Ad-Aware SE Build 1.05 Logfile Created on:12 May 2005 20:38:29 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):29 total references Alexa(TAC index:5):11 total references BargainBuddy(TAC index:8):20 total references CoolWebSearch(TAC index:10):21 total references DyFuCA(TAC index:3):63 total references Hijacker.TopConverting(TAC index:5):1 total references istbar(TAC index:7):11 total references MRU List(TAC index:0):13 total references Other(TAC index:5):1 total references Possible Browser Hijack attempt(TAC index:3):3 total references Powerscan(TAC index:5):6 total references Rads01.Quadrogram(TAC index:6):2 total references SideFind(TAC index:5):6 total references Tracking Cookie(TAC index:3):24 total references Windows(TAC index:3):1 total references VX2(TAC index:10):54 total references ZyncosMark(TAC index:3):7 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-05-2005 20:38:29 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 776 ThreadCreationTime : 12-05-2005 19:34:22 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 852 ThreadCreationTime : 12-05-2005 19:34:23 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 876 ThreadCreationTime : 12-05-2005 19:34:23 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 920 ThreadCreationTime : 12-05-2005 19:34:23 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 932 ThreadCreationTime : 12-05-2005 19:34:23 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1104 ThreadCreationTime : 12-05-2005 19:34:24 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1252 ThreadCreationTime : 12-05-2005 19:34:24 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1420 ThreadCreationTime : 12-05-2005 19:34:24 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1492 ThreadCreationTime : 12-05-2005 19:34:24 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1780 ThreadCreationTime : 12-05-2005 19:34:25 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll) VX2 Object Recognized! Type : Process Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 332 ThreadCreationTime : 12-05-2005 19:34:28 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 616 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 3.0.0.2209 ProductVersion : 7.0.0.2209 ProductName : Intel(R) Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:13 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 624 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 3.0.0.2209 ProductVersion : 7.0.0.2209 ProductName : Intel(R) Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : HKCMD.EXE #:14 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 632 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 2.1.21 2.1.21 11/21/2002 14:17:53 ProductVersion : 2.1.21 2.1.21 11/21/2002 14:17:53 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:15 [ltmoh.exe] FilePath : C:\Program Files\ltmoh\ ProcessID : 640 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 1.68 ProductVersion : 1.68 ProductName : LtMoh Application CompanyName : Agere Systems FileDescription : LtMoh MFC Application InternalName : LtMoh LegalCopyright : Agere Copyright © 2001-2002 LegalTrademarks : LT OriginalFilename : LtMoh.EXE #:16 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 656 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 7.2.9 03Jan03 ProductVersion : 7.2.9 03Jan03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPLpr.exe #:17 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 664 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal FileVersion : 7.2.9 03Jan03 ProductVersion : 7.2.9 03Jan03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2002 OriginalFilename : SynTPEnh.exe #:18 [dmfeyss.exe] FilePath : C:\WINDOWS\ ProcessID : 672 ThreadCreationTime : 12-05-2005 19:34:29 BasePriority : Normal #:19 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 732 ThreadCreationTime : 12-05-2005 19:34:31 BasePriority : Normal FileVersion : 7,0,0,174 ProductVersion : 7.0.0.174 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2003, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:20 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 736 ThreadCreationTime : 12-05-2005 19:34:31 BasePriority : Normal FileVersion : 7,0,0,159 ProductVersion : 7.0.0.159 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2003, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:21 [gcasserv.exe] FilePath : C:\Program Files\Microsoft AntiSpyware\ ProcessID : 752 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Idle FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Service InternalName : gcasServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation. OriginalFilename : gcasServ.exe #:22 [istsvc.exe] FilePath : C:\Program Files\ISTsvc\ ProcessID : 764 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Normal #:23 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 796 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:24 [dwhbnz.exe] FilePath : c:\windows\system32\ ProcessID : 804 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. #:25 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 820 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Normal FileVersion : 4.7.0041 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:26 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 824 ThreadCreationTime : 12-05-2005 19:34:32 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:27 [ypager.exe] FilePath : C:\Program Files\Yahoo!\Messenger\ ProcessID : 836 ThreadCreationTime : 12-05-2005 19:34:33 BasePriority : Normal FileVersion : 6,0,0,1913 ProductVersion : 6,0,0,1913 ProductName : Yahoo! Messenger CompanyName : Yahoo! Inc. FileDescription : Yahoo! Messenger InternalName : Yahoo! Messengerr LegalCopyright : Copyright 1998-2004 OriginalFilename : YPager.exe #:28 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1300 ThreadCreationTime : 12-05-2005 19:34:34 BasePriority : Normal FileVersion : 7,0,0,175 ProductVersion : 7.0.0.175 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2003, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:29 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1332 ThreadCreationTime : 12-05-2005 19:34:34 BasePriority : Normal FileVersion : 7,0,0,132 ProductVersion : 7.0.0.132 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2002, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:30 [icmon.exe] FilePath : C:\Program Files\Sophos SWEEP for NT\ ProcessID : 1344 ThreadCreationTime : 12-05-2005 19:34:34 BasePriority : Normal FileVersion : 1.00.0235 ProductVersion : 3 (Build 0235) ProductName : Sophos Anti-Virus CompanyName : Sophos Plc FileDescription : Sophos Anti-Virus InterCheck activity monitor (ENG) InternalName : ICMON LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc. OriginalFilename : ICMON.EXE #:31 [swnetsup.exe] FilePath : C:\Program Files\Sophos SWEEP for NT\ ProcessID : 1584 ThreadCreationTime : 12-05-2005 19:34:35 BasePriority : Normal FileVersion : 1.00.0235 ProductVersion : 3 (Build 0235) ProductName : Sophos Anti-Virus CompanyName : Sophos Plc FileDescription : Sophos Anti-Virus network support service InternalName : SWNETSUP LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc. OriginalFilename : SWNETSUP.EXE #:32 [sweepsrv.sys] FilePath : C:\Program Files\Sophos SWEEP for NT\ ProcessID : 1608 ThreadCreationTime : 12-05-2005 19:34:35 BasePriority : Normal FileVersion : 2.01.0235 ProductVersion : 3 (Build 0235) ProductName : Sophos Anti-Virus CompanyName : Sophos Plc FileDescription : Sophos Anti-Virus detection system service InternalName : SWEEPSRV LegalCopyright : © 1989-2005 Sophos Plc, www.sophos.com LegalTrademarks : SWEEP®, InterCheck®, and SAVI®, are trademarks of Sophos® Plc. OriginalFilename : SWEEPSRV.SYS #:33 [gcasdtserv.exe] FilePath : C:\Program Files\Microsoft AntiSpyware\ ProcessID : 1724 ThreadCreationTime : 12-05-2005 19:34:36 BasePriority : Normal FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation. OriginalFilename : gcasDtServ.exe #:34 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 4056 ThreadCreationTime : 12-05-2005 19:36:06 BasePriority : Normal FileVersion : 5.4.3630.1106 (xpsp1.020828-1920) ProductVersion : 5.4.3630.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Update AutoUpdate Client InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:35 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 2400 ThreadCreationTime : 12-05-2005 19:36:30 BasePriority : Normal #:36 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2160 ThreadCreationTime : 12-05-2005 19:37:54 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da} ZyncosMark Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} ZyncosMark Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} Value : ZyncosMark Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag ZyncosMark Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag Value : ZyncosMark Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist Value : InstallDate DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist Value : account_id DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist Value : config DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\ist Value : Recover DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\policies\avenue media VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3d5OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUC3n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUs3t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUs3t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUs3t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUs3t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUC1o3d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUT3i5m7eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUD3s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AU3N5a7tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUP3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUT3h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUT3h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUM3o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUB3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUE3v5nt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUT3h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUT3h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUL3n5Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUC3u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUC3n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUI3g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUS3t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUL3a5stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\aurora Value : AUL3a5stSSChckin Alexa Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuText Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_name DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : ui DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_initial_delay DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_limit DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : account_id DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_date DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_last DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_last DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_last DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : last_conn_h DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : last_conn_l DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : we DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : cdata DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : TimeOffset DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : action_url_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : action_url_last_chunk DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : action_url_last_full_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : key_file DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : kw_last_chunk DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : geourl_last_full_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : geourl_current_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : actionurl_last_full_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : actionurl_current_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : keyword_last_full_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : keyword_current_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : recent_shown DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : key_int_high DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : key_int_low DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : int_high DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\sais Value : int_low istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : DisplayName istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : UninstallString istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : NoModify Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\microsoft\internet explorer\main Value : HOMEOldSP Powerscan Object Recognized! Type : RegValue Data : Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\software\powerscan Value : account_id CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : HOMEOldSP istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : "IST Service" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : IST Service Powerscan Object Recognized! Type : RegValue Data : Category : Malware Comment : "account_id" Rootkey : HKEY_USERS Object : S-1-5-21-796845957-1708537768-1343024091-1003\\software\powerscan Value : account_id Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\nail.exe Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\nail.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 115 Objects found so far: 129 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Trusted zone presumably compromised : contentmatch.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : contentmatch.net\ny Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : contentmatch.net\ny Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny Value : http Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : contentmatch.net\ny Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny Value : https Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 132 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@advertising[1].txt Category : Data Miner Comment : Hits:15 Value : Cookie:koryo@advertising.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@realmedia[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:koryo@realmedia.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@0[5].txt Category : Data Miner Comment : Hits:3 Value : Cookie:koryo@j.2004cms.com/HTM/454/0 Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@0[2].txt Category : Data Miner Comment : Hits:1 Value : Cookie:koryo@jdirectuk.cjt1.net/HTM/454/0 Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@z1.adserver[1].txt Category : Data Miner Comment : Hits:6 Value : Cookie:koryo@z1.adserver.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@doubleclick[1].txt Category : Data Miner Comment : Hits:18 Value : Cookie:koryo@doubleclick.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@mediaplex[2].txt Category : Data Miner Comment : Hits:15 Value : Cookie:koryo@mediaplex.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@apmebf[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:koryo@apmebf.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@targetnet[1].txt Category : Data Miner Comment : Hits:8 Value : Cookie:koryo@targetnet.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@xxxtoolbar[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:koryo@xxxtoolbar.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@qksrv[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:koryo@qksrv.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@trafficmp[1].txt Category : Data Miner Comment : Hits:5 Value : Cookie:koryo@trafficmp.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@pacificpoker[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:koryo@pacificpoker.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@servedby.advertising[1].txt Category : Data Miner Comment : Hits:13 Value : Cookie:koryo@servedby.advertising.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@atdmt[2].txt Category : Data Miner Comment : Hits:20 Value : Cookie:koryo@atdmt.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@0[3].txt Category : Data Miner Comment : Hits:5 Value : Cookie:koryo@jisearch.cjt1.net/HTM/453/0 Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@fastclick[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:koryo@fastclick.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@0[1].txt Category : Data Miner Comment : Hits:8 Value : Cookie:koryo@j.2004cms.com/HTM/453/0 Tracking Cookie Object Recognized! Type : IECache Entry Data : koryo@adtech[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:koryo@adtech.de/ Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 19 Objects found so far: 151 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : File Data : DrPMon[1].dll Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\9J3W8NJG\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll 180Solutions Object Recognized! Type : File Data : ncase_new[1].exe Category : Data Miner Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\DW2U8I0P\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. DyFuCA Object Recognized! Type : File Data : sidefind13[1].dll Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\DW2U8I0P\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL ZyncosMark Object Recognized! Type : File Data : cmctl[1].dll Category : Data Miner Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\RTCDVBV4\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : ContentMatchControl FileDescription : ContentMatchControl InternalName : ContentMatchControl1 LegalCopyright : Copyright 2005 OriginalFilename : ContentMatchControl1.DLL VX2 Object Recognized! Type : File Data : Poller[1].exe Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\RTCDVBV4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. DyFuCA Object Recognized! Type : File Data : sfbho13[1].dll Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Local Settings\Temporary Internet Files\Content.IE5\SA1C0D1F\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL Tracking Cookie Object Recognized! Type : IECache Entry Data : pox master@0[1].txt Category : Data Miner Comment : Value : C:\Documents and Settings\Pox Master\Cookies\pox master@0[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : pox master@0[3].txt Category : Data Miner Comment : Value : C:\Documents and Settings\Pox Master\Cookies\pox master@0[3].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : pox master@atdmt[1].txt Category : Data Miner Comment : Value : C:\Documents and Settings\Pox Master\Cookies\pox master@atdmt[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : pox master@doubleclick[1].txt Category : Data Miner Comment : Value : C:\Documents and Settings\Pox Master\Cookies\pox master@doubleclick[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : pox master@trafficmp[1].txt Category : Data Miner Comment : Value : C:\Documents and Settings\Pox Master\Cookies\pox master@trafficmp[1].txt BargainBuddy Object Recognized! Type : File Data : B70235B0-A656-4A51-A002-2ED856 Category : Malware Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\0476495C-FEC1-4F11-829B-1EDE42\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe 180Solutions Object Recognized! Type : File Data : 95339A14-C54E-4166-852C-45DDF6 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\A40B9A4F-C460-492D-ABF2-4C997A\ FileVersion : 5, 15, 0, 15 ProductVersion : 5, 15, 0, 15 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : File Data : B73601F7-81EE-4282-8768-179879 Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\A40B9A4F-C460-492D-ABF2-4C997A\ 180Solutions Object Recognized! Type : File Data : E4413F6C-8AAC-482C-A44C-43F4AA Category : Data Miner Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\A40B9A4F-C460-492D-ABF2-4C997A\ DyFuCA Object Recognized! Type : File Data : EAD0CE43-EA32-4227-9A61-CA66D2 Category : Malware Comment : Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\F0A36185-6724-495D-AD5A-85FBFB\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL VX2 Object Recognized! Type : File Data : A0000464.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000474.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000482.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000492.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. DyFuCA Object Recognized! Type : File Data : A0000506.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL BargainBuddy Object Recognized! Type : File Data : A0000510.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0000523.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000532.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000541.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000542.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000557.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP4\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. 180Solutions Object Recognized! Type : File Data : A0000568.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 5, 15, 0, 15 ProductVersion : 5, 15, 0, 15 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : File Data : A0000569.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ 180Solutions Object Recognized! Type : File Data : A0000570.dll Category : Data Miner Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ BargainBuddy Object Recognized! Type : File Data : A0000571.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 BargainBuddy Object Recognized! Type : File Data : A0000572.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 BargainBuddy Object Recognized! Type : File Data : A0000574.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : A0000575.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe DyFuCA Object Recognized! Type : File Data : A0000580.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL DyFuCA Object Recognized! Type : File Data : A0000581.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL ZyncosMark Object Recognized! Type : File Data : A0000583.dll Category : Data Miner Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : ContentMatchControl FileDescription : ContentMatchControl InternalName : ContentMatchControl1 LegalCopyright : Copyright 2005 OriginalFilename : ContentMatchControl1.DLL VX2 Object Recognized! Type : File Data : A0000591.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000598.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000599.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000600.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0000619.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{68566D48-95BC-4ED0-A629-CF8DF0350705}\RP5\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll BargainBuddy Object Recognized! Type : File Data : exul.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exul1.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : instsrv.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : javexulm.vxd Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : msexreg.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 199 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 199 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : Folder Category : Malware Comment : Object : C:\DOCUME~1\Koryo\LOCALS~1\Temp\DrTemp BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ BargainBuddy Object Recognized! Type : File Data : exdl.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl0.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl1.exe Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : mqexdlm.srg Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\policies\ameopt DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout Value : Comment DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout Value : DComment DyFuCA Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\ISTsvc istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager istbar Object Recognized! Type : RegData Data : Never Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : RegData Data : Never Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : File Data : istsvc.exe Category : Malware Comment : Object : C:\Program Files\istsvc\ CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain Value : CLSID CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html Value : CLSID CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : CWS.About:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : CWS.About:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : CWS.About:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_zesoft CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_zesoft Value : NextInstance CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\protocols\filter\text/html Value : CLSID CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant Data : about:blank CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : File Data : se.dll Category : Malware Comment : Object : C:\DOCUME~1\Koryo\LOCALS~1\Temp\ Powerscan Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\powerscan Powerscan Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\powerscan Value : account_id Powerscan Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Start Menu\Programs\Power Scan Powerscan Object Recognized! Type : File Data : Power Scan.lnk Category : Malware Comment : Object : C:\Documents and Settings\Koryo\Start Menu\Programs\power scan\ 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : last_conn_h 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : last_conn_l 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : we 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : cdata 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : TimeOffset 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_last_chunk 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : action_url_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : key_file 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : kw_last_chunk 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : geourl_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : geourl_current_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : actionurl_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : actionurl_current_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : keyword_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : keyword_current_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : recent_shown 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : key_int_high 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : key_int_low 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : int_high 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\sais Value : int_low Rads01.Quadrogram Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr Data : no Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 74 Objects found so far: 273 20:47:04 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:35.411 Objects scanned:72761 Objects identified:259 Objects ignored:0 New critical objects:259