Ok i did what i understood but i didnt understand a few bits of it
Firstly what do you mean by "Family"
i deleted coolwebsearch
and have log as help2.txt
am having problems deselecting negligable risk entries, please advice on how as cannot find the selsction
Ad-Aware SE Build 1.05
Logfile Created on:13 May 2005 17:39:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):3 total references
Alexa(TAC index:5):11 total references
BargainBuddy(TAC index:8):20 total references
DyFuCA(TAC index:3):36 total references
Hijacker.TopConverting(TAC index:5):1 total references
istbar(TAC index:7):13 total references
MRU List(TAC index:0):5 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Rads01.Quadrogram(TAC index:6):2 total references
SideFind(TAC index:5):6 total references
Tracking Cookie(TAC index:3):7 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):55 total references
ZyncosMark(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
13-05-2005 17:39:29 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 764
ThreadCreationTime : 13-05-2005 16:36:36
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 13-05-2005 16:36:37
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1264
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 13-05-2005 16:36:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 13-05-2005 16:36:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1748
ThreadCreationTime : 13-05-2005 16:36:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 212
ThreadCreationTime : 13-05-2005 16:36:43
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 13-05-2005 16:36:44
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE
#:13 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 688
ThreadCreationTime : 13-05-2005 16:36:44
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE
#:14 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 780
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductVersion : 2.1.21 2.1.21 11/21/2002 14:17:53
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
#:15 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 788
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 1.68
ProductVersion : 1.68
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2002
LegalTrademarks : LT
OriginalFilename : LtMoh.EXE
#:16 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 936
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 7.2.9 03Jan03
ProductVersion : 7.2.9 03Jan03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe
#:17 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 984
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 7.2.9 03Jan03
ProductVersion : 7.2.9 03Jan03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe
#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1164
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 7,0,0,174
ProductVersion : 7.0.0.174
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2003, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1180
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 7,0,0,159
ProductVersion : 7.0.0.159
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2003, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:20 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1208
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1224
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:22 [zzifsnh.exe]
FilePath : c:\windows\system32\
ProcessID : 1240
ThreadCreationTime : 13-05-2005 16:36:45
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:23 [icmon.exe]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ProcessID : 1436
ThreadCreationTime : 13-05-2005 16:36:46
BasePriority : Normal
FileVersion : 1.00.0235
ProductVersion : 3 (Build 0235)
ProductName : Sophos Anti-Virus
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus InterCheck activity monitor (ENG)
InternalName : ICMON
LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com
LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc.
OriginalFilename : ICMON.EXE
#:24 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1604
ThreadCreationTime : 13-05-2005 16:36:48
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:25 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1840
ThreadCreationTime : 13-05-2005 16:36:51
BasePriority : Normal
FileVersion : 7,0,0,175
ProductVersion : 7.0.0.175
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2003, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:26 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1852
ThreadCreationTime : 13-05-2005 16:36:51
BasePriority : Normal
FileVersion : 7,0,0,132
ProductVersion : 7.0.0.132
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2002, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:27 [swnetsup.exe]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ProcessID : 2012
ThreadCreationTime : 13-05-2005 16:36:52
BasePriority : Normal
FileVersion : 1.00.0235
ProductVersion : 3 (Build 0235)
ProductName : Sophos Anti-Virus
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus network support service
InternalName : SWNETSUP
LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com
LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc.
OriginalFilename : SWNETSUP.EXE
#:28 [sweepsrv.sys]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ProcessID : 132
ThreadCreationTime : 13-05-2005 16:36:53
BasePriority : Normal
FileVersion : 2.01.0235
ProductVersion : 3 (Build 0235)
ProductName : Sophos Anti-Virus
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus detection system service
InternalName : SWEEPSRV
LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com
LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc.
OriginalFilename : SWEEPSRV.SYS
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 380
ThreadCreationTime : 13-05-2005 16:36:56
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:30 [istsvc.exe]
FilePath : C:\Program Files\ISTsvc\
ProcessID : 3264
ThreadCreationTime : 13-05-2005 16:37:57
BasePriority : Normal
#:31 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3816
ThreadCreationTime : 13-05-2005 16:38:20
BasePriority : Normal
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist
Value : Recover
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\policies\avenue media
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3d5OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUS3t5atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora
Value : AUL3a5stSSChckin
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 86
Objects found so far: 92
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : contentmatch.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Value : http
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Value : https
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ele5Mw"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ele5Mw
istbar Object Recognized!
Type : File
Data : dmfeyss.exe
Category : Malware
Comment :
Object : c:\windows\
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 97
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : koryo@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Koryo\Cookies\koryo@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : koryo@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Koryo\Cookies\koryo@mediaplex[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 99
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pox master@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Pox Master\Cookies\pox master@0[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pox master@0[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Pox Master\Cookies\pox master@0[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pox master@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Pox Master\Cookies\pox master@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pox master@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Pox Master\Cookies\pox master@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pox master@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Pox Master\Cookies\pox master@trafficmp[1].txt
BargainBuddy Object Recognized!
Type : File
Data : B70235B0-A656-4A51-A002-2ED856
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\0476495C-FEC1-4F11-829B-1EDE42\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe
DyFuCA Object Recognized!
Type : File
Data : EAD0CE43-EA32-4227-9A61-CA66D2
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\F0A36185-6724-495D-AD5A-85FBFB\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL
VX2 Object Recognized!
Type : File
Data : A0000464.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0000474.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0000482.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0000492.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
DyFuCA Object Recognized!
Type : File
Data : A0000506.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL
BargainBuddy Object Recognized!
Type : File
Data : A0000510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe
VX2 Object Recognized!
Type : File
Data : A0000523.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0000532.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Type : File
Data : A0000541.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
VX2 Object Recognized!
Attached Files