Here is AdAware log:
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 14, 2005 3:33:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):29 total references
VX2(TAC index:10):40 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:391664 kb
Available physical memory:98356 kb
Total page file size:940476 kb
Available on page file:662112 kb
Total virtual memory:2097024 kb
Available virtual memory:2044812 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-14-2005 3:33:37 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 5-14-2005 10:25:28 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 544
ThreadCreationTime : 5-14-2005 10:25:31 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 572
ThreadCreationTime : 5-14-2005 10:25:33 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 616
ThreadCreationTime : 5-14-2005 10:25:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 628
ThreadCreationTime : 5-14-2005 10:25:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : C:\WINDOWS\system32\Ati2evxx.exe
ProcessID : 764
ThreadCreationTime : 5-14-2005 10:25:38 PM
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 800
ThreadCreationTime : 5-14-2005 10:25:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 864
ThreadCreationTime : 5-14-2005 10:25:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 948
ThreadCreationTime : 5-14-2005 10:25:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1024
ThreadCreationTime : 5-14-2005 10:25:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1132
ThreadCreationTime : 5-14-2005 10:25:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1216
ThreadCreationTime : 5-14-2005 10:25:41 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1516
ThreadCreationTime : 5-14-2005 10:25:43 PM
BasePriority : Normal
FileVersion : 6.14.10.4110
ProductVersion : 6.14.10.4110.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:14 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1548
ThreadCreationTime : 5-14-2005 10:25:43 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1588
ThreadCreationTime : 5-14-2005 10:25:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1608
ThreadCreationTime : 5-14-2005 10:25:44 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:17 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1720
ThreadCreationTime : 5-14-2005 10:25:46 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:18 [brsvc01a.exe]
ModuleName : C:\WINDOWS\system32\brsvc01a.exe
Command Line : C:\WINDOWS\system32\brsvc01a.exe
ProcessID : 1860
ThreadCreationTime : 5-14-2005 10:25:47 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe
#:19 [brss01a.exe]
ModuleName : C:\WINDOWS\system32\brss01a.exe
Command Line : brss01a.exe
ProcessID : 1880
ThreadCreationTime : 5-14-2005 10:25:47 PM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper
#:20 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1888
ThreadCreationTime : 5-14-2005 10:25:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:21 [msssrv.exe]
ModuleName : c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
Command Line : c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
ProcessID : 192
ThreadCreationTime : 5-14-2005 10:25:54 PM
BasePriority : Normal
FileVersion : 1.10.158.0
ProductVersion : 1.10.158.0
ProductName : McAfee AntiSpyware
CompanyName : McAfee, Inc.
FileDescription : McAfee AntiSpyware RealTime Service
InternalName : MssSrv.exe
LegalCopyright : Copyright © 2005 McAfee, Inc.
All Rights Reserved.
OriginalFilename : MssSrv.exe
#:22 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 204
ThreadCreationTime : 5-14-2005 10:25:54 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:23 [npfmntor.exe]
ModuleName : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 244
ThreadCreationTime : 5-14-2005 10:25:54 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
#:24 [prismxl.sys]
ModuleName : C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Command Line : "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS"
ProcessID : 316
ThreadCreationTime : 5-14-2005 10:25:55 PM
BasePriority : Normal
FileVersion : 6.0.1.22
ProductVersion : 6.0.1.22
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys
#:25 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 916
ThreadCreationTime : 5-14-2005 10:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 1088
ThreadCreationTime : 5-14-2005 10:25:59 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 534
ProductVersion : 1, 8, 54, 534
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:27 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1204
ThreadCreationTime : 5-14-2005 10:25:59 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:28 [savscan.exe]
ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : n/a
ProcessID : 1972
ThreadCreationTime : 5-14-2005 10:26:09 PM
BasePriority : Normal
FileVersion : 9.4.1.10
ProductVersion : 9.4
ProductName : AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:29 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2136
ThreadCreationTime : 5-14-2005 10:26:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:30 [zhotkey.exe]
ModuleName : C:\WINDOWS\zHotkey.exe
Command Line : "C:\WINDOWS\zHotkey.exe"
ProcessID : 2224
ThreadCreationTime : 5-14-2005 10:26:17 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 7
ProductVersion : 3, 0, 0, 0
ProductName : Multimedia Keyboard Driver
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2004.
OriginalFilename : mHotkey.res
#:31 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 2268
ThreadCreationTime : 5-14-2005 10:26:18 PM
BasePriority : Normal
FileVersion : 5.1.0.30
ProductVersion : 5.1.0.29
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:32 [pdvdserv.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ProcessID : 2424
ThreadCreationTime : 5-14-2005 10:26:22 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE
#:33 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 2608
ThreadCreationTime : 5-14-2005 10:26:23 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe
#:34 [shwiconem.exe]
ModuleName : C:\Program Files\Digital Media Reader\shwiconem.exe
Command Line : "C:\Program Files\Digital Media Reader\shwiconem.exe"
ProcessID : 2688
ThreadCreationTime : 5-14-2005 10:26:23 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002
Comments : Alcor 9360 4/4.5 Slot XP
#:35 [msscli.exe]
ModuleName : C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
Command Line : "C:\progra~1\mcafee\MCAFEE~1\MssCli.exe"
ProcessID : 2740
ThreadCreationTime : 5-14-2005 10:26:24 PM
BasePriority : Normal
FileVersion : 1.10.158.0
ProductVersion : 1.10.158.0
ProductName : McAfee AntiSpyware
CompanyName : McAfee, Inc.
FileDescription : McAfee AntiSpyware RealTime Client
InternalName : MssCli.exe
LegalCopyright : Copyright © 2005 McAfee, Inc.
All Rights Reserved.
OriginalFilename : MssCli.exe
#:36 [pptd40nt.exe]
ModuleName : C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
Command Line : "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
ProcessID : 2832
ThreadCreationTime : 5-14-2005 10:26:24 PM
BasePriority : Normal
FileVersion : 9.0
ProductVersion : 9.0
ProductName : PaperPort
CompanyName : ScanSoft, Inc.
FileDescription : PaperPort Print to Desktop for NT
InternalName : PPTD40NT
LegalCopyright : Copyright © 1993-2004 ScanSoft, Inc.
OriginalFilename : PPTD40NT.EXE
#:37 [brctrcen.exe]
ModuleName : C:\Program Files\Brother\ControlCenter2\brctrcen.exe
Command Line : "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
ProcessID : 2852
ThreadCreationTime : 5-14-2005 10:26:26 PM
BasePriority : Normal
#:38 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 2868
ThreadCreationTime : 5-14-2005 10:26:26 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:39 [scahjex.exe]
ModuleName : c:\windows\system32\scahjex.exe
Command Line : "c:\windows\system32\scahjex.exe" ugrtjs
ProcessID : 2900
ThreadCreationTime : 5-14-2005 10:26:27 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:40 [bigfix.exe]
ModuleName : C:\Program Files\BigFix\BigFix.exe
Command Line : "C:\Program Files\BigFix\BigFix.exe" /atstartup
ProcessID : 3072
ThreadCreationTime : 5-14-2005 10:26:30 PM
BasePriority : Normal
FileVersion : 1, 7, 6, 0
ProductVersion : 1, 7, 6, 0
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright © 2002
OriginalFilename : BigFix.exe
#:41 [brmfcwnd.exe]
ModuleName : C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
Command Line : "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" Brother MFC-420CN
ProcessID : 3196
ThreadCreationTime : 5-14-2005 10:26:32 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 4
ProductVersion : 1, 0, 5, 4
ProductName : Status Monitor
CompanyName : Brother Industries, Ltd.
FileDescription : Status Monitor (Main)
InternalName : Brmfcwnd
LegalCopyright : Copyright © 2004 Brother Industries, Ltd.
OriginalFilename : Brmfcwnd.exe
#:42 [brmfimon.exe]
ModuleName : C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
Command Line : "C:\Program Files\Brother\Brmfcmon\BrMfimon.exe" -BRN_6B248A -Brother MFC-420CN Printer
ProcessID : 3256
ThreadCreationTime : 5-14-2005 10:26:33 PM
BasePriority : Normal
FileVersion : 1, 0, 6, 1
ProductVersion : 1, 0, 6, 1
ProductName : Status Monitor
CompanyName : Brother Industries, Ltd.
FileDescription : Status Monitor (Network)
InternalName : Brmfimon
LegalCopyright : Copyright © 2004 Brother Industries, Ltd.
OriginalFilename : Brmfimon.exe
#:43 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 3268
ThreadCreationTime : 5-14-2005 10:26:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:44 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3788
ThreadCreationTime : 5-14-2005 10:27:06 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:45 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe"
ProcessID : 2192
ThreadCreationTime : 5-14-2005 10:27:29 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:46 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3728
ThreadCreationTime : 5-14-2005 10:28:53 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUL3a5stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3060605950-340763862-3731329199-1003\software\aurora
Value : AUS3t5atusOfSInst
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 29
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-3060605950-340763862-3731329199-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : temp.frC649
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
VX2 Object Recognized!
Type : File
Data : A0005267.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP49\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
VX2 Object Recognized!
Type : File
Data : A0005272.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP49\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0005451.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP49\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
VX2 Object Recognized!
Type : File
Data : A0005457.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP49\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 64
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 64
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 64
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 69
3:41:51 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:13.906
Objects scanned:118349
Objects identified:40
Objects ignored:0
New critical objects:40
Thanks,
Tom