thanks for your help here is my log ,i think i did rigth this time
Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 23, 2005 7:20:48 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):2 total references
begin2search(TAC index:3):7 total references
BookedSpace(TAC index:10):15 total references
DealHelper(TAC index:7):1 total references
FizzleBar(TAC index:5):1 total references
IBIS Toolbar(TAC index:5):19 total references
ImIServer IEPlugin(TAC index:5):3 total references
SahAgent(TAC index:9):4 total references
Tracking Cookie(TAC index:3):16 total references
Windows(TAC index:3):1 total references
WindUpdates(TAC index:8):1 total references
VX2(TAC index:10):40 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:38 %
Total physical memory:490992 kb
Available physical memory:185280 kb
Total page file size:757240 kb
Available on page file:522304 kb
Total virtual memory:2097024 kb
Available virtual memory:2033204 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-23-2005 7:20:48 AM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 540
ThreadCreationTime : 5-23-2000 2:06:00 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 580
ThreadCreationTime : 5-23-2000 2:06:01 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 604
ThreadCreationTime : 5-23-2000 2:06:01 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 652
ThreadCreationTime : 5-23-2000 2:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 664
ThreadCreationTime : 5-23-2000 2:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 820
ThreadCreationTime : 5-23-2000 2:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 884
ThreadCreationTime : 5-23-2000 2:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 956
ThreadCreationTime : 5-23-2000 2:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1020
ThreadCreationTime : 5-23-2000 2:06:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1140
ThreadCreationTime : 5-23-2000 2:06:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1280
ThreadCreationTime : 5-23-2000 2:06:05 PM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1308
ThreadCreationTime : 5-23-2000 2:06:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1320
ThreadCreationTime : 5-23-2000 2:06:05 PM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:14 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 1692
ThreadCreationTime : 5-23-2000 2:06:13 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed Monitor
InternalName : AOL TopSpeed Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:15 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H1692
ProcessID : 1744
ThreadCreationTime : 5-23-2000 2:06:13 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed
CompanyName : America Online Inc
FileDescription : AOL TopSpeed
InternalName : AOL TopSpeed Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed
OriginalFilename : aoltpspd.exe
#:16 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1764
ThreadCreationTime : 5-23-2000 2:06:13 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:17 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1816
ThreadCreationTime : 5-23-2000 2:06:14 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:18 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe"
ProcessID : 1848
ThreadCreationTime : 5-23-2000 2:06:14 PM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:19 [scsiaccess.exe]
ModuleName : C:\WINDOWS\system32\ScsiAccess.EXE
Command Line : C:\WINDOWS\system32\ScsiAccess.EXE
ProcessID : 1908
ThreadCreationTime : 5-23-2000 2:06:14 PM
BasePriority : Normal
#:20 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 2012
ThreadCreationTime : 5-23-2000 2:06:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
#:21 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 172
ThreadCreationTime : 5-23-2000 2:06:15 PM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe
#:22 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 200
ThreadCreationTime : 5-23-2000 2:06:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
#:23 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 220
ThreadCreationTime : 5-23-2000 2:06:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:24 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 556
ThreadCreationTime : 5-23-2000 2:06:18 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:25 [wtoolss.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WToolsS.exe
Command Line : "C:\Program Files\Common Files\WinTools\WToolsS.exe"
ProcessID : 788
ThreadCreationTime : 5-23-2000 2:06:18 PM
BasePriority : Normal
#:26 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 948
ThreadCreationTime : 5-23-2000 2:06:18 PM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:27 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1960
ThreadCreationTime : 5-23-2000 2:06:20 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:28 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2148
ThreadCreationTime : 5-23-2000 2:06:22 PM
BasePriority : High
#:29 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe" -Embedding
ProcessID : 2412
ThreadCreationTime : 5-23-2000 2:06:27 PM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module
#:30 [mcagent.exe]
ModuleName : c:\program files\mcafee.com\agent\mcagent.exe
Command Line : "c:\program files\mcafee.com\agent\mcagent.exe" -Embedding
ProcessID : 2444
ThreadCreationTime : 5-23-2000 2:06:28 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe
#:31 [ezsp_px.exe]
ModuleName : C:\WINDOWS\system32\ezSP_Px.exe
Command Line : "C:\WINDOWS\system32\ezSP_Px.exe"
ProcessID : 2548
ThreadCreationTime : 5-23-2000 2:06:29 PM
BasePriority : Normal
#:32 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2668
ThreadCreationTime : 5-23-2000 2:06:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:33 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2676
ThreadCreationTime : 5-23-2000 2:06:30 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:34 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 2712
ThreadCreationTime : 5-23-2000 2:06:31 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:35 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe"
ProcessID : 2720
ThreadCreationTime : 5-23-2000 2:06:31 PM
BasePriority : Normal
FileVersion : 4.5.4.40
ProductVersion : 4.5.4.40
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall
#:36 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0\waol.exe
Command Line : "C:\Program Files\America Online 9.0\waol.exe" -b
ProcessID : 2764
ThreadCreationTime : 5-23-2000 2:06:31 PM
BasePriority : Normal
#:37 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 2768
ThreadCreationTime : 5-23-2000 2:06:31 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:38 [kmcktn.exe]
ModuleName : c:\windows\system32\kmcktn.exe
Command Line : "c:\windows\system32\kmcktn.exe" yzxbhzn
ProcessID : 2788
ThreadCreationTime : 5-23-2000 2:06:32 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:39 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3308
ThreadCreationTime : 5-23-2000 2:06:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:40 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -app
ProcessID : 3932
ThreadCreationTime : 5-23-2000 2:06:56 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe
#:41 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0\shellmon.exe"
ProcessID : 1116
ThreadCreationTime : 5-23-2000 2:07:28 PM
BasePriority : Normal
#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3548
ThreadCreationTime : 5-23-2000 2:12:22 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:43 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 4064
ThreadCreationTime : 5-23-2005 2:16:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:44 [svcproc.exe]
ModuleName : C:\WINDOWS\svcproc.exe
Command Line : C:\WINDOWS\svcproc.exe /i
ProcessID : 4016
ThreadCreationTime : 5-23-2005 2:16:41 PM
BasePriority : Normal
#:45 [thnall1a.exe]
ModuleName : C:\DOCUME~1\Mario\LOCALS~1\Temp\104.tmp\thnall1a.exe
Command Line : "C:\DOCUME~1\Mario\LOCALS~1\Temp\104.tmp\thnall1a.exe"
ProcessID : 1192
ThreadCreationTime : 5-23-2005 2:19:44 PM
BasePriority : Normal
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
#:46 [svcproc.exe]
ModuleName : C:\WINDOWS\svcproc.exe
Command Line : C:\WINDOWS\svcproc.exe /i
ProcessID : 2184
ThreadCreationTime : 5-23-2005 2:19:48 PM
BasePriority : Normal
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3d5OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1005\software\aurora
Value : AUL3a5stSSChckin
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 45
Objects found so far: 45
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mario@2o7[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 5-21-2010 4:56:22 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 46
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : File
Data : temp.frC44D
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Mario\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@adrevolver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@casalemedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : walter@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Walter\Cookies\walter@valueclick[2].txt
FizzleBar Object Recognized!
Type : File
Data : A0041491.dll
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Popup Blocker
CompanyName : Tyrsoft
InternalName : iefwbar
OriginalFilename : iefwbar.dll
WindUpdates Object Recognized!
Type : File
Data : A0041495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
BargainBuddy Object Recognized!
Type : File
Data : A0041497.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 8.0.3.6
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module
VX2 Object Recognized!
Type : File
Data : A0041503.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
SahAgent Object Recognized!
Type : File
Data : A0041504.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
VX2 Object Recognized!
Type : File
Data : A0041505.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 0, 4, 1, 3
ProductVersion : 0, 4, 1, 3
CompanyName : FarmMext
FileDescription : www.farmmext.com
LegalCopyright : Copyright © 2002
ImIServer IEPlugin Object Recognized!
Type : File
Data : A0041506.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
ImIServer IEPlugin Object Recognized!
Type : File
Data : A0041507.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL
ImIServer IEPlugin Object Recognized!
Type : File
Data : A0041508.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe
SahAgent Object Recognized!
Type : File
Data : A0041509.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2
SahAgent Object Recognized!
Type : File
Data : A0041510.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 3, 0, 0, 3
ProductVersion : 3, 0, 0, 3
DealHelper Object Recognized!
Type : File
Data : A0041511.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UnInstallKey Application
FileDescription : UnInstallKey MFC Application
InternalName : UnInstallKey
LegalCopyright : Copyright © 2003
OriginalFilename : UnInstallKey.EXE
SahAgent Object Recognized!
Type : File
Data : A0041512.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
begin2search Object Recognized!
Type : File
Data : A0041513.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
begin2search Object Recognized!
Type : File
Data : A0041514.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
begin2search Object Recognized!
Type : File
Data : A0041515.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 2, 8, 0, 0
ProductVersion : 2, 8, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCopyright : Copyright 2002
OriginalFilename : Winb2s32.DLL
begin2search Object Recognized!
Type : File
Data : A0041516.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP34\
FileVersion : 2, 8, 0, 0
ProductVersion : 2, 8, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCo