Logfile of HijackThis v1.99.1
Scan saved at 9:33:07 PM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\ahcbh\rifjax.exe
C:\WINDOWS\System32\uskg\nbrdtv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\etb\pokapoka69.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\winCMAPP\wincmapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clicktoma...rch.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\rwqnr.exe
O4 - HKLM\..\Run: [oi6a2ipb] C:\Program Files\oi6a2ipb\oi6a2ipb.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [rifjax] C:\WINDOWS\System32\ahcbh\rifjax.exe
O4 - HKLM\..\Run: [nbrdtv] C:\WINDOWS\System32\uskg\nbrdtv.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://67.21.111.170/Remote/msrdp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
I also have my Adaware log from the other day:
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 14, 2005 8:09:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R65 08.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClearSearch(TAC index:7):22 total references
Malware.Psguard(TAC index:7):51 total references
MRU List(TAC index:0):1 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R65 08.09.2005
Internal build : 76
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 518006 Bytes
Total size : 1558638 Bytes
Signature data size : 1525452 Bytes
Reference data size : 32674 Bytes
Signatures total : 43368
CSI Fingerprints total : 1037
CSI data size : 36930 Bytes
Target categories : 15
Target families : 745
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:16 %
Total physical memory:261040 kb
Available physical memory:39576 kb
Total page file size:640852 kb
Available on page file:223692 kb
Total virtual memory:2097024 kb
Available virtual memory:2037080 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
9-14-2005 8:09:36 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 776
ThreadCreationTime : 9-15-2005 12:00:41 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 836
ThreadCreationTime : 9-15-2005 12:00:45 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 860
ThreadCreationTime : 9-15-2005 12:00:47 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 904
ThreadCreationTime : 9-15-2005 12:00:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 916
ThreadCreationTime : 9-15-2005 12:00:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 1092
ThreadCreationTime : 9-15-2005 12:00:53 AM
BasePriority : Normal
#:7 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1144
ThreadCreationTime : 9-15-2005 12:00:55 AM
BasePriority : Normal
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1196
ThreadCreationTime : 9-15-2005 12:00:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1348
ThreadCreationTime : 9-15-2005 12:00:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [s24evmon.exe]
ModuleName : C:\WINDOWS\System32\S24EvMon.exe
Command Line : C:\WINDOWS\System32\S24EvMon.exe
ProcessID : 1440
ThreadCreationTime : 9-15-2005 12:00:57 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe
#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1640
ThreadCreationTime : 9-15-2005 12:01:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1704
ThreadCreationTime : 9-15-2005 12:01:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 348
ThreadCreationTime : 9-15-2005 12:01:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [fpavupdm.exe]
ModuleName : C:\Program Files\FSI\F-Prot\fpavupdm.exe
Command Line : "C:\Program Files\FSI\F-Prot\fpavupdm.exe"
ProcessID : 696
ThreadCreationTime : 9-15-2005 12:01:12 AM
BasePriority : Normal
FileVersion : 1, 6, 0, 0
ProductVersion : 1, 6, 0, 0
ProductName : F-Prot Antivirus Update Monitor
CompanyName : FRISK Software
FileDescription : F-Prot Antivirus Update Monitor
InternalName : fpavupdm
LegalCopyright : Copyright © 2004
OriginalFilename : fpavupdm.exe
#:15 [rrpcsb.exe]
ModuleName : C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
Command Line : "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
ProcessID : 720
ThreadCreationTime : 9-15-2005 12:01:13 AM
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE
#:16 [regsrvc.exe]
ModuleName : C:\WINDOWS\System32\RegSrvc.exe
Command Line : C:\WINDOWS\System32\RegSrvc.exe
ProcessID : 796
ThreadCreationTime : 9-15-2005 12:01:14 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE
#:17 [intel32.exe]
ModuleName : C:\WINDOWS\System32\intel32.exe
Command Line : intel32.exe (null)
ProcessID : 1088
ThreadCreationTime : 9-15-2005 12:01:15 AM
BasePriority : Normal
#:18 [tpkmpsvc.exe]
ModuleName : C:\WINDOWS\system32\TpKmpSVC.exe
Command Line : C:\WINDOWS\system32\TpKmpSVC.exe
ProcessID : 1504
ThreadCreationTime : 9-15-2005 12:01:18 AM
BasePriority : Normal
#:19 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1628
ThreadCreationTime : 9-15-2005 12:01:19 AM
BasePriority : Normal
#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1788
ThreadCreationTime : 9-15-2005 12:01:19 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:21 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 460
ThreadCreationTime : 9-15-2005 12:01:29 AM
BasePriority : Normal
FileVersion : 7.5.17.8 19Nov03
ProductVersion : 7.5.17.8 19Nov03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe
#:22 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 484
ThreadCreationTime : 9-15-2005 12:01:29 AM
BasePriority : Normal
FileVersion : 7.5.17.8 19Nov03
ProductVersion : 7.5.17.8 19Nov03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe
#:23 [tpshocks.exe]
ModuleName : C:\WINDOWS\System32\TpShocks.exe
Command Line : "C:\WINDOWS\System32\TpShocks.exe"
ProcessID : 988
ThreadCreationTime : 9-15-2005 12:01:31 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : n/a TpShocks
CompanyName : IBM Corp.
FileDescription : IBM Active Protection System
InternalName : TpShocks
LegalCopyright : Copyright © IBM Corp. 2003-2004
OriginalFilename : TpShocks.exe
#:24 [tphkmgr.exe]
ModuleName : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
Command Line : "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
ProcessID : 1252
ThreadCreationTime : 9-15-2005 12:01:32 AM
BasePriority : Normal
#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
ProcessID : 1292
ThreadCreationTime : 9-15-2005 12:01:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:26 [ezejmnap.exe]
ModuleName : C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
Command Line : "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
ProcessID : 1472
ThreadCreationTime : 9-15-2005 12:01:35 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright © IBM Corp. 2002,2004.
OriginalFilename : EzEjMnAp.EXE
#:27 [tponscr.exe]
ModuleName : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
Command Line : "C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe"
ProcessID : 1608
ThreadCreationTime : 9-15-2005 12:01:36 AM
BasePriority : Normal
#:28 [tpscrex.exe]
ModuleName : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
Command Line : "C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe"
ProcessID : 972
ThreadCreationTime : 9-15-2005 12:01:37 AM
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright © 2000, IBM Corporation
OriginalFilename : TpScrEx.exe
#:29 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1988
ThreadCreationTime : 9-15-2005 12:01:38 AM
BasePriority : Normal
FileVersion : 1.04.07a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions
#:30 [ibmprc.exe]
ModuleName : C:\IBMTOOLS\UTILS\ibmprc.exe
Command Line : "C:\IBMTOOLS\UTILS\ibmprc.exe"
ProcessID : 2008
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright © 2004 IBM
OriginalFilename : ibmprc.exe
#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDll32.exe
Command Line : "C:\WINDOWS\System32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
ProcessID : 2020
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:32 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 1160
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
#:33 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 216
ThreadCreationTime : 9-15-2005 12:01:40 AM
BasePriority : Normal
FileVersion : 6.3
ProductVersion : QuickTime 6.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:34 [f-sched.exe]
ModuleName : C:\Program Files\FSI\F-Prot\F-Sched.exe
Command Line : "C:\Program Files\FSI\F-Prot\F-Sched.exe" STARTUP
ProcessID : 236
ThreadCreationTime : 9-15-2005 12:01:41 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Scheduler for F-Prot for Windows
CompanyName : FRISK Software International
FileDescription : Scheduler - Windows application
InternalName : F-Scheduler
LegalCopyright : Copyright © 1999 - 2004
OriginalFilename : F-Scheduler.exe
Comments : Scheduler for F-Prot for Windows - FRISK Software International
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\FSI\F-Prot\F-Sched.exe"Process terminated successfully
#:35 [f-stopw.exe]
ModuleName : C:\Program Files\FSI\F-Prot\F-StopW.EXE
Command Line : "C:\Program Files\FSI\F-Prot\F-StopW.EXE"
ProcessID : 160
ThreadCreationTime : 9-15-2005 12:01:41 AM
BasePriority : Normal
FileVersion : 3.16C
ProductVersion : 3.16C
ProductName : F-StopW NT/2000/XP
CompanyName : Frisk Software International
FileDescription : F-StopW Version 3.16C
InternalName : F-StopW
LegalCopyright : Copyright © 2005 Frisk Software International
OriginalFilename : F-StopW.EXE
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\FSI\F-Prot\F-StopW.EXE"Process terminated successfully
#:36 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
ProcessID : 276
ThreadCreationTime : 9-15-2005 12:01:42 AM
BasePriority : Normal
#:37 [oi6a2ipb.exe]
ModuleName : C:\Program Files\oi6a2ipb\oi6a2ipb.exe
Command Line : "C:\Program Files\oi6a2ipb\oi6a2ipb.exe"
ProcessID : 520
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3
#:38 [picasamediadetector.exe]
ModuleName : C:\Program Files\Picasa2\PicasaMediaDetector.exe
Command Line : "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
ProcessID : 560
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\Picasa2\PicasaMediaDetector.exe"Process terminated successfully
#:39 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
ProcessID : 604
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
Warning! "C:\WINDOWS\System32\rundll32.exe"Process could not be terminated!
#:40 [apisvc.exe]
ModuleName : C:\WINDOWS\System32\apisvc.exe
Command Line : "C:\WINDOWS\System32\apisvc.exe"
ProcessID : 632
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal
#:41 [apisvc.exe]
ModuleName : C:\WINDOWS\System32\apisvc.exe
Command Line : k33pm3
ProcessID : 1308
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal
#:42 [sqwwy.exe]
ModuleName : C:\WINDOWS\System32\pkymot\sqwwy.exe
Command Line : "C:\WINDOWS\System32\pkymot\sqwwy.exe"
ProcessID : 1328
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal
#:43 [rifjax.exe]
ModuleName : C:\WINDOWS\System32\ahcbh\rifjax.exe
Command Line : "C:\WINDOWS\System32\ahcbh\rifjax.exe"
ProcessID : 336
ThreadCreationTime : 9-15-2005 12:01:45 AM
BasePriority : Normal
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\WINDOWS\System32\ahcbh\rifjax.exe"Process terminated successfully
#:44 [ktirhl.exe]
ModuleName : C:\WINDOWS\System32\ypkobei\ktirhl.exe
Command Line : "C:\WINDOWS\System32\ypkobei\ktirhl.exe"
ProcessID : 1444
ThreadCreationTime : 9-15-2005 12:01:47 AM
BasePriority : Normal
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\WINDOWS\System32\ypkobei\ktirhl.exe"Process terminated successfully
#:45 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 908
ThreadCreationTime : 9-15-2005 12:01:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:46 [nbrdtv.exe]
ModuleName : C:\WINDOWS\System32\uskg\nbrdtv.exe
Command Line : "C:\WINDOWS\System32\uskg\nbrdtv.exe"
ProcessID : 2204
ThreadCreationTime : 9-15-2005 12:01:57 AM
BasePriority : Normal
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\WINDOWS\System32\uskg\nbrdtv.exe"Process terminated successfully
#:47 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2276
ThreadCreationTime : 9-15-2005 12:02:01 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\Messenger\msmsgs.exe"Process terminated successfully
#:48 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 2592
ThreadCreationTime : 9-15-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\Digital Line Detect\DLG.exe"Process terminated successfully
#:49 [nkvwmon.exe]
ModuleName : C:\Program Files\Nikon\NkView4\NkVwMon.exe
Command Line : "C:\Program Files\Nikon\NkView4\NkVwMon.exe"
ProcessID : 2636
ThreadCreationTime : 9-15-2005 12:02:15 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 3001
ProductVersion : 4, 0
ProductName : Nikon View Monitor
CompanyName : Nikon Corporation
FileDescription : NkVwMon
InternalName : NkVwMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2001
OriginalFilename : NkVwMon.exe
Comments : NkVwMon
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\Nikon\NkView4\NkVwMon.exe"Process terminated successfully
#:50 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 2712
ThreadCreationTime : 9-15-2005 12:02:20 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\Program Files\Palm\HOTSYNC.EXE"Process terminated successfully
#:51 [pokapoka67.exe]
ModuleName : C:\WINDOWS\etb\pokapoka67.exe
Command Line : C:\WINDOWS\etb\pokapoka67.exe
ProcessID : 204
ThreadCreationTime : 9-15-2005 12:06:02 AM
BasePriority : Normal
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2784
ThreadCreationTime : 9-15-2005 12:07:09 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
#:53 [appskm.exe]
ModuleName : C:\WINDOWS\System32\appskm.exe
Command Line : C:\WINDOWS\System32\appskm.exe
ProcessID : 3596
ThreadCreationTime : 9-15-2005 12:09:20 AM
BasePriority : Normal
FileVersion : 1.00.0356
ProductVersion : 1.00.0356
CompanyName : flive
InternalName : skytown
OriginalFilename : skytown.exe
ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F
"C:\WINDOWS\System32\appskm.exe"Process terminated successfully
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{09b90087-4ffa-4a44-be69-da117a710f07}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28fedb90-53c7-4928-994a-cee782606507}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4723879b-8f52-4be7-9994-626afa539366}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b6c0168-baac-4c7c-911e-0132590f5661}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b26b5883-f15f-4283-b3d5-a1728077de47}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b803d266-a08d-4a4c-9604-6d35689abe09}
Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}