Logfile Created on:Thursday, May 26, 2005 8:00:05 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
404search(TAC index:5):1 total references
BookedSpace(TAC index:10):15 total references
BrowserAid(TAC index:6):3 total references
DownloadWare(TAC index:8):1 total references
DyFuCA(TAC index:3):1 total references
Ebates MoneyMaker(TAC index:4):3 total references
IBIS Toolbar(TAC index:5):14 total references
ImIServer IEPlugin(TAC index:5):2 total references
istbar(TAC index:7):5 total references
Lop(TAC index:7):1 total references
MediaMotor(TAC index:8):30 total references
PeopleOnPage(TAC index:9):1 total references
Possible Browser Hijack attempt(TAC index:3):10 total references
Roings(TAC index:8):4 total references
SurfSideKickBHO(TAC index:7):3 total references
SysWeb-Telecom Dialer(TAC index:5):2 total references
TopMoxie(TAC index:3):3 total references
Tracking Cookie(TAC index:3):27 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):87 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:54 %
Total physical memory:490992 kb
Available physical memory:260552 kb
Total page file size:757240 kb
Available on page file:500428 kb
Total virtual memory:2097024 kb
Available virtual memory:2035880 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-26-2005 8:00:05 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 540
ThreadCreationTime : 5-27-2005 2:03:09 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 580
ThreadCreationTime : 5-27-2005 2:03:10 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 604
ThreadCreationTime : 5-27-2005 2:03:10 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 652
ThreadCreationTime : 5-27-2005 2:03:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 664
ThreadCreationTime : 5-27-2005 2:03:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 828
ThreadCreationTime : 5-27-2005 2:03:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 880
ThreadCreationTime : 5-27-2005 2:03:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 952
ThreadCreationTime : 5-27-2005 2:03:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1016
ThreadCreationTime : 5-27-2005 2:03:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1132
ThreadCreationTime : 5-27-2005 2:03:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1272
ThreadCreationTime : 5-27-2005 2:03:14 AM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1308
ThreadCreationTime : 5-27-2005 2:03:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"
ProcessID : 1680
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed Monitor
InternalName : AOL TopSpeed Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:14 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
Command Line : -p11526 -q"11527,11528,11529,11530,11531,11532,11533" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\vph.ph" -H1680
ProcessID : 1728
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed
CompanyName : America Online Inc
FileDescription : AOL TopSpeed
InternalName : AOL TopSpeed Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed
OriginalFilename : aoltpspd.exe
#:15 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1748
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:16 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1792
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:17 [mpfservice.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe"
ProcessID : 1832
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:18 [scsiaccess.exe]
ModuleName : C:\WINDOWS\system32\ScsiAccess.EXE
Command Line : C:\WINDOWS\system32\ScsiAccess.EXE
ProcessID : 1908
ThreadCreationTime : 5-27-2005 2:03:23 AM
BasePriority : Normal
#:19 [tcpsvcs.exe]
ModuleName : C:\WINDOWS\System32\tcpsvcs.exe
Command Line : C:\WINDOWS\System32\tcpsvcs.exe
ProcessID : 2004
ThreadCreationTime : 5-27-2005 2:03:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE
#:20 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 152
ThreadCreationTime : 5-27-2005 2:03:24 AM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe
#:21 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 180
ThreadCreationTime : 5-27-2005 2:03:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe
#:22 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 204
ThreadCreationTime : 5-27-2005 2:03:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:23 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 276
ThreadCreationTime : 5-27-2005 2:03:27 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:24 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 572
ThreadCreationTime : 5-27-2005 2:03:27 AM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:25 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1556
ThreadCreationTime : 5-27-2005 2:03:31 AM
BasePriority : High
#:26 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2052
ThreadCreationTime : 5-27-2005 2:03:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3292
ThreadCreationTime : 5-27-2005 2:05:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1896
ThreadCreationTime : 5-27-2005 2:45:20 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:29 [ezsp_px.exe]
ModuleName : C:\WINDOWS\system32\ezSP_Px.exe
Command Line : "C:\WINDOWS\system32\ezSP_Px.exe"
ProcessID : 3920
ThreadCreationTime : 5-27-2005 2:45:26 AM
BasePriority : Normal
#:30 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 3020
ThreadCreationTime : 5-27-2005 2:45:26 AM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe
#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2884
ThreadCreationTime : 5-27-2005 2:45:27 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:32 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 2280
ThreadCreationTime : 5-27-2005 2:45:29 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:33 [mpftray.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe"
ProcessID : 2560
ThreadCreationTime : 5-27-2005 2:45:30 AM
BasePriority : Normal
FileVersion : 4.5.4.40
ProductVersion : 4.5.4.40
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall
#:34 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 2540
ThreadCreationTime : 5-27-2005 2:45:30 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:35 [wupdt.exe]
ModuleName : C:\WINDOWS\wupdt.exe
Command Line : "C:\WINDOWS\wupdt.exe"
ProcessID : 3132
ThreadCreationTime : 5-27-2005 2:45:30 AM
BasePriority : Normal
#:36 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\lexpps.exe
Command Line : "C:\WINDOWS\system32\lexpps.exe"
ProcessID : 360
ThreadCreationTime : 5-27-2005 2:45:30 AM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:37 [dcvvrf.exe]
ModuleName : c:\windows\system32\dcvvrf.exe
Command Line : "c:\windows\system32\dcvvrf.exe" yzgmzh
ProcessID : 1352
ThreadCreationTime : 5-27-2005 2:45:30 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:38 [waol.exe]
ModuleName : C:\Program Files\America Online 9.0\waol.exe
Command Line : "C:\Program Files\America Online 9.0\waol.exe" -b
ProcessID : 4040
ThreadCreationTime : 5-27-2005 2:45:32 AM
BasePriority : Normal
#:39 [mpfagent.exe]
ModuleName : C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
Command Line : "C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe" -Embedding
ProcessID : 2172
ThreadCreationTime : 5-27-2005 2:45:36 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module
#:40 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -app
ProcessID : 3860
ThreadCreationTime : 5-27-2005 2:45:53 AM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe
#:41 [avertv2k.exe]
ModuleName : C:\AVERTV2K\AVerTV2K.exe
Command Line : "C:\AVERTV2K\AVerTV2K.exe"
ProcessID : 3508
ThreadCreationTime : 5-27-2005 2:46:02 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 8
ProductVersion : 4, 0, 0, 0
ProductName : AVerMedia TV Series
CompanyName : AVerMedia TECHNOLOGIES, Inc.
FileDescription : AVerMedia TV Series Application for WDM Driver
InternalName : AVerMedia TV Series
LegalCopyright : Copyright © 2001
LegalTrademarks : AVerMedia
OriginalFilename : AVerTV2K.EXE
Comments : Multi Language Version
#:42 [shellmon.exe]
ModuleName : C:\Program Files\America Online 9.0\shellmon.exe
Command Line : "C:\Program Files\America Online 9.0\shellmon.exe"
ProcessID : 2420
ThreadCreationTime : 5-27-2005 2:46:10 AM
BasePriority : Normal
#:43 [aurareco.exe]
ModuleName : C:\DOCUME~1\Mario\LOCALS~1\Temp\THO\aurareco.exe
Command Line : C:\DOCUME~1\Mario\LOCALS~1\Temp\THO\aurareco.exe
ProcessID : 3864
ThreadCreationTime : 5-27-2005 2:51:49 AM
BasePriority : Normal
FileVersion : 2, 0, 2, 2
ProductVersion : 2, 0, 2, 2
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
#:44 [wupdt.exe]
ModuleName : C:\DOCUME~1\Mario\LOCALS~1\Temp\wupdt.exe
Command Line : C:\DOCUME~1\Mario\LOCALS~1\Temp\wupdt.exe
ProcessID : 3480
ThreadCreationTime : 5-27-2005 2:51:59 AM
BasePriority : Normal
#:45 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2552
ThreadCreationTime : 5-27-2005 2:55:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:46 [svcproc.exe]
ModuleName : C:\WINDOWS\svcproc.exe
Command Line : C:\WINDOWS\svcproc.exe /i
ProcessID : 3792
ThreadCreationTime : 5-27-2005 2:55:53 AM
BasePriority : Normal
#:47 [thnall1a.exe]
ModuleName : C:\DOCUME~1\Mario\LOCALS~1\Temp\125.tmp\thnall1a.exe
Command Line : "C:\DOCUME~1\Mario\LOCALS~1\Temp\125.tmp\thnall1a.exe"
ProcessID : 3032
ThreadCreationTime : 5-27-2005 2:58:51 AM
BasePriority : Normal
FileVersion : 2, 0, 2, 0
ProductVersion : 2, 0, 2, 0
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
#:48 [svcproc.exe]
ModuleName : C:\WINDOWS\svcproc.exe
Command Line : C:\WINDOWS\svcproc.exe /i
ProcessID : 3384
ThreadCreationTime : 5-27-2005 2:58:58 AM
BasePriority : Normal
#:49 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3900
ThreadCreationTime : 5-27-2005 2:59:25 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
404search Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\search404
BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
Value : lsrchci
BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}
Value : upt
DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\downloadware
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\avenue media
Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\ebates
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\ebates
Value :
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\ebates
Value : Contexts
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hminlzz2ym5hx3rk4irx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : a4ix
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : alk3hm
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : 4irx2y4mnrk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hrl4nyirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hr8g8kmi4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hrhrirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hrhrirlx2j25s
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : hrjy3ralsr4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : rmhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\wintools
Value : rmli
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\istbar
Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\winactive\basic
MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYI2d3OfSInst
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYC2n3trMsgSDisp
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2o3pListSPos
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYs2t3icky1S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYs2t3icky2S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYs2t3icky3S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYs2t3icky4S
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYC1o2d3eOfSFinalAd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2i3m4eOfSFinalAd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYD2s3tSSEnd
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PY2N3a4tionSCode
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYP2D3om
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2h3rshSCheckSIn
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2h3rshSMots
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYM2o3deSSync
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYI2n3ProgSCab
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYI2n3ProgSEx
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYI2n3ProgSLstest
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYL2a3stMotsSDay
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYL2a3stSSChckin
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYB2D3om
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYE2v3nt
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2h3rshSBath
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYT2h3rshSysSInf
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYL2n3Title
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYC2u3rrentSMode
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYC2n3tFyl
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYI2g3noreS
MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\pynix
Value : PYS2t3atusOfSInst
PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\apropos
SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\surfsidekick2
SysWeb-Telecom Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\syswebtelecom
TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\web rebates
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\web rebates
Value :
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\microsoft\internet explorer\menuext\web rebates
Value : Contexts
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
Value : BLI9d1OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
Value : BLC9n1trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
Value : BLT9o1pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
Value : BLs9t1icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3523012749-4179063357-749928589-1008\software\bolger
Value : BLs9t1icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :