Andy,
Thanks for taking a look at this. I very much appreciate it. I made your requested adjustments, and for some reason, this search turned up a TON more malware than I'm used to seeing...
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 1:04:42 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):5 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):69 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
5-12-2005 1:02:06 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
5-12-2005 1:02:16 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:261124 kb
Available physical memory:73364 kb
Total page file size:629904 kb
Available on page file:339280 kb
Total virtual memory:2097024 kb
Available virtual memory:2032896 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-12-2005 1:04:42 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-10-2005 4:35:56 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 512
ThreadCreationTime : 5-10-2005 4:36:05 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 536
ThreadCreationTime : 5-10-2005 4:36:06 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 580
ThreadCreationTime : 5-10-2005 4:36:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 592
ThreadCreationTime : 5-10-2005 4:36:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 744
ThreadCreationTime : 5-10-2005 4:36:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 824
ThreadCreationTime : 5-10-2005 4:36:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 5-10-2005 4:36:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 932
ThreadCreationTime : 5-10-2005 4:36:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 5-10-2005 4:36:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1256
ThreadCreationTime : 5-10-2005 4:36:09 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1332
ThreadCreationTime : 5-10-2005 4:36:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:13 [cisvc.exe]
ModuleName : C:\WINDOWS\system32\cisvc.exe
Command Line : C:\WINDOWS\system32\cisvc.exe
ProcessID : 1432
ThreadCreationTime : 5-10-2005 4:36:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:14 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1464
ThreadCreationTime : 5-10-2005 4:36:10 AM
BasePriority : Normal
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
ProductName : McAfee.com VirusScan Online
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com VirusScan Online Realtime Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2002 McAfee.com Corporation
OriginalFilename : mcvsrte.exe
#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1500
ThreadCreationTime : 5-10-2005 4:36:10 AM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:16 [retrorun.exe]
ModuleName : C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
Command Line : C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
ProcessID : 1528
ThreadCreationTime : 5-10-2005 4:36:10 AM
BasePriority : Normal
FileVersion : 6.0.222
ProductVersion : 6.0
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect
InternalName :
LegalCopyright : Copyright Dantz 1989-2002
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : retrorun.exe
#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1732
ThreadCreationTime : 5-10-2005 4:36:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [jqicqx.exe]
ModuleName : C:\WINDOWS\system32\jqicqx.exe
Command Line : "C:\WINDOWS\system32\jqicqx.exe"
ProcessID : 2016
ThreadCreationTime : 5-10-2005 4:36:12 AM
BasePriority : Normal
#:19 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 2032
ThreadCreationTime : 5-10-2005 4:36:12 AM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
#:20 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 2044
ThreadCreationTime : 5-10-2005 4:36:12 AM
BasePriority : Normal
FileVersion : 1.82.557
ProductVersion : 1.82
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : Copyright © Logitech Inc. 1998-2001.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments :
#:21 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 180
ThreadCreationTime : 5-10-2005 4:36:13 AM
BasePriority : High
#:22 [em_exec.exe]
ModuleName : C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Command Line : "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"
ProcessID : 200
ThreadCreationTime : 5-10-2005 4:36:13 AM
BasePriority : Normal
FileVersion : 9.41.8
ProductVersion : 9.41.3
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:23 [dsentry.exe]
ModuleName : C:\WINDOWS\System32\DSentry.exe
Command Line : "C:\WINDOWS\System32\DSentry.exe"
ProcessID : 216
ThreadCreationTime : 5-10-2005 4:36:13 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 1, 0, 2, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.
#:24 [mcagent.exe]
ModuleName : C:\Program Files\McAfee.com\Agent\mcagent.exe
Command Line : "C:\Program Files\McAfee.com\Agent\mcagent.exe"
ProcessID : 224
ThreadCreationTime : 5-10-2005 4:36:13 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 26
ProductVersion : 4, 1, 0, 0
ProductName : McAfee.com SecurityCenter
CompanyName : McAfee.com Corporation
FileDescription : McAfee.com SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 McAfee.com Corporation
OriginalFilename : mcagent.exe
#:25 [mcvsshld.exe]
ModuleName : C:\program files\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\program files\mcafee.com\vso\mcvsshld.exe"
ProcessID : 492
ThreadCreationTime : 5-10-2005 4:36:14 AM
BasePriority : Normal
FileVersion : 4, 4, 0, 10
ProductVersion : 4, 4, 0, 0
ProductName : McAfee.com VirusScan Online
CompanyName : Mcafee.com Corporation
FileDescription : McAfee.com ActiveShield
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2002 McAfee.com Corporation
OriginalFilename : mcvsshld.exe
#:26 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 648
ThreadCreationTime : 5-10-2005 4:36:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:27 [support.exe]
ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe
Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
ProcessID : 700
ThreadCreationTime : 5-10-2005 4:36:15 AM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe
#:28 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 628
ThreadCreationTime : 5-10-2005 4:36:16 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:29 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 996
ThreadCreationTime : 5-10-2005 4:36:19 AM
BasePriority : Normal
#:30 [onetouch.exe]
ModuleName : C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
Command Line : "C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe"
ProcessID : 1144
ThreadCreationTime : 5-10-2005 4:36:23 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Maxtor OneTouch
CompanyName : Maxtor
FileDescription : Maxtor OneTouch Detection
InternalName : ComboButton
LegalCopyright : Copyright © 2003 Maxtor Corp.
OriginalFilename : OneTouch.EXE
#:31 [mxoaldr.exe]
ModuleName : C:\WINDOWS\MXOALDR.EXE
Command Line : "C:\WINDOWS\MXOALDR.EXE"
ProcessID : 1216
ThreadCreationTime : 5-10-2005 4:36:24 AM
BasePriority : Normal
FileVersion : 6.00.1010.0
ProductVersion : 6.00.1010.0
ProductName : MXO Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Maxtor MXO Auto Loader Application
InternalName : MXOALDR.EXE
LegalCopyright : Copyright © 1998-2002 Cypress Semiconductor
OriginalFilename : MXOALDR.EXE
#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1232
ThreadCreationTime : 5-10-2005 4:36:24 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:33 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1240
ThreadCreationTime : 5-10-2005 4:36:24 AM
BasePriority : Idle
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:34 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1292
ThreadCreationTime : 5-10-2005 4:36:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:35 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1600
ThreadCreationTime : 5-10-2005 4:36:26 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:36 [tbctray.exe]
ModuleName : C:\WINDOWS\SYSTEM32\tbctray.exe
Command Line : "C:\WINDOWS\SYSTEM32\tbctray.exe"
ProcessID : 1660
ThreadCreationTime : 5-10-2005 4:36:28 AM
BasePriority : Normal
FileVersion : 5.12.01.4161-2929
ProductVersion : 1.0.4161
ProductName : Turtle Beach Santa Cruz
CompanyName : Voyetra Turtle Beach, Inc.
FileDescription : Santa Cruz Control Panel Launcher
InternalName : Santa Cruz
LegalCopyright : Copyright © 2000-2002 Voyetra Turtle Beach, Inc. All Rights Reserved
LegalTrademarks : Santa Cruz is a trademark of Voyetra Turtle Beach, Inc.
OriginalFilename : TbcTray.EXE
Comments :
#:37 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1808
ThreadCreationTime : 5-10-2005 4:36:31 AM
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:38 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2120
ThreadCreationTime : 5-10-2005 4:36:34 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:39 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 2716
ThreadCreationTime : 5-10-2005 4:37:07 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe
#:40 [msbntray.exe]
ModuleName : C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
Command Line : "C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe"
ProcessID : 2828
ThreadCreationTime : 5-10-2005 4:37:19 AM
BasePriority : Normal
FileVersion : 2.2.731
ProductVersion : 2.2.731
ProductName : Microsoft Broadband Networking Software
CompanyName : Microsoft Corporation
FileDescription : Microsoft Broadband Networking Tray Application
InternalName : MSBNTray.exe
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation
OriginalFilename : MSBNTray.exe
#:41 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\program files\dell\support\ui\search\catalog.wci" 196672l 1432l
ProcessID : 2224
ThreadCreationTime : 5-10-2005 4:43:38 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:42 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1432l
ProcessID : 1140
ThreadCreationTime : 5-10-2005 4:43:43 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:43 [notifyalert.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer
ProcessID : 2984
ThreadCreationTime : 5-11-2005 4:36:24 AM
BasePriority : Normal
#:44 [omjiqp.exe]
ModuleName : c:\windows\system32\omjiqp.exe
Command Line : "c:\windows\system32\omjiqp.exe" cfimzpr
ProcessID : 1052
ThreadCreationTime : 5-11-2005 4:37:49 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:45 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
ProcessID : 3840
ThreadCreationTime : 5-12-2005 4:36:41 AM
BasePriority : Normal
FileVersion : 0.1.0.3275
ProductVersion : 0.1.0.3275
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:46 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3236
ThreadCreationTime : 5-12-2005 5:59:35 AM
BasePriority : Normal
#:47 [wmplayer.exe]
ModuleName : C:\Program Files\Windows Media Player\wmplayer.exe
Command Line : "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:7 /SHELLHLP_V9 Play /DataObject:NEFEPEHFBAAAAAAAOABAAAAAAAAAAAAAAMAAAAAAAAAAAAGEAAAAAAAAFAAAAAAACNNOAAAPPFBJNPCCLFOFINFFCJAJGIEOADAGAAAAIOEAIKOACJKKKOLGMHCNELKAAAAAAAAA
ProcessID : 2892
ThreadCreationTime : 5-12-2005 6:00:14 AM
BasePriority : Normal
FileVersion : 9.00.00.3250
ProductVersion : 9.00.00.3250
ProductName : Microsoft® Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE
#:48 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3384
ThreadCreationTime : 5-12-2005 6:01:30 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLI9d1OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLC9n1trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLT9o1pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLs9t1icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLs9t1icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLs9t1icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLs9t1icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLC1o9d1eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLT9i1m4eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLD9s1tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BL9N1a4tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLP9D1om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLT9h1rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLT9h1rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLM9o1deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLI9n1ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLI9n1ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLI9n1ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLL9a1stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLL9a1stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLC9n1tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\bolger
Value : BLE9v1nt
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3d5OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUS3t5atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1160468939-2164281394-1618652938-1006\software\aurora
Value : AUL3a5stSSChckin
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 58
Objects found so far: 59
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hand release@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:hand
[email protected]/
Expires : 5-10-2010 8:00:58 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hand release@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hand
[email protected]/HTM/586/0
Expires : 5-11-2006 8:52:42 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hand release@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:hand
[email protected]/
Expires : 5-9-2015 8:53:26 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hand release@revenue[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:hand
[email protected]/
Expires : 6-10-2022 12:05:42 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hand
[email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:hand
[email protected]/
Expires : 1-17-2038 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 64
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : DrPMon[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Hand Release\Local Settings\Temporary Internet Files\Content.IE5\6772R3E7\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
VX2 Object Recognized!
Type : File
Data : Poller[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Hand Release\Local Settings\Temporary Internet Files\Content.IE5\MVRN5K1O\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : 8A5818C5-FC87-484D-8A8C-391DBA
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\3D76AD40-9B2A-453F-93D6-E9174E\
FileVersion : 0, 12, 4, 96
ProductVersion : 0, 12, 4, 96
ProductName : bolger
CompanyName : Bolger
FileDescription : www.abetterinternet.com
InternalName : bolger
LegalCopyright : Copyright © 2005
OriginalFilename : bolger.dll
Comments : www.abetterinternet.com
VX2 Object Recognized!
Type : File
Data : 8FCCE1BD-4848-4821-81BD-3C2CA1
Category : Malware
Comment :
Object : C:\Program Files\Microsof