Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

EDow.exe pops up intermittantly

Started by skugler , Apr 25 2005 07:23 PM

  • This topic is locked This topic is locked

#1
skugler
Posted 25 April 2005 - 07:23 PM

skugler

    Member

  • Member
  • PipPip
  • 14 posts
:tazz: Ad-Aware SE Build 1.05
Logfile Created on:Monday, April 25, 2005 8:54:11 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):31 total references
AdShooter(TAC index:6):6 total references
Alexa(TAC index:5):1 total references
BargainBuddy(TAC index:8):50 total references
BlazeFind(TAC index:5):4 total references
Dialer.IEDisco(TAC index:5):9 total references
DyFuCA(TAC index:3):15 total references
EGroup Dialer(TAC index:5):16 total references
eSyndicate BHO(TAC index:6):2 total references
Favoriteman(TAC index:8):4 total references
FizzleBar(TAC index:5):1 total references
Hijacker.TopConverting(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Search Relevancy(TAC index:5):15 total references
TopMoxie(TAC index:3):3 total references
Tracking Cookie(TAC index:3):263 total references
UpdateLoader Malware(TAC index:5):3 total references
WhenU(TAC index:3):8 total references
WindUpdates(TAC index:8):27 total references
VX2(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:15 %
Total physical memory:130476 kb
Available physical memory:2136 kb
Total page file size:1966672 kb
Available on page file:1820372 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-25-05 8:54:11 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293894659
Threads : 5
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4292894531
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4292897235
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4292870547
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSGLOOP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGLOOP.EXE
Command Line : n/a
ProcessID : 4292875703
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:6 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292881103
Threads : 16
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:7 [MSG32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSG32.EXE
Command Line : MSG32.EXE
ProcessID : 4292907931
Threads : 2
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:8 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4292910683
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292913895
Threads : 12
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4292982263
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4292984199
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293030283
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:13 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293016903
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:14 [ADMILLISERV.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"
ProcessID : 4293038119
Threads : 4
Priority : Normal


WindUpdates Object Recognized!
Type : Process
Data : ADMILLICOMM.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\ADMILLI SERVICE\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLICOMM.DLL)


WindUpdates Object Recognized!
Type : Process
Data : ADMILLISERV.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\ADMILLI SERVICE\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE)

Warning! "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"Process could not be terminated!

#:15 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293045251
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:16 [ADMILLIKEEP.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\AdmilliKeep.exe"
ProcessID : 4293084471
Threads : 2
Priority : Normal


#:17 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4293150559
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE

#:18 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4293164795
Threads : 7
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:19 [DIALER.EXE]
ModuleName : C:\PROGRAM FILES\MFIRE\DIALER.EXE
Command Line : "C:\Program Files\mFire\dialer.exe" dial
ProcessID : 4293076107
Threads : 3
Priority : Normal
FileVersion : 3.0.5.2
ProductVersion : 3.05
ProductName : ISPWizard Dialer - Internet Setup Program Wizard Dialer
CompanyName : ISPWizard
FileDescription : ISPWizard Dialer
LegalCopyright : Copyright 2000-2005 Mark Griffiths
Comments : http://www.ispwizard.com

#:20 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : C:\PROGRA~1\INTERN~1\iexplore.exe
ProcessID : 4293246295
Threads : 5
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

BargainBuddy Object Recognized!
Type : Process
Data : MSBE.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL

Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSBE.DLL)


#:21 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\PROGRA~1\INTERN~1\iexplore.exe"
ProcessID : 4293239787
Threads : 7
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

BargainBuddy Object Recognized!
Type : Process
Data : MSBE.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL

Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSBE.DLL)


#:22 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293442687
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :

Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3446598e-00e4-4b5e-99a6-87ecca8324a2}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
Value :

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1
Value :

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{26d73573-f1b3-48c9-a989-e6ce071957a1}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :

UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}

UpdateLoader Malware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
Value :

UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb}

AdShooter Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s

AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : u_id

AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : time

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\policies\avenue media

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayIcon

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : UninstallString

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : SystemComponent

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : Installer

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : DisplayName

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : UninstallString

Favoriteman Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : UninstallString

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : DisplayName

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : param

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : DownloadPath

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : Language

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : SoftwareTable

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : reqcount

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : track

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : LastUpdate

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment : "{92f02779-6d88-4958-8ad3-83c12d86adc7}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {92f02779-6d88-4958-8ad3-83c12d86adc7}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Admilli Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Admilli Service

eSyndicate BHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "navtime"
Rootkey : HKEY_USERS
Object : .default\software\livesvc
Value : navtime

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 91
Objects found so far: 95


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : .Default\Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"

Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll

Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : .Owner

Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : {3446598E-00E4-4B5E-99A6-87ECCA8324A2}

Dialer.IEDisco Object Recognized!
Type : File
Data : /windows/system/egdaccess_1056.dll
Category : Dialer
Comment :
Object : c:\



Dialer.IEDisco Object Recognized!
Type : RegValue
Data : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 103


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@centrport[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tripod[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[7].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[7].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[9].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[9].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[2].txt
Category : Data Miner
Comment :
  • 0

Advertisements

#2
Rawe
Posted 26 April 2005 - 12:39 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your logfile is incomplete.
Please keep copying it to the point where reads "Scan summary".

- Rawe :tazz:
  • 0

#3
Guest_Andy_veal_*
Posted 26 April 2005 - 10:51 AM

Guest_Andy_veal_*
  • Guest
Hello there

Please could you complete your current logfile

Please could you find the rest of your logfile and complete posting it here.
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#4
skugler
Posted 26 April 2005 - 06:28 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz: Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@overture[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hotlog[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@hotlog[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@realmedia[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@~~local~~[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@~~local~~[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@seeq[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@seeq[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@euniverseads[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@euniverseads[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@gator[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@gator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tmpad[2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\WINDOWS\Cookies\seymour@tmpad[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@revenue[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@revenue[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@linksynergy[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@domainsponsor[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@serving-sys[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tribalfusion[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@commission-junction[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@commission-junction[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@linksynergy[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@linksynergy[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cybereps[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cybereps[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tripod[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@ajrotator[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@ajrotator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@qksrv[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@qksrv[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@commission-junction[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@commission-junction[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hotlog[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@hotlog[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@bluestreak[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@advertising[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@advertising[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casinotropez[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@casinotropez[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\WINDOWS\Cookies\seymour@tmpad[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@targetnet[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@statcounter[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[6].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@instadia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@instadia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@fastclick[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@fastclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@7search[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@7search[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@overture[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tribalfusion[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@adrevolver[6].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@adrevolver[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@trafficmp[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@trafficmp[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@specificclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@specificclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@maxserving[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@maxserving[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[8].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[8].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][4].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][4].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 133
Objects found so far: 236



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdShooter Object Recognized!
Type : File
Data : SYSsfitb.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : Searchforit Toolbar
FileDescription : Searchforit Toolbar
InternalName : Searchforit Search
LegalCopyright : Copyright 2003
OriginalFilename : toolbar.dll


180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 4.1
ProductVersion : 4.1
ProductName : n-CASE
CompanyName : 180Solutions Inc
FileDescription : msbb
InternalName : msbb
LegalCopyright : Copyright © 2001 180Solutions, Inc
OriginalFilename : msbb.exe


Dialer.IEDisco Object Recognized!
Type : File
Data : EGDACCESS_1056.dll
Category : Dialer
Comment :
Object : c:\WINDOWS\SYSTEM\



WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : angelex.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : instsrv.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



VX2 Object Recognized!
Type : File
Data : localNRD.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI126B.TMP\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


TopMoxie Object Recognized!
Type : File
Data : djtopr1150.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\unknown user@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@centrport[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@2o7[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\unknown user@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@tripod[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\unknown user@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\unknown user@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tickle[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tripod[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[7].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[7].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casalemedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@qksrv[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@qksrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@maxserving[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[9].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[9].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@overture[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hotlog[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@hotlog[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@trafficmp[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@realmedia[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@apmebf[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@statcounter[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@zedo[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@~~local~~[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@~~local~~[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@seeq[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@seeq[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@adrevolver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@fastclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@euniverseads[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@euniverseads[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@gator[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@gator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tmpad[2].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : c:\WINDOWS\Cookies\seymour@tmpad[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@revenue[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@revenue[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@linksynergy[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@linksynergy[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hitbox[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@domainsponsor[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@serving-sys[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tribalfusion[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@commission-junction[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@commission-junction[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@questionmarket[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies
\[email protected][2].txt

Edited by skugler, 26 April 2005 - 06:39 PM.

  • 0

#5
skugler
Posted 26 April 2005 - 06:45 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz: Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@linksynergy[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@linksynergy[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cybereps[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cybereps[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tripod[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@ajrotator[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@ajrotator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@qksrv[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@qksrv[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@commission-junction[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@commission-junction[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hotlog[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@hotlog[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@bluestreak[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@advertising[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@advertising[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casinotropez[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@casinotropez[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@centrport[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : c:\WINDOWS\Cookies\seymour@tmpad[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@targetnet[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casalemedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@statcounter[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@statcounter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[6].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@instadia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@instadia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@fastclick[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@fastclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@7search[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@7search[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@overture[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tribalfusion[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@questionmarket[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@valueclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@adrevolver[6].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@adrevolver[6].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@trafficmp[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@trafficmp[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@specificclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@specificclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tickle[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@247realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@maxserving[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@maxserving[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[8].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@cgi-bin[8].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@revenue[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\seymour@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][4].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][4].txt

VX2 Object Recognized!
Type : File
Data : LOCALNRD.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


BargainBuddy Object Recognized!
Type : File
Data : zeta.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


WhenU Object Recognized!
Type : File
Data : Sync.exe
Category : Misc
Comment :
Object : c:\Program Files\ClockSync\
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
ProductName : DnldStub Module
CompanyName : WhenU.com
FileDescription : DnldStub
InternalName : DnldStub
LegalCopyright : Copyright 2003
OriginalFilename : dnldstub.exe


BargainBuddy Object Recognized!
Type : File
Data : bargains.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : adv.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : adx.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : Uninstall.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\
FileVersion : 8.0.3.3
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevant.xml
Category : Misc
Comment :
Object : c:\Program Files\SearchRelevant\



Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : c:\Program Files\SearchRelevant\



TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\



WhenU Object Recognized!
Type : File
Data : DnldNCSX0002.exe
Category : Misc
Comment :
Object : c:\Program Files\BullGuard\Infected\
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
ProductName : DownloadApp
CompanyName : WhenU.com, Inc.
FileDescription : DownloadApp
InternalName : DownloadApp
LegalCopyright : Copyright 2000
OriginalFilename : dnldapp.exe


BlazeFind Object Recognized!
Type : File
Data : CComm.dll
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliKeep.exe
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliComm.dll
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliServ.exe
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


180Solutions Object Recognized!
Type : File
Data : msbbhook.dll
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\



TopMoxie Object Recognized!
Type : File
Data : WebRebates_CDT_InstallSilent.exe
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\



Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.exe
Category : Misc
Comment :
Object : c:\temp\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 393


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 393




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft
Value : ObjectName

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft
Value : Description

WindUpdates Object Recognized!
Type : File
Data : NETBEUI.VXD
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NETBEUI Virtual Device (Version 4.0)
InternalName : NETBEUI
LegalCopyright : Copyright © Microsoft Corp. 1988-1998
OriginalFilename : NETBEUI.VXD


WindUpdates Object Recognized!
Type : File
Data : netut80ex.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



WindUpdates Object Recognized!
Type : File
Data : AdmilliServX.dll
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System

BargainBuddy Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\BullsEye Network

BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE


BargainBuddy Object Recognized!
Type : File
Data : ub.dat
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : ad.dat
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : t1096818484.dec
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : MSBE.DLL
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : VX1.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : VX1X.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : VX0.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



Dialer.IEDisco Object Recognized!
Type : File
Data : EGDACCESS_1057.dll
Category : Dialer
Comment :
Object : C:\WINDOWS\SYSTEM\



Dialer.IEDisco Object Recognized!
Type : File
Data : EGDACCESS.inf
Category : Dialer
Comment :
Object : C:\WINDOWS\downloaded program files\



DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update
Value : UninstallString

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{486e48b5-abf2-42bb-a327-2679df3fb822}

EGroup Dialer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Instant Access

EGroup Dialer Object Recognized!
Type : File
Data : NoCreditCard.lnk
Category : Malware
Comment : UKVideo2
Object : C:\WINDOWS\Start Menu\



EGroup Dialer Object Recognized!
Type : File
Data : NoCreditCard.lnk
Category : Malware
Comment :
Object : C:\WINDOWS\Start Menu\



EGroup Dialer Object Recognized!
Type : File
Data : EGDHTML_pack.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



EGroup Dialer Object Recognized!
Type : File
Data : ia.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



EGroup Dialer Object Recognized!
Type : File
Data : ExeDialer.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 1, 8
ProductVersion : 1, 0, 1, 8
ProductName : Application Instant Access
FileDescription : Application MFC
InternalName : DialerEXE
LegalCopyright : Copyright © 2003
OriginalFilename : Instant Access.exe


Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevancy

Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.dll
Category : Misc
Comment :
Object : C:\Program Files\searchrelevancy\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Updater Module
FileDescription : Updater Module
InternalName : Updater
LegalCopyright : Copyright 2005
OriginalFilename : Updater.DLL


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy1.dll
Category : Misc
Comment :
Object : C:\Program Files\searchrelevancy\



AdShooter Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\WINDOWS\Favorites\Hot Sites

AdShooter Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\DR_S

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : boom_ver

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : kw_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : keyword_file_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : smt

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : boom

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt2

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt3

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gma

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gvi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gpi

Favoriteman Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo
Value : DisplayName

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo
Value : UninstallString

eSyndicate BHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\livesvc

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\localnrd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\localnrd
Value : LNI0d1OfSDist

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNI0d1OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : LOCALNRD.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : dummy.htm
Category : Malware
Comment :
Object : C:\windows\TEMP\



WhenU Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\ClockSync

WhenU Object Recognized!
Type : File
Data : GLF62.EXE
Category : Misc
Comment :
Object : C:\windows\TEMP\



WhenU Object Recognized!
Type : File
Data : GLFD265GLFD265.EXE
Category : Misc
Comment :
Object : C:\windows\TEMP\



WhenU Object Recognized!
Type : File
Data : GLFB0GLFB0.EXE
Category : Misc
Comment :
Object : C:\windows\TEMP\



WhenU Object Recognized!
Type : File
Data : GLF1395GLF1395.EXE
Category : Misc
Comment :
Object : C:\windows\TEMP\



WhenU Object Recognized!
Type : File
Data : GLF9231GLF9231.EXE
Category : Misc
Comment :
Object : C:\windows\TEMP\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 78
Objects found so far: 471

9:14:17 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:06.110
Objects scanned:109269
Objects identified:479
Objects ignored:0
New critical objects:479

Edited by skugler, 26 April 2005 - 08:16 PM.

  • 0

#6
skugler
Posted 26 April 2005 - 06:58 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
My previous posting completes my log file.

Thank you,
Seymour

Edited by skugler, 26 April 2005 - 08:22 PM.

  • 0

#7
Rawe
Posted 27 April 2005 - 12:12 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to VX2 objects only. Click next, Click OK.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:

Edited by Rawe, 29 April 2005 - 09:01 AM.

  • 0

#8
skugler
Posted 29 April 2005 - 01:35 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz: Fresh Scan Log


Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 3:11:29 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):31 total references
AdShooter(TAC index:6):6 total references
Alexa(TAC index:5):1 total references
BargainBuddy(TAC index:8):49 total references
BlazeFind(TAC index:5):4 total references
Dialer.IEDisco(TAC index:5):8 total references
DyFuCA(TAC index:3):15 total references
EGroup Dialer(TAC index:5):17 total references
eSyndicate BHO(TAC index:6):2 total references
Favoriteman(TAC index:8):4 total references
FizzleBar(TAC index:5):1 total references
Hijacker.TopConverting(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Search Relevancy(TAC index:5):15 total references
TopMoxie(TAC index:3):2 total references
UpdateLoader Malware(TAC index:5):3 total references
WhenU(TAC index:3):3 total references
WindUpdates(TAC index:8):28 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:8 %
Total physical memory:130476 kb
Available physical memory:3052 kb
Total page file size:1966672 kb
Available on page file:1824028 kb
Total virtual memory:2093056 kb
Available virtual memory:2048704 kb
OS:

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-29-05 3:11:29 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293899811
Threads : 5
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4292889443
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4292902387
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292870159
Threads : 17
Priority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:5 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4292930199
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:6 [MSGLOOP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGLOOP.EXE
Command Line : n/a
ProcessID : 4292908111
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:7 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4292910979
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:8 [MSG32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSG32.EXE
Command Line : MSG32.EXE
ProcessID : 4292871299
Threads : 2
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292958051
Threads : 13
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4293019827
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4293033783
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4292946803
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:13 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4293040683
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE

#:14 [ADMILLISERV.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"
ProcessID : 4293036595
Threads : 4
Priority : Normal


WindUpdates Object Recognized!
Type : Process
Data : ADMILLICOMM.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\ADMILLI SERVICE\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLICOMM.DLL)


WindUpdates Object Recognized!
Type : Process
Data : ADMILLISERV.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\ADMILLI SERVICE\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE)

Warning! "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"Process could not be terminated!

#:15 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293048351
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:16 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293057263
Threads : 6
Priority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:17 [ADMILLIKEEP.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\AdmilliKeep.exe"
ProcessID : 4293087027
Threads : 2
Priority : Normal


#:18 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4293116511
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:19 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4293124279
Threads : 7
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:20 [DIALER.EXE]
ModuleName : C:\PROGRAM FILES\MFIRE\DIALER.EXE
Command Line : "C:\Program Files\mFire\dialer.exe" dial
ProcessID : 4293280143
Threads : 3
Priority : Normal
FileVersion : 3.0.5.2
ProductVersion : 3.05
ProductName : ISPWizard Dialer - Internet Setup Program Wizard Dialer
CompanyName : ISPWizard
FileDescription : ISPWizard Dialer
LegalCopyright : Copyright 2000-2005 Mark Griffiths
Comments : http://www.ispwizard.com

#:21 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : C:\PROGRA~1\INTERN~1\iexplore.exe
ProcessID : 4293290435
Threads : 10
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

BargainBuddy Object Recognized!
Type : Process
Data : MSBE.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL

Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSBE.DLL)


#:22 [MSIMN.EXE]
ModuleName : C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
Command Line : "C:\Program Files\Outlook Express\msimn.exe"
ProcessID : 4293332443
Threads : 8
Priority : Normal
FileVersion : 6.00.2800.1123
ProductVersion : 6.00.2800.1123
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE

#:23 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4293450571
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:24 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293361215
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{26d73573-f1b3-48c9-a989-e6ce071957a1}

Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3446598e-00e4-4b5e-99a6-87ecca8324a2}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
Value :

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1
Value :

UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}

UpdateLoader Malware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :

UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

AdShooter Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s

AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : u_id

AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : time

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\policies\avenue media

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : param

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : DownloadPath

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : Language

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : SoftwareTable

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : reqcount

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : track

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : LastUpdate

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : SystemComponent

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : Installer

Favoriteman Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayIcon

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : UninstallString

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : UninstallString

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : DisplayName

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : DisplayName

EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : UninstallString

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment : "{92f02779-6d88-4958-8ad3-83c12d86adc7}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {92f02779-6d88-4958-8ad3-83c12d86adc7}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Admilli Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Admilli Service

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id

eSyndicate BHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "navtime"
Rootkey : HKEY_USERS
Object : .default\software\livesvc
Value : navtime

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 91
Objects found so far: 94


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : .Default\Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"

Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll

Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : .Owner

Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : {3446598E-00E4-4B5E-99A6-87ECCA8324A2}

Dialer.IEDisco Object Recognized!
Type : File
Data : /windows/system/egdaccess_1056.dll
Category : Dialer
Comment :
Object : c:\



Dialer.IEDisco Object Recognized!
Type : RegValue
Data : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 102


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 102



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AdShooter Object Recognized!
Type : File
Data : SYSsfitb.dll
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : Searchforit Toolbar
FileDescription : Searchforit Toolbar
InternalName : Searchforit Search
LegalCopyright : Copyright 2003
OriginalFilename : toolbar.dll


180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 4.1
ProductVersion : 4.1
ProductName : n-CASE
CompanyName : 180Solutions Inc
FileDescription : msbb
InternalName : msbb
LegalCopyright : Copyright © 2001 180Solutions, Inc
OriginalFilename : msbb.exe


Dialer.IEDisco Object Recognized!
Type : File
Data : EGDACCESS_1056.dll
Category : Dialer
Comment :
Object : c:\WINDOWS\SYSTEM\



WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : angelex.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


BargainBuddy Object Recognized!
Type : File
Data : instsrv.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : zeta.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0


WhenU Object Recognized!
Type : File
Data : Sync.exe
Category : Misc
Comment :
Object : c:\Program Files\ClockSync\
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
ProductName : DnldStub Module
CompanyName : WhenU.com
FileDescription : DnldStub
InternalName : DnldStub
LegalCopyright : Copyright 2003
OriginalFilename : dnldstub.exe


BargainBuddy Object Recognized!
Type : File
Data : bargains.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 2, 0, 0, 2
ProductVersion : 2, 0, 0, 2
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : adv.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : adx.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : Uninstall.exe
Category : Malware
Comment :
Object : c:\Program Files\BullsEye Network\
FileVersion : 8.0.3.3
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevant.xml
Category : Misc
Comment :
Object : c:\Program Files\SearchRelevant\



Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : c:\Program Files\SearchRelevant\



TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : c:\Program
  • 0

#9
Rawe
Posted 29 April 2005 - 01:49 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
And now, what you need to do, is to follow the same instructions as earlier, but now you can remove all problems when removing on safe mode.

- Rawe :tazz:
  • 0

#10
skugler
Posted 29 April 2005 - 01:54 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz: continuation of logfile

WhenU Object Recognized!
Type : File
Data : DnldNCSX0002.exe
Category : Misc
Comment :
Object : c:\Program Files\BullGuard\Infected\
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
ProductName : DownloadApp
CompanyName : WhenU.com, Inc.
FileDescription : DownloadApp
InternalName : DownloadApp
LegalCopyright : Copyright 2000
OriginalFilename : dnldapp.exe


BlazeFind Object Recognized!
Type : File
Data : CComm.dll
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliKeep.exe
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliComm.dll
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



WindUpdates Object Recognized!
Type : File
Data : AdmilliServ.exe
Category : Malware
Comment :
Object : c:\Program Files\BullGuard\Infected\



180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


180Solutions Object Recognized!
Type : File
Data : msbbhook.dll
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\



TopMoxie Object Recognized!
Type : File
Data : WebRebates_CDT_InstallSilent.exe
Category : Data Miner
Comment :
Object : c:\Program Files\BullGuard\Infected\



Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.exe
Category : Misc
Comment :
Object : c:\temp\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 126


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 126




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft
Value : ObjectName

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\zesoft
Value : Description

WindUpdates Object Recognized!
Type : File
Data : NETBEUI.VXD
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NETBEUI Virtual Device (Version 4.0)
InternalName : NETBEUI
LegalCopyright : Copyright © Microsoft Corp. 1988-1998
OriginalFilename : NETBEUI.VXD


WindUpdates Object Recognized!
Type : File
Data : netut80ex.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



WindUpdates Object Recognized!
Type : File
Data : AdmilliServX.dll
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System

BargainBuddy Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\BullsEye Network

BargainBuddy Object Recognized!
Type : File
Data : ub.dat
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : ad.dat
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : t1096818484.dec
Category : Malware
Comment :
Object : C:\Program Files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE


BargainBuddy Object Recognized!
Type : File
Data : MSBE.DLL
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : VX1.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : VX1X.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



BargainBuddy Object Recognized!
Type : File
Data : VX0.NLS
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevancy

Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.dll
Category : Misc
Comment :
Object : C:\Program Files\searchrelevancy\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Updater Module
FileDescription : Updater Module
InternalName : Updater
LegalCopyright : Copyright 2005
OriginalFilename : Updater.DLL


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy1.dll
Category : Misc
Comment :
Object : C:\Program Files\searchrelevancy\



EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{486e48b5-abf2-42bb-a327-2679df3fb822}

EGroup Dialer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Instant Access

EGroup Dialer Object Recognized!
Type : File
Data : NoCreditCard.lnk
Category : Malware
Comment : UKVideo2
Object : C:\WINDOWS\Start Menu\



EGroup Dialer Object Recognized!
Type : File
Data : NoCreditCard.lnk
Category : Malware
Comment :
Object : C:\WINDOWS\Start Menu\



EGroup Dialer Object Recognized!
Type : File
Data : EGDACCESS_1057.dll
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



EGroup Dialer Object Recognized!
Type : File
Data : EGDHTML_pack.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



EGroup Dialer Object Recognized!
Type : File
Data : ia.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



EGroup Dialer Object Recognized!
Type : File
Data : ExeDialer.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 1, 8
ProductVersion : 1, 0, 1, 8
ProductName : Application Instant Access
FileDescription : Application MFC
InternalName : DialerEXE
LegalCopyright : Copyright © 2003
OriginalFilename : Instant Access.exe


Dialer.IEDisco Object Recognized!
Type : File
Data : EGDACCESS.inf
Category : Dialer
Comment :
Object : C:\WINDOWS\downloaded program files\



DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wsem update
Value : UninstallString

AdShooter Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\WINDOWS\Favorites\Hot Sites

AdShooter Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\DR_S

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : boom_ver

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : kw_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : keyword_file_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : smt

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : boom

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt2

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt3

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gma

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gvi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gpi

Favoriteman Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo
Value : DisplayName

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dmo
Value : UninstallString

eSyndicate BHO Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\livesvc

WhenU Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\ClockSync

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 67
Objects found so far: 193

3:31:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:08.640
Objects scanned:103627
Objects identified:202
Objects ignored:0
New critical objects:202
  • 0

Advertisements

#11
skugler
Posted 29 April 2005 - 02:05 PM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz:
My concern is that on c:\temp I have residing EDow.exe and EDowPack.exe after all this cleaning. Please Advise!
Thank you
Seymour
  • 0

#12
Rawe
Posted 29 April 2005 - 04:21 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Edited, follow instructions below ;)

- Rawe :tazz:

Edited by Rawe, 30 April 2005 - 09:32 AM.

  • 0

#13
Guest_Andy_veal_*
Posted 29 April 2005 - 05:58 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R42 28.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#14
skugler
Posted 30 April 2005 - 10:37 AM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz:

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 30, 2005 12:10:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:30 %
Total physical memory:130476 kb
Available physical memory:3044 kb
Total page file size:1966672 kb
Available on page file:1858188 kb
Total virtual memory:2093056 kb
Available virtual memory:2048704 kb
OS:

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-30-05 12:10:30 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293900535
Threads : 5
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4292887991
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4292899623
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292873947
Threads : 16
Priority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:5 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4292928579
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:6 [MSGLOOP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGLOOP.EXE
Command Line : n/a
ProcessID : 4292909723
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:7 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4292907351
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:8 [MSG32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSG32.EXE
Command Line : MSG32.EXE
ProcessID : 4292903107
Threads : 2
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292955511
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4292973071
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4292972023
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293032315
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:13 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293013191
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:14 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293052091
Threads : 6
Priority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:15 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4293047067
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:16 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4293154259
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE

#:17 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4293164923
Threads : 5
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:18 [HCM.EXE]
ModuleName : C:\PROGRAM FILES\NZSEARCH\HCM.EXE
Command Line : "c:\program files\nzsearch\hcm.exe" -o
ProcessID : 4293234183
Threads : 1
Priority : Normal
FileVersion : 2.0.17
ProductVersion : 2.0.17
ProductName : NetZero Browser Search Enhancements
CompanyName : United Online, Inc.
FileDescription : Browser Search Enhancements
InternalName : hcm
LegalCopyright : Copyright © 1998-2004 United Online, Inc.
OriginalFilename : hcm.exe

#:19 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293253743
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 0


12:26:49 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:18.610
Objects scanned:100976
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#15
skugler
Posted 30 April 2005 - 10:41 AM

skugler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:tazz:
Now the EDowProc.exe is gone, however, EDow.exe still appears in my C:\Temp\ folder. Please advise!

Thanks
Seymour Kugler
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP