Logfile of HijackThis v1.99.1
Scan saved at 12:16:41 AM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Comcast\Security Manager\app\Prism.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\monitorbk.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\hhpsgi.exe
C:\Documents and Settings\Cynthia\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Security Manager Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\pmjmum.exe reg_run
O4 - HKLM\..\Run: [rs5g34U] cnvmp32.exe
O4 - HKLM\..\Run: [wnjovih] c:\windows\system32\hhpsgi.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [aBumRQY3V] cerwt.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINDOWS\system32\monitorbk.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: itkt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {914BAEA3-6E1B-49B0-BF6B-F90B7D145EF3} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {A2159FCF-5B8D-4208-A663-F3052335C611} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B150BC98-4DD4-43F4-8CB8-D9F5C1B8C9CD} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120962902187
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
MY EWIDO SECURITY REPORT:---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:29:55 PM, 7/9/2005
+ Report-Checksum: F9728FE0
+ Scan result:
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\rFu61OJXOLaK -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\rFuG1OJXOLaK -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Cynthia\Cookies\cynthia@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cynthia\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\cerwt.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
C:\WINDOWS\system32\cnvmp32.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\eliteojg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitexij32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\exiwdm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\nsq50.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\uvefcbun.exe -> Spyware.BookedSpace : Cleaned with backup
::Report End
MY ADAWARE LOG:
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 10, 2005 1:26:39 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R53 07.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin(TAC index:5):12 total references
MRU List(TAC index:0):8 total references
Other(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R53 07.07.2005
Internal build : 62
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 488774 Bytes
Total size : 1479419 Bytes
Signature data size : 1447409 Bytes
Reference data size : 31498 Bytes
Signatures total : 41230
CSI Fingerprints total : 943
CSI data size : 32889 Bytes
Target categories : 15
Target families : 704
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:32 %
Total physical memory:506288 kb
Available physical memory:161160 kb
Total page file size:792092 kb
Available on page file:517692 kb
Total virtual memory:2097024 kb
Available virtual memory:2038932 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-10-2005 1:26:39 AM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 456
ThreadCreationTime : 7-10-2005 2:23:00 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 512
ThreadCreationTime : 7-10-2005 2:23:03 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 536
ThreadCreationTime : 7-10-2005 2:23:03 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 580
ThreadCreationTime : 7-10-2005 2:23:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 592
ThreadCreationTime : 7-10-2005 2:23:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 756
ThreadCreationTime : 7-10-2005 2:23:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 808
ThreadCreationTime : 7-10-2005 2:23:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 964
ThreadCreationTime : 7-10-2005 2:23:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1012
ThreadCreationTime : 7-10-2005 2:23:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1120
ThreadCreationTime : 7-10-2005 2:23:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [curtainssyssvcnt.exe]
ModuleName : c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
Command Line : "c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe"
ProcessID : 1244
ThreadCreationTime : 7-10-2005 2:23:16 AM
BasePriority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.0
ProductName : Curtains for Windows
CompanyName : Authentium, Inc.
FileDescription : Curtains for Windows System Service Launcher (NT)
InternalName : CurtainsSysSvcNt
LegalCopyright : Copyright ©2002 Authentium, Inc.
LegalTrademarks : Curtains is a trademark of Authentium, Inc.
OriginalFilename : CurtainsSysSvcNt.exe
#:12 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1268
ThreadCreationTime : 7-10-2005 2:23:16 AM
BasePriority : Normal
FileVersion : 7.61.00.932
ProductVersion : 7.61.00.932
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:13 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1296
ThreadCreationTime : 7-10-2005 2:23:16 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:14 [pds.exe]
ModuleName : C:\WINDOWS\system32\cba\pds.exe
Command Line : C:\WINDOWS\system32\cba\pds.exe
ProcessID : 1376
ThreadCreationTime : 7-10-2005 2:23:21 AM
BasePriority : Normal
FileVersion : 6.12.0.71 E
ProductVersion : 6.12.0.71
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : PDS.EXE
#:15 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1400
ThreadCreationTime : 7-10-2005 2:23:21 AM
BasePriority : Normal
FileVersion : 7.61.00.932
ProductVersion : 7.61.00.932
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001
#:16 [tivobeacon.exe]
ModuleName : C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
Command Line : "C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"
ProcessID : 1516
ThreadCreationTime : 7-10-2005 2:23:25 AM
BasePriority : Normal
FileVersion : 1.2
ProductVersion : 2.0
ProductName : TiVo Desktop
CompanyName : TiVo Inc.
FileDescription : TiVo Beacon Service
InternalName : TiVoBeacon.exe
LegalCopyright : Copyright © 2003-2004 TiVo Inc.
LegalTrademarks : TiVo and TiVo Desktop are trademarks of TiVo Inc.
OriginalFilename : TiVoBeacon.exe
#:17 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1596
ThreadCreationTime : 7-10-2005 2:23:25 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:18 [xfr.exe]
ModuleName : C:\WINDOWS\system32\cba\xfr.exe
Command Line : C:\WINDOWS\system32\cba\xfr.exe
ProcessID : 1748
ThreadCreationTime : 7-10-2005 2:23:26 AM
BasePriority : Normal
FileVersion : 6.12.0.71 E
ProductVersion : 6.12.0.71
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : XFR.EXE
#:19 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 1804
ThreadCreationTime : 7-10-2005 2:23:26 AM
BasePriority : Normal
FileVersion : 6.12.0.71 E
ProductVersion : 6.12.0.71
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE
#:20 [prism.exe]
ModuleName : C:\Program Files\Comcast\Security Manager\app\Prism.exe
Command Line : "C:\Program Files\Comcast\Security Manager\app\Prism.exe"
ProcessID : 3452
ThreadCreationTime : 7-10-2005 2:25:39 AM
BasePriority : Normal
FileVersion : 1.60.0428
ProductVersion : 1.60.0428
ProductName : Comcast Security Manager
CompanyName : Comcast Cable Communications
FileDescription : Comcast Security Manager
InternalName : PRISM
LegalCopyright : Copyright ©2000-2004 Authentium, Inc.; Portions Copyright ©2004 Comcast Cable Communications
LegalTrademarks : Security Manager is a trademark of Comcast Cable Communications
OriginalFilename : PRISM.exe
#:21 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 3868
ThreadCreationTime : 7-10-2005 2:25:55 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:22 [igfxtray.exe]
ModuleName : C:\WINDOWS\System32\igfxtray.exe
Command Line : "C:\WINDOWS\System32\igfxtray.exe"
ProcessID : 1408
ThreadCreationTime : 7-10-2005 2:26:18 AM
BasePriority : Normal
FileVersion : 3,0,0,1992
ProductVersion : 7,0,0,1992
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:23 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 1428
ThreadCreationTime : 7-10-2005 2:26:18 AM
BasePriority : Normal
FileVersion : 3,0,0,1992
ProductVersion : 7,0,0,1992
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE
#:24 [apoint.exe]
ModuleName : C:\Program Files\Apoint2K\Apoint.exe
Command Line : "C:\Program Files\Apoint2K\Apoint.exe"
ProcessID : 1656
ThreadCreationTime : 7-10-2005 2:26:19 AM
BasePriority : Normal
FileVersion : 5.3.5.122
ProductVersion : 5.3.5.122
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:25 [cepmtray.exe]
ModuleName : C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
Command Line : "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
ProcessID : 1552
ThreadCreationTime : 7-10-2005 2:26:19 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : CeTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeTray MFC Application
InternalName : CeTray
LegalCopyright : Copyright 2002 Compal Electronic Inc.
OriginalFilename : CeTray.EXE
Comments : James Kang
#:26 [ceekey.exe]
ModuleName : C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
Command Line : "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
ProcessID : 2060
ThreadCreationTime : 7-10-2005 2:26:22 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 5
ProductVersion : 2, 0, 0, 5
ProductName : EKey Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TOSHIBA HotKey Utility
InternalName : E_Key
LegalCopyright : Copyright 2002 Compal Electronic Inc.
OriginalFilename : CeEKey.EXE
Comments : Eva Hung
#:27 [ltmoh.exe]
ModuleName : C:\Program Files\ltmoh\Ltmoh.exe
Command Line : "C:\Program Files\ltmoh\Ltmoh.exe"
ProcessID : 2764
ThreadCreationTime : 7-10-2005 2:27:04 AM
BasePriority : Normal
FileVersion : 1.68
ProductVersion : 1.68
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2002
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:28 [apntex.exe]
ModuleName : C:\Program Files\Apoint2K\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 2780
ThreadCreationTime : 7-10-2005 2:27:04 AM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:29 [tptray.exe]
ModuleName : C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
Command Line : "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
ProcessID : 2844
ThreadCreationTime : 7-10-2005 2:27:05 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : TPTray Application
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : TPTray Application
InternalName : TPTray
LegalCopyright : Copyright 2002 Compal Electronic Inc.
OriginalFilename : TPTray.EXE
Comments : Mei Hsu
#:30 [ndstray.exe]
ModuleName : C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
Command Line : "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
ProcessID : 2852
ThreadCreationTime : 7-10-2005 2:27:06 AM
BasePriority : Normal
FileVersion : 4, 0, 2, 314
ProductVersion : 1, 1, 4, 0
ProductName : ConfigFree Tray
CompanyName : TOSHIBA CORPORATION
FileDescription : ConfigFree Tray
InternalName : ndstray
LegalCopyright : Copyright 2002-2003 © TOSHIBA CORPORATION. All rights reserved.
OriginalFilename : NDSTray.exe
#:31 [pinger.exe]
ModuleName : C:\toshiba\ivp\ism\pinger.exe
Command Line : "C:\toshiba\ivp\ism\pinger.exe" /run
ProcessID : 2872
ThreadCreationTime : 7-10-2005 2:27:07 AM
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Pinger
InternalName : PINGER
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.
#:32 [vptray.exe]
ModuleName : C:\Program Files\NavNT\vptray.exe
Command Line : "C:\Program Files\NavNT\vptray.exe"
ProcessID : 2900
ThreadCreationTime : 7-10-2005 2:27:08 AM
BasePriority : Normal
FileVersion : 7.61.00.932
ProductVersion : 7.61.00.932
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001
#:33 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 3016
ThreadCreationTime : 7-10-2005 2:27:10 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:34 [tgcmd.exe]
ModuleName : C:\Program Files\Support.com\bin\tgcmd.exe
Command Line : "C:\Program Files\Support.com\bin\tgcmd.exe" /server
ProcessID : 3024
ThreadCreationTime : 7-10-2005 2:27:10 AM
BasePriority : Normal
FileVersion : 5,5,214,0
ProductVersion : 5,5,214,0
ProductName : ComcastSUPPORT / Support.com Agent
CompanyName : Support.com, Inc.
FileDescription : ComcastSUPPORT / Support.com Agent
InternalName : TGCMD
LegalCopyright : Copyright 1997-2069 Support.com
OriginalFilename : TGCMD.EXE
#:35 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 3044
ThreadCreationTime : 7-10-2005 2:27:10 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:36 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3892
ThreadCreationTime : 7-10-2005 2:27:36 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:37 [tivotransfer.exe]
ModuleName : C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
Command Line : "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
ProcessID : 3984
ThreadCreationTime : 7-10-2005 2:27:40 AM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 2.0
ProductName : TiVo Desktop
CompanyName : TiVo Inc.
FileDescription : TiVo Transfer Service
InternalName : TiVoTransfer.exe
LegalCopyright : Copyright © 2003-2004 TiVo Inc.
LegalTrademarks : TiVo and TiVo Desktop are trademarks of TiVo Inc.
OriginalFilename : TiVoTransfer.exe
#:38 [tivoserver.exe]
ModuleName : C:\Program Files\TiVo\Desktop\TiVoServer.exe
Command Line : "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
ProcessID : 4088
ThreadCreationTime : 7-10-2005 2:27:46 AM
BasePriority : Normal
FileVersion : 1.1
ProductVersion : 2.0
ProductName : TiVo Desktop
CompanyName : TiVo Inc.
FileDescription : TiVo Server
InternalName : TiVoServer.exe
LegalCopyright : Copyright © 2003-2004 TiVo Inc.
LegalTrademarks : TiVo and TiVo Desktop are trademarks of TiVo Inc.
OriginalFilename : TiVoServer.exe
#:39 [monitorbk.exe]
ModuleName : C:\WINDOWS\system32\monitorbk.exe
Command Line : "C:\WINDOWS\system32\monitorbk.exe"
ProcessID : 412
ThreadCreationTime : 7-10-2005 2:27:54 AM
BasePriority : Normal
FileVersion : 3, 1, 4, 23
ProductVersion : 3, 1, 4, 23
ProductName : Wireless LAN Monitor Utility
CompanyName : Belkin Components
FileDescription : Wireless LAN Monitor Utility
InternalName : monitorbk.exe
LegalCopyright : Copyright © 2002 Belkin Components
LegalTrademarks : Belkin Components
OriginalFilename : monitorbk.exe
Comments : Wireless LAN Monitor Utility
#:40 [mfindexer.exe]
ModuleName : C:\Corel\Graphics8\Programs\MFIndexer.exe
Command Line : "C:\Corel\Graphics8\Programs\MFIndexer.exe"
ProcessID : 180
ThreadCreationTime : 7-10-2005 2:27:56 AM
BasePriority : Normal
FileVersion : 8.232
ProductVersion : 8.232
ProductName : CorelDRAW
CompanyName : Corel Corporation
FileDescription : Utility which indexes Corel Media Folders
InternalName : Corel Media Indexer
LegalCopyright : Copyright © 1988-1997 Corel Corporation.
LegalTrademarks : CorelDRAW
OriginalFilename : MFIndexer.exe
#:41 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3356
ThreadCreationTime : 7-10-2005 2:29:58 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
ImIServer IEPlugin Object Recognized!
Type : Process
Data : systb.dll
TAC Rating : 5
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! ImIServer IEPlugin Object found in memory(C:\WINDOWS\systb.dll)
"C:\Program Files\Internet Explorer\iexplore.exe"Process terminated successfully
#:42 [hhpsgi.exe]
ModuleName : c:\windows\system32\hhpsgi.exe
Command Line : c:\windows\system32\hhpsgi.exe okwgnvf p
ProcessID : 3288
ThreadCreationTime : 7-10-2005 2:33:29 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0
#:43 [dnpaevhjq.exe]
ModuleName : C:\WINDOWS\dnpaevhjq.exe
Command Line : C:\WINDOWS\dnpaevhjq.exe /RunExe "<hr>ServerName: qs15<br>Current Date: Sun Jul 10 00:24:46 EDT 2005<br><hr><b>General Configuration Pairs</b>
<br>
status=1
<br>
configcode=440
<br>
<br>
<br><b>Context Adds and Deletes</b>
<br>
<br>
<br><b>Window Control Pairs
ProcessID : 3864
ThreadCreationTime : 7-10-2005 4:24:45 AM
BasePriority : Normal
FileVersion : 1.0.2.8
ProductVersion : 1.0.2.8
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Aurora
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue
#:44 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1164
ThreadCreationTime : 7-10-2005 5:24:29 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 8
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
MRU List Object Recognized!
Location: : C:\Documents and Settings\Cynthia\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-593682664-266860046-1250882611-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Cynthia\Cookies\[email protected][1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 17
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : File
Data : systb.dll_tobedeleted
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL
VX2 Object Recognized!
Type : File
Data : DrPMon.dll_tobedeleted
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
ImIServer IEPlugin Object Recognized!
Type : File
Data : tdtb.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 20
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove
ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}
ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : VX2
Object : C:\DOCUME~1\Cynthia\LOCALS~1\Temp\DrTemp
Other Object Recognized!
Type : File
Data : TDTB.EXE-0D7D8A8D.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 26
1:37:59 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:19.360
Objects scanned:120159
Objects identified:18
Objects ignored:0
New critical objects:18
MY SPYBOT REPORT:
--- Search result list ---
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 122880
MD5: 463cc20884829898b493172fc23c9923
Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 483394
MD5: 9d5b59dad83d8d90ad551224bb803dd2
Located: HK_LM:Run, CeEKEY
command: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
file: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
size: 561152
MD5: 2516e6bc0700dd3e5b5b3d1d7c29a396
Located: HK_LM:Run, CeEPOWER
command: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
file: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
size: 102400
MD5: 04d091dcfe01f7ad8e9fb971beff4add
Located: HK_LM:Run, ComcastSUPPORT
command: C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
file:
Located: HK_LM:Run, HotKeysCmds
command: