Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to remove 56 objects

Started by Amanda_34 , Apr 24 2005 06:08 AM

  • This topic is locked This topic is locked

#1
Amanda_34
Posted 24 April 2005 - 06:08 AM

Amanda_34

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

Ad-Aware will not remove 56 objects as it keeps telling me "some objects could not be removed. Try closing all open browser windows prior to the removal". To my knowledge, there are no windows open.

Here is my Ad-Aware log file:

Ad-Aware SE Build 1.05
Logfile Created on:April 24, 2005 7:46:34 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):6 total references
Claria(TAC index:7):22 total references
ClearSearch(TAC index:7):1 total references
CoolWebSearch(TAC index:10):5 total references
EzuLa(TAC index:6):6 total references
MRU List(TAC index:0):15 total references
ReplaceSearch.BHO(TAC index:5):6 total references
SecondThought(TAC index:4):4 total references
WhenU(TAC index:3):3 total references
Winpup32(TAC index:6):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:38 %
Total physical memory:261568 kb
Available physical memory:6744 kb
Total page file size:1835580 kb
Available on page file:1704648 kb
Total virtual memory:2093056 kb
Available virtual memory:2045504 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


24-04-2005 7:46:35 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291776667
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294940299
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294850183
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294853595
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [NISUM.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
Command Line : "C:\Program Files\Norton Internet Security\NISUM.EXE" -Embedding
ProcessID : 4294887971
Threads : 1
Priority : Normal
FileVersion : 3.0.4.91
ProductVersion : 3.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Stats
LegalCopyright : Copyright © 2001 Symantec Corporation

#:6 [DEVLDR16.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DEVLDR16.EXE
Command Line : C:\WINDOWS\SYSTEM\devldr16.exe
ProcessID : 4294791031
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr16
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2000 Creative Technology Ltd.
OriginalFilename : DevLdr16.exe

#:7 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294817343
Threads : 17
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:8 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294737675
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:9 [POPROXY.EXE]
ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
Command Line : "C:\Program Files\Norton AntiVirus\POPROXY.EXE"
ProcessID : 4294738791
Threads : 1
Priority : Normal
FileVersion : 7.07.00.23
ProductVersion : 7.07.00.23
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Utilities
InternalName : POPROXY
LegalCopyright : Copyright © 2000 Symantec Corporation. All rights reserved.
OriginalFilename : POPROXY.DLL

#:10 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_fffc573f
ProcessID : 4294676591
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:11 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : C:\WINDOWS\SYSTEM\STIMON.EXE -Embedding
ProcessID : 4294577535
Threads : 6
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:12 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294638163
Threads : 5
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:13 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294629619
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:14 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294550259
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

#:15 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294539819
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Winpup32 Object Recognized!
Type : File
Data : A0031311.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0031276.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0016635.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


SecondThought Object Recognized!
Type : File
Data : A0016690.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


SecondThought Object Recognized!
Type : File
Data : A0016698.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


SecondThought Object Recognized!
Type : File
Data : A0016707.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


Claria Object Recognized!
Type : File
Data : GAIN_T~2.0
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 3.2.0.2
ProductVersion : 3.2.0.2
OriginalFilename : Trickler.exe


Claria Object Recognized!
Type : File
Data : A0033122.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.0.1.7
ProductVersion : 5.0.1.7
ProductName : GAIN
CompanyName : The Gator Corporation
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 The Gator Corporation
OriginalFilename : GMT.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064311.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : bargains buddy
FileDescription : bargains
InternalName : bargains
LegalCopyright : Copyright © 2004
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064312.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : apuc Module
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2004
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : A0064313.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
ProductName : CashBack Program
CompanyName : Exact Advertising
InternalName : cb
LegalCopyright : Copyright © 2004
OriginalFilename : cb.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064364.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : bargains buddy
FileDescription : bargains
InternalName : bargains
LegalCopyright : Copyright © 2004
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064367.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
ProductName : CashBack Program
CompanyName : Exact Advertising
InternalName : cb
LegalCopyright : Copyright © 2004
OriginalFilename : cb.exe


WhenU Object Recognized!
Type : File
Data : A0064370.1
Category : Misc
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 1, 62
ProductVersion : 1, 0, 1, 62
ProductName : ClockSync
FileDescription : ClockSync
InternalName : TEST1
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : ClockSync.exe


WhenU Object Recognized!
Type : File
Data : A0064378.1
Category : Misc
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ClockSync Uninstall
FileDescription : ClockSync Uninstall Program
InternalName : ClockSync Uninstall Program
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : Uninst.exe


WhenU Object Recognized!
Type : File
Data : A0064432.1
Category : Misc
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 2, 5, 3, 1
ProductVersion : 2, 5, 3, 1
ProductName : Save! Uninstall
CompanyName : WhenU.com, Inc.
FileDescription : Save! Uninstall
InternalName : SaveUninst
LegalCopyright : Copyright 2001
OriginalFilename : SaveUninst.exe


BargainBuddy Object Recognized!
Type : File
Data : A0105416.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : apuc Module
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2004
OriginalFilename : apuc.DLL


ClearSearch Object Recognized!
Type : File
Data : A0105421.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 4, 0, 4
ProductVersion : 1, 4, 0, 4
ProductName : Loader
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : Loader.exe


Winpup32 Object Recognized!
Type : File
Data : A0169550.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0169551.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0202132.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0204015.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0204213.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0206249.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0210824.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0210836.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0211485.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0211499.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


CoolWebSearch Object Recognized!
Type : File
Data : TSM2.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 4, 0, 3, 7
ProductVersion : 4, 0, 3, 7
ProductName : TSA
FileDescription : tsm.exe
LegalCopyright : Copyright © 2004
OriginalFilename : tsm.exe


CoolWebSearch Object Recognized!
Type : File
Data : TS2.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 4, 0, 3, 7
ProductVersion : 4, 0, 3, 7
ProductName : TSA
FileDescription : ts.exe
LegalCopyright : Copyright © 2004
OriginalFilename : ts.exe


EzuLa Object Recognized!
Type : File
Data : A0211570.0
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOUS
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE


EzuLa Object Recognized!
Type : File
Data : A0211601.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


EzuLa Object Recognized!
Type : File
Data : A0211615.0
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOUS
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0211635.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


Claria Object Recognized!
Type : File
Data : A0215197.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : CMEIIAPI.DLL


Claria Object Recognized!
Type : File
Data : A0215198.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GAppMgr.dll


Claria Object Recognized!
Type : File
Data : A0215199.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GController.dll


Claria Object Recognized!
Type : File
Data : A0215200.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GDlwdEng.dll


Claria Object Recognized!
Type : File
Data : A0215201.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GIocl.dll


Claria Object Recognized!
Type : File
Data : A0215202.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GIoclClient.dll


Claria Object Recognized!
Type : File
Data : A0215203.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GMTProxy.dll


Claria Object Recognized!
Type : File
Data : A0215204.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : A0215205.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GStore.dll


Claria Object Recognized!
Type : File
Data : A0215206.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GStoreServer.dll


Claria Object Recognized!
Type : File
Data : A0215207.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GTools.dll


Claria Object Recognized!
Type : File
Data : A0215210.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : CMESys.exe


Claria Object Recognized!
Type : File
Data : A0215211.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GUninstaller.exe


Claria Object Recognized!
Type : File
Data : A0215212.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : egIEClient Dynamic Link Library
InternalName : egIEClient.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : egIEClient.dll


Claria Object Recognized!
Type : File
Data : A0215213.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGIEProcess dll


Claria Object Recognized!
Type : File
Data : A0215214.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGNSEngine dll


Claria Object Recognized!
Type : File
Data : A0215215.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGGCEngine dll


Claria Object Recognized!
Type : File
Data : A0215217.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : A0215218.1
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : Gator Client Application
InternalName : Gator.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : Gator.exe


Claria Object Recognized!
Type : File
Data : GUUD275.0
Category : Data Miner
Comment :
Object : C:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GUninstaller.exe


CoolWebSearch Object Recognized!
Type : File
Data : A2393372.0
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : A2395580.1
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 71


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 71




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SecondThought Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\\temporary

CoolWebSearch Object Recognized!
Type : File
Data : hosts
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 73

7:56:58 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:23.410
Objects scanned:91715
Objects identified:58
Objects ignored:0
New critical objects:58


Greatly appreciate if someone can help me out on this ! Thank you so much.
  • 0

Advertisements

#2
Rawe
Posted 24 April 2005 - 06:13 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You haven't read these instructions?
Ad-aware logfile posting instructions here;
http://www.geekstogo...ons-t16830.html
Also when you have read those instructions, delete all tracking cookies before posting a new logfile.
Expert's will take it from there. ;)

- Rawe :tazz:
  • 0

#3
TonyKlein
Posted 24 April 2005 - 06:22 AM

TonyKlein

    Malware Expert

  • Expert
  • 642 posts
  • MVP
Also, Antivirus/Antispyware software is unable to modify or remove files from the Restore folder.

You need to flush that folder. Follow the directions here ("FIFO Method 2") to purge the data store:

Antivirus Tools Cannot Clean Infected Files in the _Restore Folder

When done (after restarting your computer), run Ad-Aware again.

Edited by TonyKlein, 24 April 2005 - 06:23 AM.

  • 0

#4
Amanda_34
Posted 24 April 2005 - 06:59 AM

Amanda_34

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi again,

here is my latest Log from Ad-Aware:

Ad-Aware SE Build 1.05
Logfile Created on:April 24, 2005 8:41:39 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):6 total references
Claria(TAC index:7):22 total references
ClearSearch(TAC index:7):1 total references
CoolWebSearch(TAC index:10):5 total references
EzuLa(TAC index:6):6 total references
MRU List(TAC index:0):3 total references
ReplaceSearch.BHO(TAC index:5):6 total references
SecondThought(TAC index:4):4 total references
WhenU(TAC index:3):3 total references
Winpup32(TAC index:6):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:41 %
Total physical memory:261568 kb
Available physical memory:6032 kb
Total page file size:1835580 kb
Available on page file:1736964 kb
Total virtual memory:2093056 kb
Available virtual memory:2045504 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


24-04-2005 8:41:39 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291776959
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294940591
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294850467
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [NISSERV.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
Command Line : C:\PROGRA~1\NORTON~2\NISSERV.EXE
ProcessID : 4294846971
Threads : 9
Priority : Normal
FileVersion : 3.0.4.91
ProductVersion : 3.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
LegalCopyright : Copyright © 2001 Symantec Corporation

#:5 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294859999
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:6 [NISUM.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
Command Line : "C:\Program Files\Norton Internet Security\NISUM.EXE" -Embedding
ProcessID : 4294888199
Threads : 1
Priority : Normal
FileVersion : 3.0.4.91
ProductVersion : 3.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Stats
LegalCopyright : Copyright © 2001 Symantec Corporation

#:7 [IAMAPP.EXE]
ModuleName : C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
Command Line : C:\PROGRA~1\NORTON~2\IAMAPP.EXE
ProcessID : 4294778503
Threads : 1
Priority : Normal
FileVersion : 3.0.4.91
ProductVersion : 3.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IAMAPP.EXE
LegalCopyright : Copyright © 2001 Symantec Corporation

#:8 [DEVLDR16.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DEVLDR16.EXE
Command Line : C:\WINDOWS\SYSTEM\devldr16.exe
ProcessID : 4294815927
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr16
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2000 Creative Technology Ltd.
OriginalFilename : DevLdr16.exe

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294792915
Threads : 16
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:10 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294729847
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:11 [POPROXY.EXE]
ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
Command Line : "C:\Program Files\Norton AntiVirus\POPROXY.EXE"
ProcessID : 4294749899
Threads : 1
Priority : Normal
FileVersion : 7.07.00.23
ProductVersion : 7.07.00.23
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Utilities
InternalName : POPROXY
LegalCopyright : Copyright © 2000 Symantec Corporation. All rights reserved.
OriginalFilename : POPROXY.DLL

#:12 [WINPATROL.EXE]
ModuleName : C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
Command Line : "C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe"
ProcessID : 4294662799
Threads : 1
Priority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:13 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_fffc658b
ProcessID : 4294688039
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:14 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294674111
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:15 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294361715
Threads : 4
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Winpup32 Object Recognized!
Type : File
Data : A0031311.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0031276.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0016635.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


SecondThought Object Recognized!
Type : File
Data : A0016690.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


SecondThought Object Recognized!
Type : File
Data : A0016698.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


SecondThought Object Recognized!
Type : File
Data : A0016707.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe


Claria Object Recognized!
Type : File
Data : GAIN_T~2.1
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3.2.0.2
ProductVersion : 3.2.0.2
OriginalFilename : Trickler.exe


Claria Object Recognized!
Type : File
Data : A0033122.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.0.1.7
ProductVersion : 5.0.1.7
ProductName : GAIN
CompanyName : The Gator Corporation
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 The Gator Corporation
OriginalFilename : GMT.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064311.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : bargains buddy
FileDescription : bargains
InternalName : bargains
LegalCopyright : Copyright © 2004
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064312.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : apuc Module
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2004
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : A0064313.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
ProductName : CashBack Program
CompanyName : Exact Advertising
InternalName : cb
LegalCopyright : Copyright © 2004
OriginalFilename : cb.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064364.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : bargains buddy
FileDescription : bargains
InternalName : bargains
LegalCopyright : Copyright © 2004
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0064367.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.00.0003
ProductVersion : 1.00.0003
ProductName : CashBack Program
CompanyName : Exact Advertising
InternalName : cb
LegalCopyright : Copyright © 2004
OriginalFilename : cb.exe


WhenU Object Recognized!
Type : File
Data : A0064370.0
Category : Misc
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 1, 62
ProductVersion : 1, 0, 1, 62
ProductName : ClockSync
FileDescription : ClockSync
InternalName : TEST1
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : ClockSync.exe


WhenU Object Recognized!
Type : File
Data : A0064378.0
Category : Misc
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ClockSync Uninstall
FileDescription : ClockSync Uninstall Program
InternalName : ClockSync Uninstall Program
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : Uninst.exe


WhenU Object Recognized!
Type : File
Data : A0064432.0
Category : Misc
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 2, 5, 3, 1
ProductVersion : 2, 5, 3, 1
ProductName : Save! Uninstall
CompanyName : WhenU.com, Inc.
FileDescription : Save! Uninstall
InternalName : SaveUninst
LegalCopyright : Copyright 2001
OriginalFilename : SaveUninst.exe


BargainBuddy Object Recognized!
Type : File
Data : A0105416.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 8, 19, 0
ProductVersion : 1, 8, 19, 0
ProductName : apuc Module
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2004
OriginalFilename : apuc.DLL


ClearSearch Object Recognized!
Type : File
Data : A0105421.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 4, 0, 4
ProductVersion : 1, 4, 0, 4
ProductName : Loader
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : Loader.exe


Winpup32 Object Recognized!
Type : File
Data : A0169550.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


Winpup32 Object Recognized!
Type : File
Data : A0169551.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 5.00.0001
ProductVersion : 5.00.0001
ProductName : builder
CompanyName : thunderdome
InternalName : rico
OriginalFilename : rico.exe


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0202132.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0204015.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0204213.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0206249.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0210824.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0210836.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


EzuLa Object Recognized!
Type : File
Data : A0211485.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0211499.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


CoolWebSearch Object Recognized!
Type : File
Data : TSM2.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 4, 0, 3, 7
ProductVersion : 4, 0, 3, 7
ProductName : TSA
FileDescription : tsm.exe
LegalCopyright : Copyright © 2004
OriginalFilename : tsm.exe


CoolWebSearch Object Recognized!
Type : File
Data : TS2.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 4, 0, 3, 7
ProductVersion : 4, 0, 3, 7
ProductName : TSA
FileDescription : ts.exe
LegalCopyright : Copyright © 2004
OriginalFilename : ts.exe


EzuLa Object Recognized!
Type : File
Data : A0211570.1
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOUS
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE


EzuLa Object Recognized!
Type : File
Data : A0211601.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


EzuLa Object Recognized!
Type : File
Data : A0211615.1
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOUS
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE


ReplaceSearch.BHO Object Recognized!
Type : File
Data : A0211635.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : replaceSearch Module
FileDescription : replaceSearch Module
InternalName : replaceSearch
LegalCopyright : Copyright 2004
OriginalFilename : replaceSearch.DLL


Claria Object Recognized!
Type : File
Data : A0215197.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : CMEIIAPI.DLL


Claria Object Recognized!
Type : File
Data : A0215198.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GAppMgr.dll


Claria Object Recognized!
Type : File
Data : A0215199.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GController.dll


Claria Object Recognized!
Type : File
Data : A0215200.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GDlwdEng.dll


Claria Object Recognized!
Type : File
Data : A0215201.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GIocl.dll


Claria Object Recognized!
Type : File
Data : A0215202.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GIoclClient.dll


Claria Object Recognized!
Type : File
Data : A0215203.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GMTProxy.dll


Claria Object Recognized!
Type : File
Data : A0215204.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : A0215205.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GStore.dll


Claria Object Recognized!
Type : File
Data : A0215206.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GStoreServer.dll


Claria Object Recognized!
Type : File
Data : A0215207.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GTools.dll


Claria Object Recognized!
Type : File
Data : A0215210.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : CMESys.exe


Claria Object Recognized!
Type : File
Data : A0215211.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GUninstaller.exe


Claria Object Recognized!
Type : File
Data : A0215212.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : egIEClient Dynamic Link Library
InternalName : egIEClient.dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : egIEClient.dll


Claria Object Recognized!
Type : File
Data : A0215213.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGIEProcess dll


Claria Object Recognized!
Type : File
Data : A0215214.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGNSEngine dll


Claria Object Recognized!
Type : File
Data : A0215215.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : EGGCEngine dll


Claria Object Recognized!
Type : File
Data : A0215217.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : A0215218.0
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : Gator Client Application
InternalName : Gator.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : Gator.exe


Claria Object Recognized!
Type : File
Data : GUUD275.1
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 6.0.5.1
ProductVersion : 6.0.5.1
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing
OriginalFilename : GUninstaller.exe


CoolWebSearch Object Recognized!
Type : File
Data : A2393372.1
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : A2395580.0
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 59




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SecondThought Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\\temporary

CoolWebSearch Object Recognized!
Type : File
Data : hosts
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 61

8:52:01 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:21.860
Objects scanned:91798
Objects identified:58
Objects ignored:0
New critical objects:58


I have tried FIFO method 2 but the slider bar is stuck (faded) so that it is inoperable.

Help, as always, would be GREATLY appreciated !
  • 0

#5
Guest_Andy_veal_*
Posted 24 April 2005 - 04:31 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#6
Guest_Andy_veal_*
Posted 24 April 2005 - 04:34 PM

Guest_Andy_veal_*
  • Guest

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 59


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Please follow both my posts of instructions.

Keep us updated


Andy :tazz:
  • 0

#7
Amanda_34
Posted 25 April 2005 - 03:04 PM

Amanda_34

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Thanks for replying. I am running Windows ME and my mouse won't work in SAFE MODE. How do I make Ccleaner run? How do I make Ad-Aware run? With the keyboard, I can launch the programs but I can't actually have it run?

Sorry if it is a silly question but I am not as computer litterate as you guys!!!

Please advise!!!
  • 0

#8
Guest_Andy_veal_*
Posted 26 April 2005 - 10:43 AM

Guest_Andy_veal_*
  • Guest
Please could you try my advice above in normal mode.
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP