Thanks!
Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 06, 2005 9:55:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):3 total references
EzuLa(TAC index:6):6 total references
IBIS Toolbar(TAC index:5):4 total references
Instafinder(TAC index:4):10 total references
MediaMotor(TAC index:8):10 total references
StatBlaster(TAC index:8):1 total references
VX2(TAC index:10):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
5-6-2005 9:53:11 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
5-6-2005 9:53:20 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:9 %
Total physical memory:130544 kb
Available physical memory:10788 kb
Total page file size:309884 kb
Available on page file:74240 kb
Total virtual memory:2097024 kb
Available virtual memory:2043864 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-6-2005 9:55:35 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 156
ThreadCreationTime : 5-7-2005 3:35:15 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 180
ThreadCreationTime : 5-7-2005 3:35:25 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 200
ThreadCreationTime : 5-7-2005 3:35:27 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 228
ThreadCreationTime : 5-7-2005 3:35:30 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 240
ThreadCreationTime : 5-7-2005 3:35:30 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 424
ThreadCreationTime : 5-7-2005 3:35:35 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 452
ThreadCreationTime : 5-7-2005 3:35:36 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 480
ThreadCreationTime : 5-7-2005 3:35:36 AM
BasePriority : Normal
#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\ati2evxx.exe
Command Line : C:\WINNT\System32\ati2evxx.exe
ProcessID : 524
ThreadCreationTime : 5-7-2005 3:35:42 AM
BasePriority : Normal
#:10 [avgserv.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Command Line : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
ProcessID : 556
ThreadCreationTime : 5-7-2005 3:35:50 AM
BasePriority : Normal
FileVersion : 6.0.1.696
ProductVersion : 6.0.1.696
ProductName : AVG6
CompanyName : GRISOFT s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
LegalCopyright : Copyright © GRISOFT 1998-2004
OriginalFilename : AvgServ
#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 568
ThreadCreationTime : 5-7-2005 3:35:51 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe
#:12 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 620
ThreadCreationTime : 5-7-2005 3:35:56 AM
BasePriority : Normal
FileVersion : 9.0.504.0
ProductVersion : 9.0.504.0
ProductName : Diskeeper Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE
#:13 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 640
ThreadCreationTime : 5-7-2005 3:36:02 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:14 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 696
ThreadCreationTime : 5-7-2005 3:36:09 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:15 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 400
ThreadCreationTime : 5-7-2005 3:36:11 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:16 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 788
ThreadCreationTime : 5-7-2005 3:36:14 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:17 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 868
ThreadCreationTime : 5-7-2005 3:36:17 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:18 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 880
ThreadCreationTime : 5-7-2005 3:36:21 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:19 [wzcbdls.exe]
ModuleName : C:\Program Files\WZCBDL Service\WZCBDLS.exe
Command Line : "C:\Program Files\WZCBDL Service\WZCBDLS.exe"
ProcessID : 900
ThreadCreationTime : 5-7-2005 3:36:21 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 20319
ProductVersion : 1, 0, 0, 20319
ProductName : WZCBDLService Launcher (NT)
CompanyName : D-Link
FileDescription : WZCBDLService Launcher
InternalName : WZCBDLS
LegalCopyright : Copyright © 2002, D-Link Corporation
OriginalFilename : WZCBDLS.exe
#:20 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 1484
ThreadCreationTime : 5-7-2005 3:37:30 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:21 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 1492
ThreadCreationTime : 5-7-2005 3:39:04 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe
#:22 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : C:\WINNT\Explorer.exe
ProcessID : 1372
ThreadCreationTime : 5-7-2005 3:39:36 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:23 [gwhotkey.exe]
ModuleName : C:\WINNT\GWHotKey.exe
Command Line : "C:\WINNT\GWHotKey.exe"
ProcessID : 1592
ThreadCreationTime : 5-7-2005 3:40:01 AM
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-2000 Gateway, Inc.
Comments : http://www.billp.com
#:24 [aircfg.exe]
ModuleName : C:\Program Files\D-Link\Air Utility\AirCFG.exe
Command Line : "C:\Program Files\D-Link\Air Utility\AirCFG.exe"
ProcessID : 1612
ThreadCreationTime : 5-7-2005 3:40:08 AM
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002©, D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE
#:25 [avgcc32.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe" /STARTUP
ProcessID : 1620
ThreadCreationTime : 5-7-2005 3:40:10 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
LegalCopyright : Copyright © 2003 GRISOFT s.r.o.
OriginalFilename : AvgCC32.EXE
#:26 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1648
ThreadCreationTime : 5-7-2005 3:40:18 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:27 [incmail.exe]
ModuleName : C:\Program Files\IncrediMail\bin\IncMail.exe
Command Line : "C:\Program Files\IncrediMail\bin\IncMail.exe"
ProcessID : 1664
ThreadCreationTime : 5-7-2005 3:40:39 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediMail
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : INCMAIL.EXE
#:28 [imapp.exe]
ModuleName : C:\PROGRA~1\INCRED~1\bin\IMApp.exe
Command Line : C:\PROGRA~1\INCRED~1\bin\IMApp.exe -Embedding
ProcessID : 1676
ThreadCreationTime : 5-7-2005 3:40:52 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1606
ProductVersion : 3, 0, 0, 1606
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE
#:29 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 680
ThreadCreationTime : 5-7-2005 3:43:58 AM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:30 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe"
ProcessID : 1696
ThreadCreationTime : 5-7-2005 3:47:56 AM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:31 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1560
ThreadCreationTime : 5-7-2005 3:49:39 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1700
ThreadCreationTime : 5-7-2005 3:52:22 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MediaMotor Object Recognized!
Type : File
Data : ceres.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\
MediaMotor Object Recognized!
Type : File
Data : farmmext.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI3EFC.tmp\
MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\
MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com
MediaMotor Object Recognized!
Type : File
Data : spike.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temp\THI55DD.tmp\
MediaMotor Object Recognized!
Type : File
Data : ceres[1].cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\67W3EPG9\
180Solutions Object Recognized!
Type : File
Data : ppq12F.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : ppq137.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : ppq139.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
EzuLa Object Recognized!
Type : File
Data : ppq143.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000
EzuLa Object Recognized!
Type : File
Data : ppq145.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000
EzuLa Object Recognized!
Type : File
Data : ppq147.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000
MediaMotor Object Recognized!
Type : File
Data : ppq149.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 6.03
ProductVersion : 6.03
ProductName : DemoCtla
CompanyName : df
InternalName : mm63
OriginalFilename : mm63.ocx
StatBlaster Object Recognized!
Type : File
Data : ppq14B.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
MediaMotor Object Recognized!
Type : File
Data : ppq151.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com
MediaMotor Object Recognized!
Type : File
Data : ppq153.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 12, 4, 74
ProductVersion : 0, 12, 4, 74
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2004
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com
VX2 Object Recognized!
Type : File
Data : ppq15B.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002
VX2 Object Recognized!
Type : File
Data : ppq15D.tmp
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002
IBIS Toolbar Object Recognized!
Type : File
Data : ppq27F.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\
Instafinder Object Recognized!
Type : File
Data : instafin.dll
Category : Malware
Comment :
Object : C:\WINNT\Downloaded Program Files\
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
MediaMotor Object Recognized!
Type : File
Data : sixtypopsix.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 6.04
ProductVersion : 6.04
ProductName : pop64
CompanyName : Network1
InternalName : sixtypopsix
OriginalFilename : sixtypopsix.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 21
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINNT\iLookup
EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINNT\iNetPal
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drp1.tmp
VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DrTemp
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer
Value : ServerProc
Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : CfgID
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : ConfigCode
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : ClientID
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : BarID
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : InstallTime
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : LastConfigDown
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : SetupInit
Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafin
Value : InstallReport
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 42
10:20:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:24:26.178
Objects scanned:83926
Objects identified:42
Objects ignored:0
New critical objects:42