ProcessID : 1712
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe"Process terminated successfully
#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1720
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
#:28 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1732
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:29 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1744
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"Process terminated successfully
#:30 [abasa5jrp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1852
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : Process
Data : abasa5jrp.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\abasa5jrp.exe)
"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully
"C:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully
#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1876
ThreadCreationTime : 27-04-2005 08:24:01
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:32 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1916
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1948
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\System32\ctfmon.exe"Process terminated successfully
#:34 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1984
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:35 [ioutsj.exe]
FilePath : c:\windows\system32\
ProcessID : 1980
ThreadCreationTime : 27-04-2005 08:24:02
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"c:\windows\system32\ioutsj.exe"Process terminated successfully
#:36 [wlm.exe]
FilePath : C:\Program Files\BT Voyager\BT Voyager Wireless\
ProcessID : 200
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 3, 1, 4, 15
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ASKEY
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2001
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility
#:37 [hpobrt07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ProcessID : 1180
ThreadCreationTime : 27-04-2005 08:24:03
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOBRT07.EXE
Comments : HP OfficeJet PSC 7 Series COM Device Objects
#:38 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 436
ThreadCreationTime : 27-04-2005 08:24:04
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
#:39 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 2236
ThreadCreationTime : 27-04-2005 08:24:08
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager
#:40 [hpoipm07.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 27-04-2005 08:24:10
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)
SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
"C:\WINDOWS\System32\hpoipm07.exe"Process terminated successfully
#:41 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 3884
ThreadCreationTime : 27-04-2005 08:24:31
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.03.05
ProductName : hp psc 700 series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status
#:42 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 152
ThreadCreationTime : 27-04-2005 09:48:17
BasePriority : Normal
#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3956
ThreadCreationTime : 27-04-2005 10:04:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 44
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :
MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3trMsgSDisp
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2o3pListSPos
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky1S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky2S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky3S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYs2t3icky4S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC1o2d3eOfSFinalAd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2i3m4eOfSFinalAd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYD2s3tSSEnd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PY2N3a4tionSCode
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYP2D3om
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSCheckSIn
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSMots
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYM2o3deSSync
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSCab
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSEx
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2n3ProgSLstest
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stMotsSDay
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2a3stSSChckin
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYB2D3om
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYE2v3nt
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSBath
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYT2h3rshSysSInf
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYL2n3Title
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2u3rrentSMode
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYC2n3tFyl
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2g3noreS
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1004336348-789336058-725345543-1003\software\pynix
Value : PYI2d3OfSInst
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 80
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor Object Recognized!
Type : Regkey
Data : C:\WINDOWS\Pynix.dll
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}
MediaMotor Object Recognized!
Type : File
Data : pynix.dll
Category : Malware
Comment :
Object : c:\windows\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com
MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj
Value :
MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1
Value :
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 86
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@bluestreak[2].txt
Category : Data Miner
Comment : Hits:55
Value : Cookie:matt@bluestreak.com/
Expires : 25-04-2015 05:14:28
LastSync : Hits:55
UseCount : 0
Hits : 55
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:matt@tradedoubler.com/
Expires : 22-04-2025 09:12:32
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:matt@imrworldwide.com/cgi-bin
Expires : 22-04-2015 10:07:14
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@apmebf[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@apmebf.com/
Expires : 26-04-2010 09:17:02
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:matt@zedo.com/
Expires : 23-04-2015 09:59:06
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@etype.adbureau[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:matt@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : matt@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:matt@trafficmp.com/
Expires : 26-04-2006 13:49:58
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 93
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@doubleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jess@www.shopathomeselect[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jess\Cookies\jess@www.shopathomeselect[1].txt
MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\
MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temp\DrTemp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com
MediaMotor Object Recognized!
Type : File
Data : pynix[1].cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5�
Sign In
Create Account
