Ad-Aware SE Build 1.05
Logfile Created on:2005”N6ŒŽ3“ú 11:51:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):7 total references
Tracking Cookie(TAC index:3):4 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2005-06-03 11:51:08 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 940
ThreadCreationTime : 2005-06-02 20:39:35
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1060
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1412
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1720
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1956
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
"C:\WINDOWS\system32\spoolsv.exe"Process terminated successfully
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 368
ThreadCreationTime : 2005-06-02 20:39:40
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 684
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:14 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 712
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 2, 0, 5, 0
ProductVersion : 2, 0, 5, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002
OriginalFilename : DVDRAMSV.EXE
#:15 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 740
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe
#:16 [navapsvc.exe]
FilePath : C:\Program Files\Norton\Norton AntiVirus\
ProcessID : 764
ThreadCreationTime : 2005-06-02 20:41:55
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:17 [nprotect.exe]
FilePath : C:\Program Files\Norton\Norton Utilities\
ProcessID : 788
ThreadCreationTime : 2005-06-02 20:41:55
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE
#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 2005-06-02 20:41:56
BasePriority : Normal
FileVersion : 6.13.10.3648
ProductVersion : 6.13.10.3648
ProductName : NVIDIA Driver Helper Service, Version 36.48
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 36.48
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal
#:20 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1468
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal
FileVersion : 3, 2, 5, 0
ProductVersion : 3, 2, 5, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:21 [nopdb.exe]
FilePath : C:\PROGRA~1\Norton\SPEEDD~1\
ProcessID : 1500
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll
#:22 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1576
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe
#:23 [tmesrv31.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1664
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 3, 1, 32, 0
ProductVersion : 3, 1, 32, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TOSHIBA MobileExtension Service
InternalName : TMESRV3
LegalCopyright : TOSHIBA Copyright © 1999-2001
OriginalFilename : TMESRV3.exe
#:24 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1836
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:25 [00thotkey.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 2005-06-02 20:55:39
BasePriority : Normal
FileVersion : 1, 0, 0, 20
ProductVersion : 6, 0, 2, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2003
OriginalFilename : THotkey.exe
#:26 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 672
ThreadCreationTime : 2005-06-02 20:55:42
BasePriority : Normal
FileVersion : 6.0.1.159
ProductVersion : 6.0.1.159
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:27 [toshkcw.exe]
FilePath : C:\Program Files\TOSHIBA\Wireless Hotkey\
ProcessID : 1436
ThreadCreationTime : 2005-06-02 20:55:42
BasePriority : Normal
FileVersion : 2, 1, 0, 1
ProductVersion : 2, 1, 0, 0
ProductName : Wireless Hotkey
CompanyName : TOSHIBA CORPORATION
FileDescription : Wireless Hotkey
InternalName : Wireless Hotkey EXE
LegalCopyright : Copyright © 2001-2002 TOSHIBA CORPORATION
LegalTrademarks : Copyright © 2001-2002 TOSHIBA CORPORATION
OriginalFilename : TosHKCW.EXE
Comments : Wireless Hotkey
#:28 [tpwrtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 236
ThreadCreationTime : 2005-06-02 20:55:43
BasePriority : Normal
FileVersion : 6.00.21
ProductVersion : 6.00.01
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2002 TOSHIBA Corporation.
OriginalFilename : Tpwrtray.exe
Comments : TOSHIBA Power Saver
#:29 [tfncky.exe]
FilePath : C:\Program Files\Toshiba\TOSHIBA Controls\
ProcessID : 1748
ThreadCreationTime : 2005-06-02 20:55:47
BasePriority : Normal
FileVersion : 2.04.06
ProductVersion : 2.04.06
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE
#:30 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1608
ThreadCreationTime : 2005-06-02 20:55:48
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:31 [tmerzctl.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1592
ThreadCreationTime : 2005-06-02 20:55:49
BasePriority : Normal
FileVersion : 1, 0, 2, 8
ProductVersion : 1, 0, 2, 8
ProductName : TOSHIBA TMERzCtl
CompanyName : TOSHIBA
FileDescription : TMERzCtl
InternalName : TMERzCtl
LegalCopyright : Copyright © 2001
OriginalFilename : TMERzCtl.exe
#:32 [tmeejme.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 592
ThreadCreationTime : 2005-06-02 20:55:50
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TMEEJME
InternalName : TMEEJME
LegalCopyright : TOSHIBA Copyright © 2002
OriginalFilename : TMEEJME.exe
#:33 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 308
ThreadCreationTime : 2005-06-02 20:55:50
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe
#:34 [tedtray.exe]
FilePath : C:\Program Files\TOSHIBA\DualPointUtility\
ProcessID : 932
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : TOSHIBA DualPoint Utility
CompanyName : TOSHIBA
FileDescription : TOSHIBA DualPoint Utility Main Module
InternalName : TEDTray
LegalCopyright : Copyright© TOSHIBA Corp. 2002
OriginalFilename : TEDTray
#:35 [tfnf5.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 968
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices
#:36 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 276
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal
#:37 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1996
ThreadCreationTime : 2005-06-02 20:55:57
BasePriority : Normal
FileVersion : 1.00.104
ProductVersion : 1.00.104
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:38 [prismsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2088
ThreadCreationTime : 2005-06-02 20:56:02
BasePriority : Normal
FileVersion : 1.01.16
ProductVersion : 1.01.16.0018
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright © 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)
#:39 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 2120
ThreadCreationTime : 2005-06-02 20:56:03
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering
#:40 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2272
ThreadCreationTime : 2005-06-02 20:56:06
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:41 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2296
ThreadCreationTime : 2005-06-02 20:56:06
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:42 [dfzfpyr.exe]
FilePath : c:\windows\system32\
ProcessID : 2376
ThreadCreationTime : 2005-06-02 20:56:08
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:43 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 3040
ThreadCreationTime : 2005-06-02 20:56:12
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:44 [prismcfg.exe]
FilePath : C:\Program Files\2Wire 802.11g Wireless\
ProcessID : 3052
ThreadCreationTime : 2005-06-02 20:56:13
BasePriority : Normal
FileVersion : 1.01.17
ProductVersion : 1.01.17.0025
ProductName : Wireless Client
CompanyName : 2Wire Inc.
FileDescription : Wireless Card Utility
InternalName : PRISMCFG.exe
LegalCopyright : Copyright © 2004, 2Wire Inc.
OriginalFilename : PRISMCFG.exe
Comments : 2Wire Inc. (www.2wire.com)
#:45 [ivpsvmgr.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 2652
ThreadCreationTime : 2005-06-02 20:58:57
BasePriority : Normal
FileVersion : 3.5.3.1
ProductVersion : 3.5
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : IVPSVMGR.EXE
#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3860
ThreadCreationTime : 2005-06-03 15:09:37
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2760
ThreadCreationTime : 2005-06-03 15:49:17
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUS3t5atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stSSChckin
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 31
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : UninstallString
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 38
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2010-06-02 10:35:36
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:meghan [email protected]/
Expires : 2006-07-25 3:16:40
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:meghan [email protected]/
Expires : 2009-12-31 20:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@realmedia[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2020-12-31 20:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 42
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 47
11:56:59 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:50.982
Objects scanned:112097
Objects identified:46
Objects ignored:0
New critical objects:46