Lavasoft Ad-aware Personal Build 6.181 Logfile created on :08 October 2004 23:22:53 Created with Ad-aware Personal, free for private use. Using reference-file :01R343 04.10.2004 ______________________________________________________ Reffile status: ========================= Reference file loaded: Reference Number : 01R343 04.10.2004 Internal build : 277 File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref Total size : 1347323 Bytes Signature data size : 1325348 Bytes Reference data size : 21911 Bytes Signatures total : 29343 Target categories : 10 Target families : 560 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:60 % Total physical memory:622064 kb Available physical memory:367476 kb Total page file size:1522380 kb Available on page file:1303696 kb Total virtual memory:2097024 kb Available virtual memory:2050664 kb OS: Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-aware Settings ========================= Set : Unload recognized processes during scanning Set : Include basic Ad-aware settings in logfile Set : Include additional Ad-aware settings in logfile Set : Let windows remove files in use at next reboot Set : Always back up reference file, before updating Set : Play sound if scan produced a result 08-10-2004 23:22:53 - Scan started. (Custom mode) Listing running processes ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 08-10-2004 20:58:39 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:46 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:46 BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 23/08/2001 04:00:00 Last accessed : 08/10/2004 22:22:53 Last modified : 23/08/2001 04:00:00 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:46 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 28/08/2002 19:41:26 Last accessed : 08/10/2004 22:22:54 Last modified : 28/08/2002 19:41:26 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:46 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 04:00:00 Last accessed : 08/10/2004 22:22:54 Last modified : 23/08/2001 04:00:00 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:58:47 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 04:00:00 Last accessed : 08/10/2004 22:22:54 Last modified : 23/08/2001 04:00:00 #:7 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 08-10-2004 20:58:50 BasePriority : Normal FileSize : 980 KB FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 28/08/2002 19:41:24 Last accessed : 08/10/2004 22:22:54 Last modified : 28/08/2002 19:41:24 #:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:50 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 23/08/2001 04:00:00 Last accessed : 08/10/2004 22:22:54 Last modified : 23/08/2001 04:00:00 #:9 [sagent2.exe] FilePath : C:\Program Files\Common Files\EPSON\EBAPI\ ThreadCreationTime : 08-10-2004 20:58:50 BasePriority : Normal FileSize : 112 KB FileVersion : 1, 2, 0, 0 ProductVersion : 1, 0, 0, 0 Copyright : Copyright (C) SEIKO EPSON CORP. 2000 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 OriginalFilename : SAgent2.exe ProductName : EPSON Bidirectional Printer Created on : 11/03/2004 18:52:43 Last accessed : 08/10/2004 22:22:54 Last modified : 17/11/2000 01:02:00 #:10 [slserv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 08-10-2004 20:58:50 BasePriority : Normal FileSize : 44 KB FileVersion : 2.80.00(24Apr2000) ProductVersion : 2.80.00 Copyright : Copyright FileDescription : User-Level Modem Service InternalName : slserv OriginalFilename : slserv.exe ProductName : Modem Created on : 01/01/2001 04:52:21 Last accessed : 08/10/2004 22:22:54 Last modified : 01/01/2001 04:52:21 #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:58:51 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 23/08/2001 04:00:00 Last accessed : 08/10/2004 22:22:54 Last modified : 23/08/2001 04:00:00 #:12 [tmntsrv.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\ ThreadCreationTime : 08-10-2004 20:58:51 BasePriority : Normal FileSize : 172 KB FileVersion : 9.0.6.1401 ProductVersion : 9.0.6 Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved. CompanyName : Trend Micro Inc. FileDescription : Tmntsrv InternalName : Tmntsrv OriginalFilename : Tmntsrv.exe ProductName : Trend Pc-cillin 9.0 Created on : 18/07/2002 15:15:52 Last accessed : 08/10/2004 22:22:54 Last modified : 27/05/2004 12:58:44 #:13 [pccpfw.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\ ThreadCreationTime : 08-10-2004 20:58:52 BasePriority : Normal FileSize : 160 KB FileVersion : 9.0.6.1401 ProductVersion : 9.0.6 Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved. CompanyName : Trend Micro Inc. FileDescription : PCCPFW InternalName : PCCPFW OriginalFilename : PCCPFW.exe ProductName : Trend Pc-cillin 9.0 Created on : 18/07/2002 15:13:18 Last accessed : 08/10/2004 22:22:54 Last modified : 27/05/2004 12:58:42 #:14 [iexplore.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:01 BasePriority : Normal FileSize : 92 KB Created on : 18/09/2004 10:39:09 Last accessed : 08/10/2004 21:59:38 Last modified : 18/09/2004 10:39:16 #:15 [stemidle.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:07 BasePriority : Normal FileSize : 118 KB Created on : 05/10/2004 20:12:46 Last accessed : 08/10/2004 22:22:54 Last modified : 05/10/2004 20:12:52 #:16 [mmtray.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:11 BasePriority : Normal FileSize : 52 KB FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 0 Copyright : Copyright CompanyName : Morgan Multimedia FileDescription : MMTray InternalName : MMTray OriginalFilename : MMTray.exe ProductName : Morgan Multimedia MMTray Created on : 15/12/2002 05:01:00 Last accessed : 08/10/2004 22:22:54 Last modified : 15/12/2002 05:01:00 #:17 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\ ThreadCreationTime : 08-10-2004 20:59:11 BasePriority : Normal FileSize : 252 KB FileVersion : 9.0.6.1401 ProductVersion : 9.0.6 Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved. CompanyName : Trend Micro Inc. FileDescription : PCCGuide InternalName : PCCGuide OriginalFilename : PCCGuide ProductName : Trend Pc-cillin 9.0 Created on : 18/07/2002 15:18:42 Last accessed : 08/10/2004 21:58:37 Last modified : 27/05/2004 12:58:41 #:18 [pccclient.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\ ThreadCreationTime : 08-10-2004 20:59:11 BasePriority : Normal FileSize : 456 KB FileVersion : 9.0.6.1401 ProductVersion : 9.0.6 Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved. CompanyName : Trend Micro Inc. FileDescription : PCCClient InternalName : PCCClient OriginalFilename : PCCClient ProductName : Trend Pc-cillin 9.0 Created on : 18/07/2002 15:12:50 Last accessed : 08/10/2004 22:22:54 Last modified : 27/05/2004 12:58:40 #:19 [pop3trap.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\ ThreadCreationTime : 08-10-2004 20:59:11 BasePriority : Normal FileSize : 308 KB FileVersion : 9.0.6.1401 ProductVersion : 9.0.6 Copyright : Copyright (C) 1995-2003 Trend Micro Inc. All rights reserved. CompanyName : Trend Micro Inc. FileDescription : POP3Trap InternalName : POP3Trap OriginalFilename : POP3Trap ProductName : Trend Pc-cillin 9.0 Created on : 18/07/2002 15:15:32 Last accessed : 08/10/2004 22:22:54 Last modified : 27/05/2004 12:58:43 #:20 [realplay.exe] FilePath : C:\Program Files\Real\RealPlayer\ ThreadCreationTime : 08-10-2004 20:59:11 BasePriority : Normal FileSize : 25 KB FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY OriginalFilename : REALPLAY.EXE ProductName : RealPlayer (32-bit) Created on : 20/02/2004 18:53:14 Last accessed : 08/10/2004 22:22:54 Last modified : 21/02/2004 17:03:34 #:21 [gsicon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:12 BasePriority : Normal FileSize : 88 KB FileVersion : 3.1.3 ProductVersion : 3.1.3 Copyright : Copyright CompanyName : GlobespanVirata, Inc. FileDescription : DSL Modem Monitor InternalName : GSICON.EXE OriginalFilename : GSICON.EXE ProductName : DSL Modem Created on : 01/03/2004 19:30:15 Last accessed : 08/10/2004 21:59:16 Last modified : 14/05/2003 20:55:56 #:22 [dslagent.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:12 BasePriority : Normal FileSize : 16 KB Created on : 01/03/2004 19:30:15 Last accessed : 08/10/2004 22:22:54 Last modified : 25/04/2003 10:52:10 #:23 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ThreadCreationTime : 08-10-2004 20:59:13 BasePriority : Normal FileSize : 76 KB FileVersion : 6.3 ProductVersion : QuickTime 6.3 CompanyName : Apple Computer, Inc. InternalName : QuickTime Task OriginalFilename : QTTask.exe ProductName : QuickTime Created on : 09/06/2004 21:10:38 Last accessed : 08/10/2004 21:45:52 Last modified : 09/06/2004 21:10:38 #:24 [hpztsb09.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ThreadCreationTime : 08-10-2004 20:59:13 BasePriority : Normal FileSize : 172 KB FileVersion : 2.241.0.0 ProductVersion : 2.241.0.0 Copyright : Copyright (c) Hewlett-Packard Company 1999-2003 CompanyName : HP ProductName : HP DeskJet Created on : 03/08/2004 22:18:02 Last accessed : 08/10/2004 22:22:54 Last modified : 04/12/2003 23:44:34 #:25 [hpcmpmgr.exe] FilePath : C:\Program Files\HP\hpcoretech\ ThreadCreationTime : 08-10-2004 20:59:14 BasePriority : Normal FileSize : 236 KB FileVersion : 2.1.1.0 ProductVersion : 2.1.4 Copyright : Copyright (C) Hewlett-Packard. 2002-2003 CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module OriginalFilename : HpCmpMgr.exe ProductName : hp coretech (COmponent REuse TECHnology) Created on : 22/12/2003 07:38:42 Last accessed : 08/10/2004 22:22:55 Last modified : 22/12/2003 07:38:42 #:26 [hpwuschd2.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\ ThreadCreationTime : 08-10-2004 20:59:14 BasePriority : Normal FileSize : 48 KB FileVersion : 2, 0, 37, 0 ProductVersion : 2, 0, 37, 0 Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd OriginalFilename : hpwuSchd2.exe ProductName : Hewlett-Packard hpwuSchd Created on : 05/12/2003 14:41:44 Last accessed : 08/10/2004 22:22:55 Last modified : 05/12/2003 14:41:44 #:27 [hphmon05.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:15 BasePriority : Normal FileSize : 484 KB FileVersion : 5,2,10 ProductVersion : 5,2,10 Copyright : Copyright (C) 2003 CompanyName : Hewlett-Packard FileDescription : HPHmon05 InternalName : HPHmon05 OriginalFilename : HPHmon05.exe ProductName : HP Photosmart Created on : 02/02/2004 19:41:58 Last accessed : 08/10/2004 22:13:12 Last modified : 02/02/2004 19:41:58 #:28 [yxkethr.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:16 BasePriority : Normal FileSize : 37 KB Created on : 09/08/2004 22:38:23 Last accessed : 08/10/2004 20:59:15 Last modified : 20/07/2004 15:33:58 #:29 [lsasv.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:18 BasePriority : Normal FileSize : 138 KB Created on : 28/08/2002 19:41:24 Last accessed : 08/10/2004 22:22:55 Last modified : 28/08/2002 19:41:24 #:30 [wupdt32x.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:18 BasePriority : Normal FileSize : 133 KB Created on : 05/09/2004 22:21:19 Last accessed : 08/10/2004 22:22:55 Last modified : 05/09/2004 22:21:36 #:31 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:18 BasePriority : Normal FileSize : 13 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON OriginalFilename : CTFMON.EXE ProductName : Microsoft Created on : 28/08/2002 19:41:22 Last accessed : 08/10/2004 22:22:55 Last modified : 28/08/2002 19:41:22 #:32 [ypager.exe] FilePath : C:\Program Files\Yahoo!\Messenger\ ThreadCreationTime : 08-10-2004 20:59:19 BasePriority : Normal FileSize : 1948 KB FileVersion : 6,0,0,1788 ProductVersion : 6,0,0,1788 Copyright : Copyright 1998-2004 CompanyName : Yahoo! Inc. FileDescription : Yahoo! Messenger InternalName : Yahoo! Messengerr OriginalFilename : YPager.exe ProductName : Yahoo! Messenger Created on : 01/03/2004 20:09:20 Last accessed : 08/10/2004 22:22:55 Last modified : 20/08/2004 13:32:24 #:33 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ThreadCreationTime : 08-10-2004 20:59:19 BasePriority : Normal FileSize : 1456 KB FileVersion : 4.7.2009 ProductVersion : Version 4.7 Copyright : Copyright (c) Microsoft Corporation 1997-2003 CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs OriginalFilename : msmsgs.exe ProductName : Messenger Created on : 14/04/2003 19:30:14 Last accessed : 08/10/2004 21:46:48 Last modified : 14/04/2003 19:30:14 #:34 [e_s10ic2.exe] FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ ThreadCreationTime : 08-10-2004 20:59:22 BasePriority : Normal FileSize : 67 KB FileVersion : 3.00 ProductVersion : 3.00 Copyright : Copyright (C) SEIKO EPSON CORP. 2001 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S10IC2 OriginalFilename : E_S10IC2.EXE ProductName : EPSON Status Monitor 3 Created on : 11/03/2004 18:52:39 Last accessed : 08/10/2004 22:22:55 Last modified : 19/01/2001 03:00:00 #:35 [hpzipm12.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:22 BasePriority : Normal FileSize : 64 KB FileVersion : 7, 0, 0, 0 ProductVersion : 7, 0, 0, 0 Copyright : Copyright CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv OriginalFilename : PmlDrv.exe ProductName : HP PML Created on : 03/08/2004 22:18:13 Last accessed : 08/10/2004 22:22:55 Last modified : 14/05/2003 17:45:04 #:36 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 08-10-2004 20:59:55 BasePriority : Normal FileSize : 111 KB FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe OriginalFilename : wuauclt.exe ProductName : Microsoft Created on : 15/01/2004 23:56:38 Last accessed : 08/10/2004 22:22:55 Last modified : 03/08/2004 13:02:20 #:37 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ThreadCreationTime : 08-10-2004 21:46:46 BasePriority : Normal FileSize : 89 KB FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore OriginalFilename : IEXPLORE.EXE ProductName : Microsoft Created on : 15/01/2004 23:58:59 Last accessed : 08/10/2004 21:46:46 Last modified : 28/08/2002 19:41:26 #:38 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 08-10-2004 22:16:30 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 08/10/2004 22:13:33 Last accessed : 08/10/2004 22:14:39 Last modified : 12/07/2003 21:00:20 Memory scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 0 Started registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Alexa Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{cea206e8-8057-4a04-ace9-ff0d69a92297} DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : DyFuCA_BH.BHObj DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : DyFuCA_BH.BHObj.1 DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj.1 DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Avenue Media DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : Software\Avenue Media DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Avenue Media\Internet Optimizer DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} DyFuCA Object recognized! Type : RegKey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ISTactivex.Installer istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer.2 istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : Software\IST istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{386a771c-e96a-421f-8ba7-32f1b706892f} SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\SideFind SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} StopPop Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A} VX2 Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC} VX2 Object recognized! Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : vx2.vx2obj Powerscan Object recognized! Type : RegValue Data : Category : Malware Comment : "account_id" Rootkey : HKEY_CURRENT_USER Object : Software\Powerscan Value : account_id Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 25 Objects found so far: 25 Started deep registry scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bar.couldnotfind.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Category : Malware Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.couldnotfind.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Category : Malware Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barcouldnotfind.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Category : Malware Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantcouldnotfind.com Possible Browser Hijack attempt Object recognized! Type : RegData Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Category : Malware Comment : Possible browser hijack attempt Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.couldnotfind.com/search_page.html?&account_id=109200" Possible browser hijack attempt : {386A771C-E96A-421F-8BA7-32F1B706892F} (http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab) Possible Browser Hijack attempt Object recognized! Type : RegKey Data : Category : Vulnerability Comment : Possible browser hijack attempt : http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386A771C-E96A-421F-8BA7-32F1B706892F} IPInsight Object recognized! Type : RegValue Data : Category : Data Miner Comment : "conscorr" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : conscorr IPInsight Object recognized! Type : File Data : conscorr.exe Category : Data Miner Comment : Object : c:\windows\ FileSize : 68 KB FileVersion : 0, 3, 1, 3 ProductVersion : 0, 3, 1, 3 Copyright : Copyright CompanyName : ConsCorr FileDescription : www.conscorr.com Created on : 09/08/2004 22:38:42 Last accessed : 08/10/2004 22:25:34 Last modified : 28/06/2004 03:43:58 Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 6 Objects found so far: 32 Deep scanning and examining files (C:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Tracking Cookie Object recognized! Type : File Data : sha@2o7[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 15/12/2003 22:16:36 Last accessed : 08/10/2004 22:26:36 Last modified : 15/12/2003 22:16:36 Tracking Cookie Object recognized! Type : File Data : sha@ad-logics[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 21/09/2003 11:11:37 Last accessed : 08/10/2004 22:26:37 Last modified : 14/12/2003 22:57:39 Tracking Cookie Object recognized! Type : File Data : sha@adrevolver[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/10/2003 22:49:53 Last accessed : 08/10/2004 22:26:37 Last modified : 05/10/2003 22:49:53 Tracking Cookie Object recognized! Type : File Data : sha@ads.adsag[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 13/12/2003 00:17:25 Last accessed : 08/10/2004 22:26:37 Last modified : 13/12/2003 00:17:25 Tracking Cookie Object recognized! Type : File Data : sha@adserver.anm.co[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 17/09/2003 22:29:06 Last accessed : 08/10/2004 22:26:37 Last modified : 17/09/2003 22:29:07 Tracking Cookie Object recognized! Type : File Data : sha@adult.slotch[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 17/09/2003 17:47:28 Last accessed : 08/10/2004 22:26:37 Last modified : 17/09/2003 17:47:28 Tracking Cookie Object recognized! Type : File Data : sha@adviva[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 31/12/2003 17:08:47 Last accessed : 08/10/2004 22:26:37 Last modified : 31/12/2003 17:09:23 Tracking Cookie Object recognized! Type : File Data : sha@as-us.falkag[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 06/01/2004 23:02:47 Last accessed : 08/10/2004 22:26:37 Last modified : 06/01/2004 23:04:41 Tracking Cookie Object recognized! Type : File Data : sha@as1.falkag[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 01/12/2003 11:00:42 Last accessed : 08/10/2004 22:26:37 Last modified : 01/12/2003 12:44:35 Tracking Cookie Object recognized! Type : File Data : sha@bravenet[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/10/2003 19:11:42 Last accessed : 08/10/2004 22:26:38 Last modified : 10/10/2003 11:58:38 Tracking Cookie Object recognized! Type : File Data : sha@bs.serving-sys[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 15/08/2003 21:51:47 Last accessed : 08/10/2004 22:26:38 Last modified : 15/08/2003 21:51:47 Tracking Cookie Object recognized! Type : File Data : sha@c.porngraph[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 06/01/2004 17:41:29 Last accessed : 08/10/2004 22:26:38 Last modified : 07/01/2004 22:44:12 Tracking Cookie Object recognized! Type : File Data : sha@casalemedia[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 22/12/2003 18:51:21 Last accessed : 08/10/2004 22:26:38 Last modified : 22/12/2003 18:51:21 Tracking Cookie Object recognized! Type : File Data : sha@cgi-bin[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/01/2004 23:51:25 Last accessed : 08/10/2004 22:26:38 Last modified : 05/01/2004 23:51:25 Tracking Cookie Object recognized! Type : File Data : sha@cgi-bin[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 11/12/2003 21:41:04 Last accessed : 08/10/2004 22:26:38 Last modified : 05/01/2004 17:34:19 Tracking Cookie Object recognized! Type : File Data : sha@cgi-bin[3].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 20/11/2003 08:15:00 Last accessed : 08/10/2004 22:26:38 Last modified : 20/11/2003 08:15:00 Tracking Cookie Object recognized! Type : File Data : sha@cgi-bin[4].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/01/2004 23:45:11 Last accessed : 08/10/2004 22:26:38 Last modified : 05/01/2004 23:45:11 Tracking Cookie Object recognized! Type : File Data : sha@domainsponsor[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 09/12/2003 20:30:47 Last accessed : 08/10/2004 22:26:39 Last modified : 09/12/2003 20:30:47 Tracking Cookie Object recognized! Type : File Data : sha@edge.ru4[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 31/12/2003 13:20:36 Last accessed : 08/10/2004 22:26:39 Last modified : 31/12/2003 13:20:36 Tracking Cookie Object recognized! Type : File Data : sha@euniverseads[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 21/09/2003 11:11:40 Last accessed : 08/10/2004 22:26:39 Last modified : 21/09/2003 11:11:40 Tracking Cookie Object recognized! Type : File Data : sha@goclick[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 04/12/2003 09:39:11 Last accessed : 08/10/2004 22:26:40 Last modified : 04/12/2003 09:39:11 Tracking Cookie Object recognized! Type : File Data : sha@hit1.vioclicks[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/10/2003 22:58:01 Last accessed : 08/10/2004 22:26:40 Last modified : 05/10/2003 22:58:01 Tracking Cookie Object recognized! Type : File Data : sha@kelkoo.co[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 05/01/2004 23:48:59 Last accessed : 08/10/2004 22:26:41 Last modified : 05/01/2004 23:48:59 Tracking Cookie Object recognized! Type : File Data : sha@overture[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 21/11/2003 19:49:09 Last accessed : 08/10/2004 22:26:42 Last modified : 21/11/2003 19:49:09 Tracking Cookie Object recognized! Type : File Data : sha@pointroll[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 20/12/2003 20:55:16 Last accessed : 08/10/2004 22:26:42 Last modified : 20/12/2003 20:55:16 Tracking Cookie Object recognized! Type : File Data : sha@questionmarket[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 24/09/2003 22:28:04 Last accessed : 08/10/2004 22:26:43 Last modified : 15/12/2003 22:38:25 Tracking Cookie Object recognized! Type : File Data : sha@realmedia[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 18/09/2003 10:12:33 Last accessed : 08/10/2004 22:26:43 Last modified : 18/09/2003 10:12:33 Tracking Cookie Object recognized! Type : File Data : sha@revenue[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 20/11/2003 08:14:50 Last accessed : 08/10/2004 22:26:43 Last modified : 09/12/2003 20:30:48 Tracking Cookie Object recognized! Type : File Data : sha@server.iad.liveperson[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 04/10/2003 23:25:51 Last accessed : 08/10/2004 22:26:43 Last modified : 04/10/2003 23:25:51 Tracking Cookie Object recognized! Type : File Data : sha@tradedoubler[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 19/09/2003 06:26:38 Last accessed : 08/10/2004 22:26:44 Last modified : 19/09/2003 06:26:38 Tracking Cookie Object recognized! Type : File Data : sha@tribalfusion[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 15/12/2003 22:21:44 Last accessed : 08/10/2004 22:26:44 Last modified : 15/12/2003 22:21:44 Tracking Cookie Object recognized! Type : File Data : sha@tripod[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 29/09/2003 16:16:14 Last accessed : 08/10/2004 22:26:44 Last modified : 29/09/2003 16:16:14 Tracking Cookie Object recognized! Type : File Data : sha@www.123count[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 19/09/2003 05:45:10 Last accessed : 08/10/2004 22:26:45 Last modified : 19/09/2003 05:45:10 Tracking Cookie Object recognized! Type : File Data : sha@www.1stblaze[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 09/12/2003 20:31:27 Last accessed : 08/10/2004 22:26:45 Last modified : 09/12/2003 20:31:27 Tracking Cookie Object recognized! Type : File Data : sha@xxxtoolbar[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 19/09/2003 02:55:50 Last accessed : 08/10/2004 22:26:50 Last modified : 04/01/2004 20:40:28 Tracking Cookie Object recognized! Type : File Data : sha@zedo[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/12/2003 18:01:13 Last accessed : 08/10/2004 22:26:50 Last modified : 08/12/2003 18:01:13 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@a.as-eu.falkag[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 21:38:40 Last accessed : 08/10/2004 21:55:01 Last modified : 08/10/2004 21:55:01 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@as1.falkag[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 21:28:34 Last accessed : 08/10/2004 21:28:35 Last modified : 08/10/2004 21:28:35 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@atdmt[2].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 10:19:30 Last accessed : 08/10/2004 22:26:50 Last modified : 08/10/2004 10:19:30 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@counter2.hitslink[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 21:13:28 Last accessed : 08/10/2004 22:26:50 Last modified : 08/10/2004 21:13:28 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@doubleclick[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 07/10/2004 18:10:22 Last accessed : 08/10/2004 22:26:50 Last modified : 07/10/2004 18:11:39 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@fortunecity[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 21:15:22 Last accessed : 08/10/2004 22:26:50 Last modified : 08/10/2004 21:15:22 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@internetfuel[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 00:26:44 Last accessed : 08/10/2004 22:26:51 Last modified : 08/10/2004 00:26:44 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@mediaplex[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 21:15:22 Last accessed : 08/10/2004 22:26:51 Last modified : 08/10/2004 21:15:22 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@trafficmp[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 20:44:37 Last accessed : 08/10/2004 22:26:51 Last modified : 08/10/2004 20:44:37 Tracking Cookie Object recognized! Type : File Data : shahab sharifi@www.slotch[1].txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Cookies\ Created on : 08/10/2004 00:26:39 Last accessed : 08/10/2004 22:26:52 Last modified : 08/10/2004 00:26:39 VX2 Object recognized! Type : File Data : polall1l.exe Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\THI4516.tmp\ FileSize : 37 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : callinghome.biz CompanyName : callinghome.biz FileDescription : Installation utility for www.callinghome.biz InternalName : Calling Home OriginalFilename : Caller.exe ProductName : Calling Home Created on : 09/08/2004 22:38:05 Last accessed : 08/10/2004 22:27:08 Last modified : 20/07/2004 15:33:58 Cydoor Object recognized! Type : File Data : cd_clint.dll Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 122 KB FileVersion : 3, 2, 1, 6 ProductVersion : 3, 2, 1, 6 Copyright : Copyright FileDescription : cd_clint InternalName : cd_clint OriginalFilename : cd_clint.dll ProductName : cd_clint Created on : 02/03/2004 09:18:04 Last accessed : 08/10/2004 22:27:10 Last modified : 31/07/2003 13:02:00 IPInsight Object recognized! Type : File Data : conscorr.exe Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 68 KB FileVersion : 0, 3, 1, 3 ProductVersion : 0, 3, 1, 3 Copyright : Copyright CompanyName : ConsCorr FileDescription : www.conscorr.com Created on : 09/08/2004 22:38:42 Last accessed : 08/10/2004 22:27:10 Last modified : 28/06/2004 03:43:58 DyFuCA Object recognized! Type : File Data : optimize.exe Category : Malware Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 40 KB Created on : 09/08/2004 22:37:50 Last accessed : 08/10/2004 22:27:13 Last modified : 09/08/2004 22:37:51 Powerscan Object recognized! Type : File Data : powerscan.exe Category : Malware Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 67 KB FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 Copyright : Copyright (C) 2004 FileDescription : PowerScan v1.1 InternalName : PowerScan v1.1 OriginalFilename : Power-Scan.exe ProductName : PowerScan v1.1 Created on : 09/08/2004 22:39:03 Last accessed : 08/10/2004 22:27:13 Last modified : 09/08/2004 22:39:05 BargainBuddy Object recognized! Type : File Data : shortcuts.txt Category : Data Miner Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 6 KB Created on : 09/08/2004 22:39:09 Last accessed : 08/10/2004 22:27:14 Last modified : 09/08/2004 22:39:09 SideFind Object recognized! Type : File Data : sidefind.exe Category : Malware Comment : Object : C:\Documents and Settings\Shahab Sharifi\Local Settings\Temp\ FileSize : 6 KB Created on : 09/08/2004 22:37:46 Last accessed : 08/10/2004 22:27:14 Last modified : 09/08/2004 22:37:46 eUniverse Object recognized! Type : File Data : perfectnav150.dll Category : Data Miner Comment : Object : C:\Program Files\PerfectNav\BHO\ FileSize : 44 KB FileVersion : 1, 5, 0, 0 ProductVersion : 1, 5, 0, 0 Copyright : Copyright 2003 FileDescription : BHO Module InternalName : BHO OriginalFilename : BHO.DLL ProductName : BHO Module Created on : 12/12/2003 10:20:34 Last accessed : 08/10/2004 22:32:18 Last modified : 12/12/2003 10:20:34 Powerscan Object recognized! Type : File Data : powerscan.exe Category : Malware Comment : Object : C:\Program Files\Power Scan\ FileSize : 67 KB FileVersion : 1, 1, 0, 2 ProductVersion : 1, 1, 0, 2 Copyright : Copyright (C) 2004 FileDescription : PowerScan v1.1 InternalName : PowerScan v1.1 OriginalFilename : Power-Scan.exe ProductName : PowerScan v1.1 Created on : 09/08/2004 22:39:05 Last accessed : 08/10/2004 22:32:18 Last modified : 09/08/2004 22:39:05 SideFind Object recognized! Type : File Data : sfbho.dll Category : Malware Comment : Object : C:\Program Files\SideFind\ FileSize : 94 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright 2003 FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject OriginalFilename : BrowserHelperObject.DLL ProductName : BrowserHelperObject Module Created on : 09/08/2004 22:37:56 Last accessed : 08/10/2004 22:25:27 Last modified : 09/08/2004 22:37:59 SideFind Object recognized! Type : File Data : sidefind.dll Category : Malware Comment : Object : C:\Program Files\SideFind\ FileSize : 87 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright 2004 CompanyName : IST FileDescription : SideFind Module InternalName : SideFind OriginalFilename : SideFind.DLL ProductName : SideFind Module Created on : 09/08/2004 22:37:59 Last accessed : 08/10/2004 22:25:18 Last modified : 09/08/2004 22:38:01 Win32.Welchia Object recognized! Type : File Data : 62.tmp Category : Malware Comment : Object : C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\Temp\ FileSize : 10 KB Created on : 16/03/2004 22:42:38 Last accessed : 08/10/2004 22:32:33 Last modified : 16/03/2004 22:42:38 DyFuCA Object recognized! Type : File Data : actalert.exe Category : Malware Comment : Object : C:\RECYCLER\S-1-5-21-854245398-1788223648-725345543-500\Dc1\update\ FileSize : 33 KB Created on : 09/08/2004 22:38:01 Last accessed : 08/10/2004 22:33:00 Last modified : 09/08/2004 22:38:02 DyFuCA Object recognized! Type : File Data : install.exe Category : Malware Comment : Object : C:\RECYCLER\S-1-5-21-854245398-1788223648-725345543-500\Dc1\update\ FileSize : 26 KB Created on : 09/08/2004 22:38:05 Last accessed : 08/10/2004 22:33:00 Last modified : 15/09/2004 04:54:19 DyFuCA Object recognized! Type : File Data : actalert.exe Category : Malware Comment : Object : C:\RECYCLER\S-1-5-21-854245398-1788223648-725345543-500\Dc1\ FileSize : 33 KB Created on : 09/08/2004 22:38:04 Last accessed : 08/10/2004 22:33:00 Last modified : 09/08/2004 22:38:02 DyFuCA Object recognized! Type : File Data : install.exe Category : Malware Comment : Object : C:\RECYCLER\S-1-5-21-854245398-1788223648-725345543-500\Dc1\ FileSize : 26 KB Created on : 09/08/2004 22:38:07 Last accessed : 08/10/2004 22:33:00 Last modified : 15/09/2004 04:54:19 AsianRaw Dialer Object recognized! Type : File Data : nastysex.exe Category : Malware Comment : Object : C:\WINDOWS\ FileSize : 52 KB Created on : 11/08/2004 22:47:23 Last accessed : 08/10/2004 22:38:36 Last modified : 11/08/2004 22:47:13 Disk scan result for C:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Deep scanning and examining files (D:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for D:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Deep scanning and examining files (E:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for E:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Deep scanning and examining files (F:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for F:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Deep scanning and examining files (G:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for G:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Deep scanning and examining files (H:) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Disk scan result for H:\ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 0 Objects found so far: 95 Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts) ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Hosts file scan result: ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ 1 entries scanned. New objects :0 Objects found so far: 95 Performing conditional scans.. ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ DyFuCA Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} istbar Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} istbar Object recognized! Type : Folder Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\Adult Sites istbar Object recognized! Type : Folder Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\Free Adult Content istbar Object recognized! Type : Folder Category : Malware Comment : Object : c:\program files\180Solutions istbar Object recognized! Type : File Data : amateur Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : anal Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : asian Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : bisexual Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : black Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : cartoon Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : cumshots Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : fetish Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : gang bang Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : gay Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : hardcore Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : interacial Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : latin Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : lesbian Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : mature Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : peeing Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : reality Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:33 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : teen Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:33 istbar Object recognized! Type : File Data : teen hardcore Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : tits Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : transexual Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : upskirt Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : video Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : voyeur Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\adult sites\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : daily movies Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\free adult content\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : daily pictures Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\free adult content\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : free live chat Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\favorites\free adult content\ Created on : 16/01/2004 00:24:32 Last accessed : 08/10/2004 22:26:52 Last modified : 16/01/2004 00:24:32 istbar Object recognized! Type : File Data : istactivex.inf Category : Malware Comment : Object : c:\windows\downloaded program files\ Created on : 22/07/2004 12:37:00 Last accessed : 08/10/2004 22:42:41 Last modified : 22/07/2004 12:37:00 SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} SideFind Object recognized! Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind Object recognized! Type : Folder Category : Malware Comment : Object : c:\program files\SideFind VX2 Object recognized! Type : File Data : billionaire.bmp Category : Data Miner Comment : Object : c:\docume~1\shahab~1\locals~1\temp\ FileSize : 20 KB Created on : 12/06/2004 08:35:46 Last accessed : 08/10/2004 22:42:41 Last modified : 17/06/2004 12:31:04 VX2 Object recognized! Type : File Data : bit5.tmp Category : Data Miner Comment : Object : c:\docume~1\shahab~1\locals~1\temp\ FileSize : 5122 KB FileVersion : 4.71.1015.0 ProductVersion : 4.71.1015.0 Copyright : Copyright (C) Microsoft Corp. 1995 CompanyName : Microsoft Corporation FileDescription : Win32 Cabinet Self-Extractor InternalName : Wextract OriginalFilename : WEXTRACT.EXE ProductName : Microsoft(R) Windows NT(R) Operating System Created on : 01/06/2004 17:52:40 Last accessed : 08/10/2004 22:42:41 Last modified : 01/06/2004 17:52:40 VX2 Object recognized! Type : File Data : dummy.htm Category : Data Miner Comment : Object : c:\docume~1\shahab~1\locals~1\temp\ Created on : 09/08/2004 22:37:56 Last accessed : 08/10/2004 22:42:41 Last modified : 09/08/2004 22:37:56 VX2 Object recognized! Type : File Data : oem11.inf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 18:51:12 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 18:51:12 VX2 Object recognized! Type : File Data : oem11.pnf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 18:51:12 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 18:51:12 VX2 Object recognized! Type : File Data : oem12.inf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 18:51:12 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 18:51:12 VX2 Object recognized! Type : File Data : oem12.pnf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 18:51:12 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 18:51:12 VX2 Object recognized! Type : File Data : oem14.inf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 22:18:15 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 22:18:15 VX2 Object recognized! Type : File Data : oem14.pnf Category : Data Miner Comment : Object : c:\windows\lastgood\inf\ Created on : 03/08/2004 22:18:15 Last accessed : 08/10/2004 22:42:41 Last modified : 03/08/2004 22:18:15 Powerscan Object recognized! Type : Folder Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\start menu\programs\Power Scan Powerscan Object recognized! Type : File Data : power scan.lnk Category : Malware Comment : Object : c:\documents and settings\shahab sharifi\start menu\programs\power scan\ Created on : 09/08/2004 22:39:06 Last accessed : 08/10/2004 22:44:20 Last modified : 09/08/2004 22:39:06 BargainBuddy Object recognized! Type : File Data : a~nsisu_.exe Category : Data Miner Comment : Object : c:\docume~1\shahab~1\locals~1\temp\ FileSize : 57 KB Created on : 08/10/2004 21:42:20 Last accessed : 08/10/2004 22:44:20 Last modified : 08/10/2004 21:40:56 AsianRaw Dialer Object recognized! Type : File Data : wet_me!.exe Category : Malware Comment : Object : c:\windows\ FileSize : 56 KB Created on : 02/03/2004 13:14:26 Last accessed : 08/10/2004 22:38:38 Last modified : 02/03/2004 13:14:15 Conditional scan result: ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 51 Objects found so far: 146 23:49:43 Scan complete Summary of this scan ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Total scanning time :00:26:49:297 Objects scanned :137196 Objects identified :146 Objects ignored :0 New objects :146