Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Removal

Started by rjnchairz , Sep 19 2005 07:39 PM

  • Please log in to reply

#1
rjnchairz
Posted 19 September 2005 - 07:39 PM

rjnchairz

    New Member

  • Member
  • Pip
  • 1 posts
Hi! I ran thru steps 1-5 to remove the spyware/malware and things improved but seems after a day or so the machine returns to running real slow and locking up. My hiJack This log follows:
Logfile of HijackThis v1.99.1
Scan saved at 9:33:07 PM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\ahcbh\rifjax.exe
C:\WINDOWS\System32\uskg\nbrdtv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\etb\pokapoka69.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\winCMAPP\wincmapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clicktoma...rch.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\System32\rwqnr.exe
O4 - HKLM\..\Run: [oi6a2ipb] C:\Program Files\oi6a2ipb\oi6a2ipb.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [rifjax] C:\WINDOWS\System32\ahcbh\rifjax.exe
O4 - HKLM\..\Run: [nbrdtv] C:\WINDOWS\System32\uskg\nbrdtv.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://67.21.111.170/Remote/msrdp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

I also have my Adaware log from the other day:
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 14, 2005 8:09:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R65 08.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClearSearch(TAC index:7):22 total references
Malware.Psguard(TAC index:7):51 total references
MRU List(TAC index:0):1 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R65 08.09.2005
Internal build : 76
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 518006 Bytes
Total size : 1558638 Bytes
Signature data size : 1525452 Bytes
Reference data size : 32674 Bytes
Signatures total : 43368
CSI Fingerprints total : 1037
CSI data size : 36930 Bytes
Target categories : 15
Target families : 745


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:16 %
Total physical memory:261040 kb
Available physical memory:39576 kb
Total page file size:640852 kb
Available on page file:223692 kb
Total virtual memory:2097024 kb
Available virtual memory:2037080 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-14-2005 8:09:36 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 776
ThreadCreationTime : 9-15-2005 12:00:41 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 836
ThreadCreationTime : 9-15-2005 12:00:45 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 860
ThreadCreationTime : 9-15-2005 12:00:47 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 904
ThreadCreationTime : 9-15-2005 12:00:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 916
ThreadCreationTime : 9-15-2005 12:00:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 1092
ThreadCreationTime : 9-15-2005 12:00:53 AM
BasePriority : Normal


#:7 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1144
ThreadCreationTime : 9-15-2005 12:00:55 AM
BasePriority : Normal


#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1196
ThreadCreationTime : 9-15-2005 12:00:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1348
ThreadCreationTime : 9-15-2005 12:00:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [s24evmon.exe]
ModuleName : C:\WINDOWS\System32\S24EvMon.exe
Command Line : C:\WINDOWS\System32\S24EvMon.exe
ProcessID : 1440
ThreadCreationTime : 9-15-2005 12:00:57 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1640
ThreadCreationTime : 9-15-2005 12:01:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1704
ThreadCreationTime : 9-15-2005 12:01:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 348
ThreadCreationTime : 9-15-2005 12:01:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [fpavupdm.exe]
ModuleName : C:\Program Files\FSI\F-Prot\fpavupdm.exe
Command Line : "C:\Program Files\FSI\F-Prot\fpavupdm.exe"
ProcessID : 696
ThreadCreationTime : 9-15-2005 12:01:12 AM
BasePriority : Normal
FileVersion : 1, 6, 0, 0
ProductVersion : 1, 6, 0, 0
ProductName : F-Prot Antivirus Update Monitor
CompanyName : FRISK Software
FileDescription : F-Prot Antivirus Update Monitor
InternalName : fpavupdm
LegalCopyright : Copyright © 2004
OriginalFilename : fpavupdm.exe

#:15 [rrpcsb.exe]
ModuleName : C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
Command Line : "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
ProcessID : 720
ThreadCreationTime : 9-15-2005 12:01:13 AM
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:16 [regsrvc.exe]
ModuleName : C:\WINDOWS\System32\RegSrvc.exe
Command Line : C:\WINDOWS\System32\RegSrvc.exe
ProcessID : 796
ThreadCreationTime : 9-15-2005 12:01:14 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 164
ProductVersion : 8, 0, 0, 164
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2003 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:17 [intel32.exe]
ModuleName : C:\WINDOWS\System32\intel32.exe
Command Line : intel32.exe (null)
ProcessID : 1088
ThreadCreationTime : 9-15-2005 12:01:15 AM
BasePriority : Normal


#:18 [tpkmpsvc.exe]
ModuleName : C:\WINDOWS\system32\TpKmpSVC.exe
Command Line : C:\WINDOWS\system32\TpKmpSVC.exe
ProcessID : 1504
ThreadCreationTime : 9-15-2005 12:01:18 AM
BasePriority : Normal


#:19 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1628
ThreadCreationTime : 9-15-2005 12:01:19 AM
BasePriority : Normal


#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1788
ThreadCreationTime : 9-15-2005 12:01:19 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 460
ThreadCreationTime : 9-15-2005 12:01:29 AM
BasePriority : Normal
FileVersion : 7.5.17.8 19Nov03
ProductVersion : 7.5.17.8 19Nov03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:22 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 484
ThreadCreationTime : 9-15-2005 12:01:29 AM
BasePriority : Normal
FileVersion : 7.5.17.8 19Nov03
ProductVersion : 7.5.17.8 19Nov03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:23 [tpshocks.exe]
ModuleName : C:\WINDOWS\System32\TpShocks.exe
Command Line : "C:\WINDOWS\System32\TpShocks.exe"
ProcessID : 988
ThreadCreationTime : 9-15-2005 12:01:31 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : n/a TpShocks
CompanyName : IBM Corp.
FileDescription : IBM Active Protection System
InternalName : TpShocks
LegalCopyright : Copyright © IBM Corp. 2003-2004
OriginalFilename : TpShocks.exe

#:24 [tphkmgr.exe]
ModuleName : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
Command Line : "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
ProcessID : 1252
ThreadCreationTime : 9-15-2005 12:01:32 AM
BasePriority : Normal


#:25 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
ProcessID : 1292
ThreadCreationTime : 9-15-2005 12:01:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [ezejmnap.exe]
ModuleName : C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
Command Line : "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"
ProcessID : 1472
ThreadCreationTime : 9-15-2005 12:01:35 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright © IBM Corp. 2002,2004.
OriginalFilename : EzEjMnAp.EXE

#:27 [tponscr.exe]
ModuleName : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
Command Line : "C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe"
ProcessID : 1608
ThreadCreationTime : 9-15-2005 12:01:36 AM
BasePriority : Normal


#:28 [tpscrex.exe]
ModuleName : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
Command Line : "C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe"
ProcessID : 972
ThreadCreationTime : 9-15-2005 12:01:37 AM
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright © 2000, IBM Corporation
OriginalFilename : TpScrEx.exe

#:29 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1988
ThreadCreationTime : 9-15-2005 12:01:38 AM
BasePriority : Normal
FileVersion : 1.04.07a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:30 [ibmprc.exe]
ModuleName : C:\IBMTOOLS\UTILS\ibmprc.exe
Command Line : "C:\IBMTOOLS\UTILS\ibmprc.exe"
ProcessID : 2008
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright © 2004 IBM
OriginalFilename : ibmprc.exe

#:31 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDll32.exe
Command Line : "C:\WINDOWS\System32\RunDll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
ProcessID : 2020
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 1160
ThreadCreationTime : 9-15-2005 12:01:39 AM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F


#:33 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 216
ThreadCreationTime : 9-15-2005 12:01:40 AM
BasePriority : Normal
FileVersion : 6.3
ProductVersion : QuickTime 6.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:34 [f-sched.exe]
ModuleName : C:\Program Files\FSI\F-Prot\F-Sched.exe
Command Line : "C:\Program Files\FSI\F-Prot\F-Sched.exe" STARTUP
ProcessID : 236
ThreadCreationTime : 9-15-2005 12:01:41 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Scheduler for F-Prot for Windows
CompanyName : FRISK Software International
FileDescription : Scheduler - Windows application
InternalName : F-Scheduler
LegalCopyright : Copyright © 1999 - 2004
OriginalFilename : F-Scheduler.exe
Comments : Scheduler for F-Prot for Windows - FRISK Software International

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\FSI\F-Prot\F-Sched.exe"Process terminated successfully

#:35 [f-stopw.exe]
ModuleName : C:\Program Files\FSI\F-Prot\F-StopW.EXE
Command Line : "C:\Program Files\FSI\F-Prot\F-StopW.EXE"
ProcessID : 160
ThreadCreationTime : 9-15-2005 12:01:41 AM
BasePriority : Normal
FileVersion : 3.16C
ProductVersion : 3.16C
ProductName : F-StopW NT/2000/XP
CompanyName : Frisk Software International
FileDescription : F-StopW Version 3.16C
InternalName : F-StopW
LegalCopyright : Copyright © 2005 Frisk Software International
OriginalFilename : F-StopW.EXE

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\FSI\F-Prot\F-StopW.EXE"Process terminated successfully

#:36 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
ProcessID : 276
ThreadCreationTime : 9-15-2005 12:01:42 AM
BasePriority : Normal


#:37 [oi6a2ipb.exe]
ModuleName : C:\Program Files\oi6a2ipb\oi6a2ipb.exe
Command Line : "C:\Program Files\oi6a2ipb\oi6a2ipb.exe"
ProcessID : 520
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal
FileVersion : 1, 15, 0, 3
ProductVersion : 1, 15, 0, 3

#:38 [picasamediadetector.exe]
ModuleName : C:\Program Files\Picasa2\PicasaMediaDetector.exe
Command Line : "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
ProcessID : 560
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal


ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\Picasa2\PicasaMediaDetector.exe"Process terminated successfully

#:39 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
ProcessID : 604
ThreadCreationTime : 9-15-2005 12:01:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

Warning! "C:\WINDOWS\System32\rundll32.exe"Process could not be terminated!

#:40 [apisvc.exe]
ModuleName : C:\WINDOWS\System32\apisvc.exe
Command Line : "C:\WINDOWS\System32\apisvc.exe"
ProcessID : 632
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal


#:41 [apisvc.exe]
ModuleName : C:\WINDOWS\System32\apisvc.exe
Command Line : k33pm3
ProcessID : 1308
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal


#:42 [sqwwy.exe]
ModuleName : C:\WINDOWS\System32\pkymot\sqwwy.exe
Command Line : "C:\WINDOWS\System32\pkymot\sqwwy.exe"
ProcessID : 1328
ThreadCreationTime : 9-15-2005 12:01:44 AM
BasePriority : Normal


#:43 [rifjax.exe]
ModuleName : C:\WINDOWS\System32\ahcbh\rifjax.exe
Command Line : "C:\WINDOWS\System32\ahcbh\rifjax.exe"
ProcessID : 336
ThreadCreationTime : 9-15-2005 12:01:45 AM
BasePriority : Normal


ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\WINDOWS\System32\ahcbh\rifjax.exe"Process terminated successfully

#:44 [ktirhl.exe]
ModuleName : C:\WINDOWS\System32\ypkobei\ktirhl.exe
Command Line : "C:\WINDOWS\System32\ypkobei\ktirhl.exe"
ProcessID : 1444
ThreadCreationTime : 9-15-2005 12:01:47 AM
BasePriority : Normal


ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\WINDOWS\System32\ypkobei\ktirhl.exe"Process terminated successfully

#:45 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 908
ThreadCreationTime : 9-15-2005 12:01:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:46 [nbrdtv.exe]
ModuleName : C:\WINDOWS\System32\uskg\nbrdtv.exe
Command Line : "C:\WINDOWS\System32\uskg\nbrdtv.exe"
ProcessID : 2204
ThreadCreationTime : 9-15-2005 12:01:57 AM
BasePriority : Normal


ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\WINDOWS\System32\uskg\nbrdtv.exe"Process terminated successfully

#:47 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2276
ThreadCreationTime : 9-15-2005 12:02:01 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\Messenger\msmsgs.exe"Process terminated successfully

#:48 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 2592
ThreadCreationTime : 9-15-2005 12:02:13 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\Digital Line Detect\DLG.exe"Process terminated successfully

#:49 [nkvwmon.exe]
ModuleName : C:\Program Files\Nikon\NkView4\NkVwMon.exe
Command Line : "C:\Program Files\Nikon\NkView4\NkVwMon.exe"
ProcessID : 2636
ThreadCreationTime : 9-15-2005 12:02:15 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 3001
ProductVersion : 4, 0
ProductName : Nikon View Monitor
CompanyName : Nikon Corporation
FileDescription : NkVwMon
InternalName : NkVwMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2001
OriginalFilename : NkVwMon.exe
Comments : NkVwMon

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\Nikon\NkView4\NkVwMon.exe"Process terminated successfully

#:50 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 2712
ThreadCreationTime : 9-15-2005 12:02:20 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\Program Files\Palm\HOTSYNC.EXE"Process terminated successfully

#:51 [pokapoka67.exe]
ModuleName : C:\WINDOWS\etb\pokapoka67.exe
Command Line : C:\WINDOWS\etb\pokapoka67.exe
ProcessID : 204
ThreadCreationTime : 9-15-2005 12:06:02 AM
BasePriority : Normal


ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F


#:52 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2784
ThreadCreationTime : 9-15-2005 12:07:09 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F


#:53 [appskm.exe]
ModuleName : C:\WINDOWS\System32\appskm.exe
Command Line : C:\WINDOWS\System32\appskm.exe
ProcessID : 3596
ThreadCreationTime : 9-15-2005 12:09:20 AM
BasePriority : Normal
FileVersion : 1.00.0356
ProductVersion : 1.00.0356
CompanyName : flive
InternalName : skytown
OriginalFilename : skytown.exe

ClearSearch Object Recognized!
Type : Process
Data : oi6a2ipb.DLL
TAC Rating : 7
Category : Data Miner
Comment :
Object : C:\Program Files\oi6a2ipb\
FileVersion : 1.91.0,6
ProductVersion : 1.91.0.6
InternalName : Grip.dll
OriginalFilename : Grip.dll
Comments : Build 91 F

"C:\WINDOWS\System32\appskm.exe"Process terminated successfully

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{09b90087-4ffa-4a44-be69-da117a710f07}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28fedb90-53c7-4928-994a-cee782606507}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4723879b-8f52-4be7-9994-626afa539366}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b6c0168-baac-4c7c-911e-0132590f5661}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b26b5883-f15f-4283-b3d5-a1728077de47}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b803d266-a08d-4a4c-9604-6d35689abe09}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}
  • 0

Advertisements

#2
Metallica
Posted 04 October 2005 - 12:34 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi rjnchairz,

If you still need help, can you please post a new HijackThis log?

No need for the AdAware. Thanks.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP