Scan saved at 10:23:28 AM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Comcast\Security Manager\app\Prism.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINNT\system32\cfgxml.exe
C:\Documents and Settings\Owner\My Documents\FreeRAM XP Pro 1.40.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Consumer Input\ConsumerInputUa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Consumer Input\ConsumerInput.exe
C:\WINNT\system32\cfgxml.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\n?lookup.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.c...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.c...orms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://web.ask.com/web?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\AUserInit.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_76.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D4FF-EB2CF4D5FA7D} - (no file)
O2 - BHO: (no name) - {4FAD4528-9046-22B0-D558-6C550AAF2A3F} - C:\WINNT\System32\ttwhows.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B9733B3A-F6F1-8054-8035-804DF0A028B6} - C:\WINNT\system32\yfql.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O3 - Toolbar: Security Manager Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [OSS] c:\winnt\system32\rk.exe -boot
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\My Documents\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files\Consumer Input\ConsumerInputUa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Consumer Input] C:\Program Files\Consumer Input\ConsumerInput.exe
O4 - HKCU\..\Run: [AbsoluteControl] C:\Program Files\AbsoluteControl\\AbsoluteControl.exeU
O4 - HKCU\..\Run: [cfgxml] C:\WINNT\system32\cfgxml.exe
O4 - HKCU\..\RunOnce: [cfgxml] C:\WINNT\system32\cfgxml.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZHxdm011XXUS
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\Failsafe\GuardIE\PnIE.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://vosmail.ci.s...l.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://www.relevantk...onfig/setup.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://vosmail.ci.s....us/iNotes6.cab
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/do...askbar-inst.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.reciperew...ciperewards.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} (Setup Class) - http://www.consumeri...ine/dcainst.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
Adware Log also attached below
d-Aware SE Build 1.05
Logfile Created on:Friday, May 06, 2005 6:05:04 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):9 total references
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):13 total references
CometSystems(TAC index:8):1 total references
ie2bar(TAC index:0):5 total references
eUniverse(TAC index:10):1 total references
EzuLa(TAC index:6):1 total references
Hijacker.TopConverting(TAC index:5):2 total references
IBIS Toolbar(TAC index:5):435 total references
Marketscore(Netsetter)(TAC index:7):9 total references
MediaMotor(TAC index:8):4 total references
MRU List(TAC index:0):38 total references
Other(TAC index:5):14 total references
OverPro(TAC index:3):10 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Prutect(TAC index:8):43 total references
StatBlaster(TAC index:8):4 total references
Tracking Cookie(TAC index:3):4 total references
Zango(TAC index:6):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:40 %
Total physical memory:522992 kb
Available physical memory:205348 kb
Total page file size:1278044 kb
Available on page file:981660 kb
Total virtual memory:2097024 kb
Available virtual memory:2039548 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-6-2005 6:05:04 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 608
ThreadCreationTime : 5-6-2005 10:56:07 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 692
ThreadCreationTime : 5-6-2005 10:56:10 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 716
ThreadCreationTime : 5-6-2005 10:56:11 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 760
ThreadCreationTime : 5-6-2005 10:56:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 772
ThreadCreationTime : 5-6-2005 10:56:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k DcomLaunch
ProcessID : 924
ThreadCreationTime : 5-6-2005 10:56:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 1000
ThreadCreationTime : 5-6-2005 10:56:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 1104
ThreadCreationTime : 5-6-2005 10:56:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k NetworkService
ProcessID : 1160
ThreadCreationTime : 5-6-2005 10:56:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k LocalService
ProcessID : 1272
ThreadCreationTime : 5-6-2005 10:56:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 1572
ThreadCreationTime : 5-6-2005 10:56:13 PM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe
#:12 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1584
ThreadCreationTime : 5-6-2005 10:56:13 PM
BasePriority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1600
ThreadCreationTime : 5-6-2005 10:56:13 PM
BasePriority : Normal
FileVersion : 5.4.3.11
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:14 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1624
ThreadCreationTime : 5-6-2005 10:56:14 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:15 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1668
ThreadCreationTime : 5-6-2005 10:56:15 PM
BasePriority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:16 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 484
ThreadCreationTime : 5-6-2005 10:56:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:17 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 672
ThreadCreationTime : 5-6-2005 10:56:23 PM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe
#:18 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 940
ThreadCreationTime : 5-6-2005 10:56:23 PM
BasePriority : Normal
FileVersion : 11.0.1.3
ProductVersion : 11.0.1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:19 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1060
ThreadCreationTime : 5-6-2005 10:56:23 PM
BasePriority : Normal
FileVersion : 11.0.1.3
ProductVersion : 11.0.1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
#:20 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 1176
ThreadCreationTime : 5-6-2005 10:56:26 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:21 [prismxl.sys]
ModuleName : C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
Command Line : "C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS"
ProcessID : 1228
ThreadCreationTime : 5-6-2005 10:56:26 PM
BasePriority : Normal
FileVersion : 5.0
ProductVersion : 5.0
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : Copyright © 1997-2003 New Boundary Technologies, Inc.
OriginalFilename : PrismXL.sys
#:22 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 1448
ThreadCreationTime : 5-6-2005 10:56:27 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:23 [tbpssvc.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPSSvc.exe
Command Line : C:\PROGRA~1\Toolbar\TBPSSvc.exe
ProcessID : 1560
ThreadCreationTime : 5-6-2005 10:56:28 PM
BasePriority : Normal
IBIS Toolbar Object Recognized!
Type : Process
Data : TBPSSvc.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Toolbar\
Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\Toolbar\TBPSSvc.exe)
"C:\PROGRA~1\Toolbar\TBPSSvc.exe"Process terminated successfully
"C:\PROGRA~1\Toolbar\TBPSSvc.exe"Process terminated successfully
#:24 [wdfmgr.exe]
ModuleName : C:\WINNT\system32\wdfmgr.exe
Command Line : C:\WINNT\system32\wdfmgr.exe
ProcessID : 1724
ThreadCreationTime : 5-6-2005 10:56:30 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:25 [mspmspsv.exe]
ModuleName : C:\WINNT\System32\MsPMSPSv.exe
Command Line : C:\WINNT\System32\MsPMSPSv.exe
ProcessID : 1780
ThreadCreationTime : 5-6-2005 10:56:30 PM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:26 [alg.exe]
ModuleName : C:\WINNT\System32\alg.exe
Command Line : C:\WINNT\System32\alg.exe
ProcessID : 2552
ThreadCreationTime : 5-6-2005 10:56:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 3032
ThreadCreationTime : 5-6-2005 10:56:49 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! Prutect Object found in memory(C:\Program Files\ie2\ie2bar.dll)
Prutect Object Recognized!
Type : Process
Data : ie2bar.dll
Category : Malware
Comment :
Object : C:\Program Files\ie2\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : ie2 plugin
CompanyName : ie2bar, LLC
FileDescription : http://ie2bar.com/license.html
InternalName : ie2bar.dll
LegalCopyright : Copyright © 2003 ie2bar, LLC
OriginalFilename : ie2bar.dll
Comments : ie2 plugin
#:28 [ezsp_px.exe]
ModuleName : C:\WINNT\system32\ezSP_Px.exe
Command Line : "C:\WINNT\system32\ezSP_Px.exe"
ProcessID : 3172
ThreadCreationTime : 5-6-2005 10:56:51 PM
BasePriority : Normal
#:29 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 3196
ThreadCreationTime : 5-6-2005 10:56:52 PM
BasePriority : Normal
#:30 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 3204
ThreadCreationTime : 5-6-2005 10:56:52 PM
BasePriority : Normal
FileVersion : 103.0.3.8
ProductVersion : 103.0.3.8
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 3248
ThreadCreationTime : 5-6-2005 10:56:52 PM
BasePriority : Normal
FileVersion : 6.3
ProductVersion : QuickTime 6.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:32 [gwmdmmsg.exe]
ModuleName : C:\WINNT\GWMDMMSG.exe
Command Line : "C:\WINNT\GWMDMMSG.exe"
ProcessID : 3264
ThreadCreationTime : 5-6-2005 10:56:52 PM
BasePriority : Normal
FileVersion : 3.4.22 08/06/2002 14:26:16
ProductVersion : 3.4.22 08/06/2002 14:26:16
ProductName : GTW Modem Messaging Applet
CompanyName : GTW
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © GTW 1998-2000
OriginalFilename : smdmstat.exe
#:33 [pronomgr.exe]
ModuleName : C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Command Line : "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
ProcessID : 3344
ThreadCreationTime : 5-6-2005 10:56:52 PM
BasePriority : Normal
FileVersion : 6.1.42.0
ProductVersion : 6.1.42.0
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe
#:34 [rundll32.exe]
ModuleName : C:\WINNT\system32\rundll32.exe
Command Line : "C:\WINNT\system32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
ProcessID : 3376
ThreadCreationTime : 5-6-2005 10:56:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:35 [tbps.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPS.exe
Command Line : "C:\PROGRA~1\Toolbar\TBPS.exe"
ProcessID : 3436
ThreadCreationTime : 5-6-2005 10:56:53 PM
BasePriority : Normal
#:36 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 3580
ThreadCreationTime : 5-6-2005 10:56:54 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : 6.5
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2001 Gateway, Inc.
Comments : http://www.billp.com
#:37 [pib.exe]
ModuleName : C:\PROGRA~1\Toolbar\PIB.exe
Command Line : C:\PROGRA~1\Toolbar\PIB.exe
ProcessID : 3604
ThreadCreationTime : 5-6-2005 10:56:54 PM
BasePriority : Realtime
#:38 [freeram xp pro 1.40.exe]
ModuleName : C:\Documents and Settings\Owner\My Documents\FreeRAM XP Pro 1.40.exe
Command Line : "C:\Documents and Settings\Owner\My Documents\FreeRAM XP Pro 1.40.exe" -win
ProcessID : 3680
ThreadCreationTime : 5-6-2005 10:56:55 PM
BasePriority : Normal
FileVersion : 1.4.0.0
ProductVersion : 1.0.0.0
ProductName : FRXPRO
CompanyName : YourWare Solutions
FileDescription : FreeRAM XP Pro (YourWare Solutions)
InternalName : FRXPRO
LegalCopyright : Copyright YourWare Solutions , 2001-2003
LegalTrademarks : YourWare Solutions, FreeRAM XP, FreeRAM XP Lite, FreeRAM XP Professional
OriginalFilename : FRXPRO
Comments : Freeware application that frees and defragments your computer's memory to increse performance. Enjoy! Visit website for periodic updates.
#:39 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3700
ThreadCreationTime : 5-6-2005 10:56:55 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:40 [cfgxml.exe]
ModuleName : C:\WINNT\system32\cfgxml.exe
Command Line : "C:\WINNT\system32\cfgxml.exe"
ProcessID : 3720
ThreadCreationTime : 5-6-2005 10:56:55 PM
BasePriority : Normal
FileVersion : 1.00.0290
ProductVersion : 1.00.0290
CompanyName : mcsft
InternalName : skytown
OriginalFilename : skytown.exe
Warning! Prutect Object found in memory(C:\WINNT\system32\cfgxml.exe)
Prutect Object Recognized!
Type : Process
Data : cfgxml.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1.00.0290
ProductVersion : 1.00.0290
CompanyName : mcsft
InternalName : skytown
OriginalFilename : skytown.exe
"C:\WINNT\system32\cfgxml.exe"Process terminated successfully
"C:\WINNT\system32\cfgxml.exe"Process terminated successfully
#:41 [msiexec.exe]
ModuleName : C:\WINNT\system32\msiexec.exe
Command Line : C:\WINNT\system32\msiexec.exe /V
ProcessID : 2840
ThreadCreationTime : 5-6-2005 10:57:22 PM
BasePriority : Normal
#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1024
ThreadCreationTime : 5-6-2005 11:00:44 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
Val
Edited by david7218, 06 May 2005 - 07:31 PM.