W32.Alcan.A causing havoc [CLOSED] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
  |
 Jun 16 2005, 04:03 PM
Post
#1
|
|
|
New Member  Posts: 8 OS: Windows XP  |
Hi, I hope you can help.
I have the the W32.Alcan.a worm in my system and it refuses to leave and it's really causing havoc with my system (installing malware etc!). Please see Ad-aware log below. I have Killbox and CCleaner installed. One major problem for the fix is that my computer no longer starts in Safe Mode (but perhaps this is a result of the worm??) Many Thanks for any advice. Ad-Aware SE Build 1.06r1 Logfile Created on:16 June 2005 23:12:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R50 13.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R50 13.06.2005 Internal build : 58 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 481146 Bytes Total size : 1456012 Bytes Signature data size : 1427935 Bytes Reference data size : 27565 Bytes Signatures total : 40456 CSI Fingerprints total : 904 CSI data size : 31134 Bytes Target categories : 15 Target families : 692 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:25 % Total physical memory:261196 kb Available physical memory:64596 kb Total page file size:632988 kb Available on page file:420068 kb Total virtual memory:2097024 kb Available virtual memory:2044644 kb OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Play sound at scan completion if scan locates critical objects 16-06-2005 23:12:45 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 608 ThreadCreationTime : 16-06-2005 21:09:10 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 680 ThreadCreationTime : 16-06-2005 21:09:16 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 704 ThreadCreationTime : 16-06-2005 21:09:17 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 748 ThreadCreationTime : 16-06-2005 21:09:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 760 ThreadCreationTime : 16-06-2005 21:09:18 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 924 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 976 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [incdsrv.exe] ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe" ProcessID : 992 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 4, 2, 14, 0 ProductVersion : 4, 2, 14, 0 ProductName : Ahead Software AG incdsrv CompanyName : Ahead Software AG FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : incdsrv.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1220 ThreadCreationTime : 16-06-2005 21:09:20 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1248 ThreadCreationTime : 16-06-2005 21:09:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : n/a ProcessID : 1312 ThreadCreationTime : 16-06-2005 21:09:22 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : n/a ProcessID : 1324 ThreadCreationTime : 16-06-2005 21:09:22 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [spbbcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Command Line : n/a ProcessID : 1352 ThreadCreationTime : 16-06-2005 21:09:23 BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : n/a ProcessID : 1596 ThreadCreationTime : 16-06-2005 21:09:23 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1828 ThreadCreationTime : 16-06-2005 21:09:26 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1884 ThreadCreationTime : 16-06-2005 21:09:26 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [incd.exe] ModuleName : C:\Program Files\Ahead\InCD\InCD.exe Command Line : "C:\Program Files\Ahead\InCD\InCD.exe" ProcessID : 200 ThreadCreationTime : 16-06-2005 21:09:28 BasePriority : Normal FileVersion : 4, 2, 14, 0 ProductVersion : 4, 2, 14, 0 ProductName : Ahead Software AG InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : InCD.exe #:18 [usisrv.exe] ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" ProcessID : 236 ThreadCreationTime : 16-06-2005 21:09:28 BasePriority : Normal FileVersion : 1, 0, 1, 15 ProductVersion : 1, 0, 1, 15 ProductName : Ulead Systems USISrv CompanyName : Ulead Systems FileDescription : USISrv InternalName : USISrv LegalCopyright : Copyright © 2003 Ulead Systems OriginalFilename : USISrv.exe #:19 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 260 ThreadCreationTime : 16-06-2005 21:09:29 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:20 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : n/a ProcessID : 296 ThreadCreationTime : 16-06-2005 21:09:29 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:21 [realsched.exe] ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ProcessID : 312 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:22 [winupdates.exe] ModuleName : C:\Program Files\winupdates\winupdates.exe Command Line : "C:\Program Files\winupdates\winupdates.exe" /auto ProcessID : 320 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : inno setup CompanyName : inno setup FileDescription : inno setup InternalName : Setup LegalCopyright : inno setup LegalTrademarks : inno setup OriginalFilename : Setup.exe Comments : inno setup #:23 [invbn.exe] ModuleName : C:\WINDOWS\System32\invbn.exe Command Line : "C:\WINDOWS\System32\invbn.exe" ProcessID : 336 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal #:24 [ctfmon.exe] ModuleName : C:\WINDOWS\System32\ctfmon.exe Command Line : "C:\WINDOWS\System32\ctfmon.exe" ProcessID : 340 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:25 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background ProcessID : 476 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:26 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 972 ThreadCreationTime : 16-06-2005 21:09:32 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:27 [appservices.exe] ModuleName : C:\PROGRA~1\Iomega\System32\AppServices.exe Command Line : "C:\PROGRA~1\Iomega\System32\AppServices.exe" ProcessID : 1168 ThreadCreationTime : 16-06-2005 21:09:32 BasePriority : Normal FileVersion : 2, 0, 2, 5 ProductVersion : 2, 0, 2, 5 ProductName : Iomega App Services CompanyName : Iomega Corporation FileDescription : AppServices InternalName : AppServices LegalCopyright : Copyright © 2000 OriginalFilename : AppService.exe Comments : Iomega App Services For Windows 2000/NT #:28 [navapsvc.exe] ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe Command Line : n/a ProcessID : 1192 ThreadCreationTime : 16-06-2005 21:09:33 BasePriority : Normal FileVersion : 11.0.9.16 ProductVersion : 11.0.9 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:29 [npfmntor.exe] ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe Command Line : n/a ProcessID : 1372 ThreadCreationTime : 16-06-2005 21:09:35 BasePriority : Normal FileVersion : 11.0.9.16 ProductVersion : 11.0.9 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:30 [nprotect.exe] ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE Command Line : n/a ProcessID : 1440 ThreadCreationTime : 16-06-2005 21:09:36 BasePriority : Normal FileVersion : 18.0.0.62 ProductVersion : 18.0.0.62 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 1997-2004 Symantec Corporation LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation. OriginalFilename : NPROTECT.EXE #:31 [nvsvc32.exe] ModuleName : C:\WINDOWS\System32\nvsvc32.exe Command Line : C:\WINDOWS\System32\nvsvc32.exe ProcessID : 1816 ThreadCreationTime : 16-06-2005 21:09:40 BasePriority : Normal FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 ProductName : NVIDIA Driver Helper Service, Version 52.16 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:32 [nopdb.exe] ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE Command Line : n/a ProcessID : 2100 ThreadCreationTime : 16-06-2005 21:09:46 BasePriority : Normal FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 ProductName : Norton Speed Disk CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : NOPDB.dll #:33 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 2120 ThreadCreationTime : 16-06-2005 21:09:47 BasePriority : Normal FileVersion : 4.7.2010 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:34 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 2164 ThreadCreationTime : 16-06-2005 21:09:48 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:35 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : n/a ProcessID : 2176 ThreadCreationTime : 16-06-2005 21:09:48 BasePriority : Normal FileVersion : 1, 8, 54, 478 ProductVersion : 1, 8, 54, 478 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:36 [ulcdrsvr.exe] ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ProcessID : 2288 ThreadCreationTime : 16-06-2005 21:09:52 BasePriority : Normal FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 ProductName : Ulead Systems ULCDRSvr CompanyName : Ulead Systems, Inc. FileDescription : ULCDRSvr InternalName : ULCDRSvr LegalCopyright : Copyright © 2002 Ulead Systems, Inc. OriginalFilename : ULCDRSvr.exe #:37 [wdfmgr.exe] ModuleName : C:\WINDOWS\System32\wdfmgr.exe Command Line : C:\WINDOWS\System32\wdfmgr.exe ProcessID : 2356 ThreadCreationTime : 16-06-2005 21:09:54 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:38 [adservice.exe] ModuleName : C:\Program Files\Iomega\AutoDisk\ADService.exe Command Line : "C:\Program Files\Iomega\AutoDisk\ADService.exe" ProcessID : 2436 ThreadCreationTime : 16-06-2005 21:09:55 BasePriority : Normal FileVersion : 3, 2, 1, 5 ProductVersion : 3, 2, 1, 5 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk Service InternalName : ADService LegalCopyright : Copyright © 2002 OriginalFilename : ADService.exe #:39 [wuauclt.exe] ModuleName : C:\WINDOWS\System32\wuauclt.exe Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[3d0]SUSDS70350bc292b32f48ad71b89e7cd0d49d ProcessID : 2880 ThreadCreationTime : 16-06-2005 21:10:49 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:40 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3036 ThreadCreationTime : 16-06-2005 21:11:18 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:41 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 3144 ThreadCreationTime : 16-06-2005 21:12:04 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : istbar.barobj SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper.1 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder.1 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag.1 ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : account_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : config DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : Recover DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\avenue media SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : RestartADPDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TimeOutInterval BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TempUniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastADPRestart BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : last_conn_l DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : we DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : cdata DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : TimeOffset DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_last_chunk DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_last_full_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : key_file DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : kw_last_chunk DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : duid DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : partner_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : product_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt1 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt2 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt3 DyFuCA Object Recognized! Type : RegValue Data |
 |
 
|
|
Jun 16 2005, 04:09 PM
Post
#2
|
|
|
New Member Posts: 8 OS: Windows XP |
(ad-aware log cont.)
DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt3 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gma DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gvi DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gpi DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : boom DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : boom_ver DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\dyfuca DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_name DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : ui DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_initial_delay DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_limit DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : account_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_date DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_last DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_last DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_last DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : UninstallString istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : NoModify istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : barTitle istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : serverpath istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : urlAfterInstall istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : gUpdate istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : TBRowMode istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : xml_istbar.xml istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : imagemap_normal.bmp istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : imagemap_over.bmp istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : showcorrupted istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : updatever istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : refreshscope istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : allowupdate istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : LastCheckTime istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : version.txt istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : UpdateBegin SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : ButtonText SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : HotIcon SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : Icon SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : CLSID SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : BandCLSID SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind Value : shoppingautosearch SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind Value : UninstallString SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathBHO SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathDLL SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathXML SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathEXE SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : InstallDate SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : SearchSite SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : update SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : ver SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : IntervalBetweenShows istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}" Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\microsoft\internet explorer\toolbar\webbrowser Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52} Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\powerscan Value : account_id BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "Internet Optimizer" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Internet Optimizer istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : "IST Service" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : IST Service istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52} Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\\software\powerscan Value : account_id Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 182 Objects found so far: 182 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com" TAC Rating : 5 Category : Malware Comment : (http://www.slotch.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com" TAC Rating : 5 Category : Malware Comment : (http://www.slotch.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar Value : UninstallString Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com" TAC Rating : 5 Category : Malware Comment : (http://www.slotch.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com" TAC Rating : 5 Category : Malware Comment : (http://www.slotch.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com" TAC Rating : 5 Category : Malware Comment : (http://www.slotch.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar Value : HelpLink DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "sais" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : sais DyFuCA Object Recognized! Type : File Data : sais.exe TAC Rating : 3 Category : Malware Comment : Object : c:\program files\180solutions\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : "dcj" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : dcj 180Solutions Object Recognized! Type : File Data : dcj.exe TAC Rating : 6 Category : Data Miner Comment : Object : c:\windows\ Powerscan Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : "Power Scan" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Power Scan Powerscan Object Recognized! Type : File Data : powerscan.exe TAC Rating : 5 Category : Malware Comment : Object : c:\program files\power scan\ FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 ProductName : PowerScan v1.1 FileDescription : PowerScan v1.1 InternalName : PowerScan v1.1 LegalCopyright : Copyright © 2004 OriginalFilename : Power-Scan.exe Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 193 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : john@statse.webtrendslive[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:john@statse.webtrendslive.com/ Expires : 14-06-2015 23:00:34 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : john@xxxtoolbar[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:john@xxxtoolbar.com/ Expires : 16-07-2005 23:17:20 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 196 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» istbar Object Recognized! Type : File Data : cmctl[1].dll TAC Rating : 7 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\81MNSD6Z\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : ContentMatchControl FileDescription : ContentMatchControl InternalName : ContentMatchControl1 LegalCopyright : Copyright 2005 OriginalFilename : ContentMatchControl1.DLL DyFuCA Object Recognized! Type : File Data : sidefind13[1].dll TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K9UNCXM7\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL DyFuCA Object Recognized! Type : File Data : ncase_new[1].exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\SLENO5Q7\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. istbar Object Recognized! Type : File Data : istrecover[1].exe TAC Rating : 7 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\UNO32RSL\ Powerscan Object Recognized! Type : File Data : powerscan[1].exe TAC Rating : 5 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\UNO32RSL\ FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 ProductName : PowerScan v1.1 FileDescription : PowerScan v1.1 InternalName : PowerScan v1.1 LegalCopyright : Copyright © 2004 OriginalFilename : Power-Scan.exe SideFind Object Recognized! Type : File Data : sfbho13[1].dll TAC Rating : 5 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\W5IR49M7\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL DyFuCA Object Recognized! Type : File Data : nem220[1].dll TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\WL2Z85MN\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL Tracking Cookie Object Recognized! Type : IECache Entry Data : lucy@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Lucy\Cookies\lucy@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : lucy@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Lucy\Cookies\lucy@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : lucy@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Lucy\Cookies\lucy@mediaplex[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : lucy@statse.webtrendslive[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Lucy\Cookies\lucy@statse.webtrendslive[1].txt 180Solutions Object Recognized! Type : File Data : sais.exe TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\180Solutions\FLEOK\ FileVersion : 5, 15, 0, 15 ProductVersion : 5, 15, 0, 15 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. BargainBuddy Object Recognized! Type : File Data : adv.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe istbar Object Recognized! Type : File Data : cmctl.dll TAC Rating : 7 Category : Malware Comment : Object : C:\Program Files\ISTbar\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : ContentMatchControl FileDescription : ContentMatchControl InternalName : ContentMatchControl1 LegalCopyright : Copyright 2005 OriginalFilename : ContentMatchControl1.DLL SideFind Object Recognized! Type : File Data : sfbho.dll TAC Rating : 5 Category : Malware Comment : Object : C:\Program Files\SideFind\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL DyFuCA Object Recognized! Type : File Data : sidefind.dll TAC Rating : 3 Category : Malware Comment : Object : C:\Program Files\SideFind\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe DyFuCA Object Recognized! Type : File Data : nem220.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : bszip.dll TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\system32\ FileVersion : 3.0.2.0 ProductVersion : 3.02 ProductName : BigSpeed Zip DLL CompanyName : BigSpeedSoft InternalName : bszip.dll LegalCopyright : © BigSpeedSoft LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft OriginalFilename : bszip.dll BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exul1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : javexulm.vxd TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : mqexdlm.srg TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 222 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 222 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : InstallOccurUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : AlreadyInstalledUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : ETServer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : NewPartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : c:\program files\BullsEye Network BargainBuddy Object Recognized! Type : File Data : ad.dat TAC Rating : 8 Category : Malware Comment : Object : c:\program files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ub.dat TAC Rating : 8 Category : Malware Comment : Object : c:\program files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe TAC Rating : 8 Category : Malware Comment : Object : c:\program files\bullseye network\ FileVersion : 8.0.3.9 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module BargainBuddy Object Recognized! Type : File Data : bargains.exe TAC Rating : 8 Category : Malware Comment : Object : c:\program files\bullseye network\bin\ BargainBuddy Object Recognized! Type : File Data : bbchk.exe TAC Rating : 8 Category : Malware Comment : Object : c:\windows\system32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft® Windows NT® Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe TAC Rating : 8 Category : Malware Comment : Object : c:\windows\system32\ BargainBuddy Object Recognized! Type : File Data : msbe.dll TAC Rating : 8 Category : Malware Comment : Object : c:\windows\system32\ FileVersion : 8, 0, 3, 8 ProductVersion : 8, 0, 3, 6 ProductName : ADP Module CompanyName : eXact Advertising FileDescription : ADP Module InternalName : apuc LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\mi |
|
|
|
|
Jun 16 2005, 04:14 PM
Post
#3
|
|
|
New Member Posts: 8 OS: Windows XP |
(ad-aware log cont.2)
DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\policies\ameopt DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sais DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sais Value : UninstallString DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sais Value : DisplayIcon DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout Value : DComment DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\policies\ameopt DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\SideFind DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\Power Scan DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\ISTsvc DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\ISTbar DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\Internet Optimizer DyFuCA Object Recognized! Type : Folder TAC Rating : 3 Category : Malware Comment : DyFuCA Object : c:\program files\180Solutions DyFuCA Object Recognized! Type : File Data : optimize.exe TAC Rating : 3 Category : Malware Comment : Object : c:\program files\internet optimizer\ istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager istbar Object Recognized! Type : File Data : sais.log TAC Rating : 7 Category : Malware Comment : Object : c:\program files\180solutions\ istbar Object Recognized! Type : File Data : saisau.dat TAC Rating : 7 Category : Malware Comment : Object : c:\program files\180solutions\ istbar Object Recognized! Type : File Data : sais_kyf.dat TAC Rating : 7 Category : Malware Comment : Object : c:\program files\180solutions\ istbar Object Recognized! Type : File Data : istsvc.exe TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istsvc\ istbar Object Recognized! Type : File Data : imagemap_normal.bmp TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istbar\ istbar Object Recognized! Type : File Data : imagemap_over.bmp TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istbar\ istbar Object Recognized! Type : File Data : istbarcm.dll TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istbar\ istbar Object Recognized! Type : File Data : version.txt TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istbar\ istbar Object Recognized! Type : File Data : xml_istbar.xml TAC Rating : 7 Category : Malware Comment : Object : c:\program files\istbar\ SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} SideFind Object Recognized! Type : File Data : sfexd001 TAC Rating : 5 Category : Malware Comment : Object : c:\program files\sidefind\ Powerscan Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\powerscan Powerscan Object Recognized! Type : Folder TAC Rating : 5 Category : Malware Comment : Powerscan Object : c:\documents and settings\john\start menu\programs\Power Scan Powerscan Object Recognized! Type : File Data : Power Scan.lnk TAC Rating : 5 Category : Malware Comment : Object : c:\documents and settings\john\start menu\programs\power scan\ 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : last_conn_l 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : we 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : cdata 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : TimeOffset 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_version 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_last_chunk 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_last_full_version 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : key_file 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : kw_last_chunk Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : cmd.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : netstat.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : ping.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : regedit.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : taskkill.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : tasklist.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Win32.P2P-Worm.Alcan.a Object Recognized! Type : File Data : tracert.com TAC Rating : 8 Category : Worm Comment : Object : C:\WINDOWS\System32\ Powerscan Object Recognized! Type : File Data : Power Scan.lnk TAC Rating : 5 Category : Malware Comment : Shortcut to bad file : C:\Documents and Settings\John\Start Menu\Programs\Power Scan\Power Scan.lnk Object : C:\Documents and Settings\John\Start Menu\Programs\Power Scan\ Other Object Recognized! Type : File Data : SAIS.EXE-1CACDE60.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : SAIS.EXE-25D5D1DE.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXDL.EXE-025B7023.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXDL1.EXE-03ADA40F.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXUL1.EXE-0DA91456.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : OPTIMIZE.EXE-01F38553.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : OPTIMIZE.EXE-3298A59E.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : ISTSVC.EXE-0B9CA3A6.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 70 Objects found so far: 292 23:49:24 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:36:39.102 Objects scanned:119059 Objects identified:308 Objects ignored:0 New critical objects:308 |
|
|
|
| Guest_Andy_veal_* |
Jun 18 2005, 09:19 AM
Post
#4
|
|
|
Hello and Welcome
Ad-aware has found objects on your computer If you chose to clean your computer from what Ad-aware found please follow these instructions below… Please make sure that you are using the * SE1R50 13.06.2005 * definition file. Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Please then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder): Please run CCleaner to assist in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Please run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click OK. Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK. If problems are caused by deleting a family, please leave it. Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time. Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type. Please post back here Good luck Andy |
|
|
|
|
Jun 29 2005, 04:14 AM
Post
#5
|
|
|
New Member Posts: 9 OS: XP |
Hi,
edited for content. Cheers, Ste. This post has been edited by coachwife6: Jun 29 2005, 06:48 AM |
|
|
|
| Guest_Andy_veal_* |
Jun 29 2005, 04:16 PM
Post
#6
|
|
|
I would like to add,
The product that steveml was advertising has been on Rogue/Suspect Anti-spyware list Even though it has now been removed, in my opinion it is still unsafe, the company might of changed but if it customers remember what the company has been previously doing they may not support it. I do not recommend any program on the Rogue/Suspect Anti-Spyware site. 
|
|
|
|
|
Jul 6 2005, 04:37 AM
Post
#7
|
|
 Malware Expert  Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
5 / 817 | 4th February 2006 - 08:01 AM Viewsonic started - last by Buckeye_Sam |
|||||
|
7 / 353 | 12th January 2009 - 08:18 AM badlands31 started - last by Rorschach112 |
|||||
|
2 / 296 | 21st January 2009 - 02:35 PM Cathyb started - last by fenzodahl512 |
|||||
|
1 / 244 | 13th September 2009 - 10:16 PM rozky started - last by makai |
|||||
|
Time is now: 7th November 2009 - 11:02 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising