Logfile Created on:Monday, April 25, 2005 8:54:11 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):31 total references
AdShooter(TAC index:6):6 total references
Alexa(TAC index:5):1 total references
BargainBuddy(TAC index:8):50 total references
BlazeFind(TAC index:5):4 total references
Dialer.IEDisco(TAC index:5):9 total references
DyFuCA(TAC index:3):15 total references
EGroup Dialer(TAC index:5):16 total references
eSyndicate BHO(TAC index:6):2 total references
Favoriteman(TAC index:8):4 total references
FizzleBar(TAC index:5):1 total references
Hijacker.TopConverting(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Search Relevancy(TAC index:5):15 total references
TopMoxie(TAC index:3):3 total references
Tracking Cookie(TAC index:3):263 total references
UpdateLoader Malware(TAC index:5):3 total references
WhenU(TAC index:3):8 total references
WindUpdates(TAC index:8):27 total references
VX2(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:15 %
Total physical memory:130476 kb
Available physical memory:2136 kb
Total page file size:1966672 kb
Available on page file:1820372 kb
Total virtual memory:2093056 kb
Available virtual memory:2042496 kb
OS:
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-25-05 8:54:11 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293894659
Threads : 5
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4292894531
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4292897235
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4292870547
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSGLOOP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGLOOP.EXE
Command Line : n/a
ProcessID : 4292875703
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE
#:6 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4292881103
Threads : 16
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
#:7 [MSG32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSG32.EXE
Command Line : MSG32.EXE
ProcessID : 4292907931
Threads : 2
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE
#:8 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4292910683
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE
#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4292913895
Threads : 12
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4292982263
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4292984199
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:12 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4293030283
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
#:13 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4293016903
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:14 [ADMILLISERV.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"
ProcessID : 4293038119
Threads : 4
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : ADMILLICOMM.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\ADMILLI SERVICE\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLICOMM.DLL)
WindUpdates Object Recognized!
Type : Process
Data : ADMILLISERV.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\ADMILLI SERVICE\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE)
Warning! "C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE"Process could not be terminated!
#:15 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4293045251
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:16 [ADMILLIKEEP.EXE]
ModuleName : C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
Command Line : "C:\PROGRAM FILES\ADMILLI SERVICE\AdmilliKeep.exe"
ProcessID : 4293084471
Threads : 2
Priority : Normal
#:17 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4293150559
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE
#:18 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4293164795
Threads : 7
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:19 [DIALER.EXE]
ModuleName : C:\PROGRAM FILES\MFIRE\DIALER.EXE
Command Line : "C:\Program Files\mFire\dialer.exe" dial
ProcessID : 4293076107
Threads : 3
Priority : Normal
FileVersion : 3.0.5.2
ProductVersion : 3.05
ProductName : ISPWizard Dialer - Internet Setup Program Wizard Dialer
CompanyName : ISPWizard
FileDescription : ISPWizard Dialer
LegalCopyright : Copyright 2000-2005 Mark Griffiths
Comments : http://www.ispwizard.com
#:20 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : C:\PROGRA~1\INTERN~1\iexplore.exe
ProcessID : 4293246295
Threads : 5
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
BargainBuddy Object Recognized!
Type : Process
Data : MSBE.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL
Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSBE.DLL)
#:21 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\PROGRA~1\INTERN~1\iexplore.exe"
ProcessID : 4293239787
Threads : 7
Priority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
BargainBuddy Object Recognized!
Type : Process
Data : MSBE.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 2, 0, 0, 17
ProductVersion : 2, 0, 0, 17
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL
Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSBE.DLL)
#:22 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4293442687
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :
Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3446598e-00e4-4b5e-99a6-87ecca8324a2}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
Value :
EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1
EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egdhtml.egdialhtml.1
Value :
EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{26d73573-f1b3-48c9-a989-e6ce071957a1}
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :
UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
UpdateLoader Malware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc}
Value :
UpdateLoader Malware Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb}
AdShooter Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : u_id
AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\dr_s
Value : time
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\policies\avenue media
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayIcon
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : DisplayName
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer
Value : UninstallString
EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : SystemComponent
EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
Value : Installer
EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : DisplayName
EGroup Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\instant access
Value : UninstallString
Favoriteman Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000ef1-0786-4633-87c6-1aa7a44296da}
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1d7e3b41-23ce-469b-be1b-a64b877923e1}
Value :
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : UninstallString
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\admilli service
Value : DisplayName
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : param
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : DownloadPath
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : Language
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : SoftwareTable
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : reqcount
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : track
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admilli service
Value : LastUpdate
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment : "{92f02779-6d88-4958-8ad3-83c12d86adc7}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {92f02779-6d88-4958-8ad3-83c12d86adc7}
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Admilli Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Admilli Service
eSyndicate BHO Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "navtime"
Rootkey : HKEY_USERS
Object : .default\software\livesvc
Value : navtime
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 91
Objects found so far: 95
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : .Default\Software\Microsoft\Internet ExplorerSearchin.webcounter.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchin.webcounter.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : Search
Data : "http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d%2d/?%63%78%6c%6f%77"
Dialer.IEDisco Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : .Owner
Dialer.IEDisco Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/EGDACCESS_1056.dll
Value : {3446598E-00E4-4B5E-99A6-87ECCA8324A2}
Dialer.IEDisco Object Recognized!
Type : File
Data : /windows/system/egdaccess_1056.dll
Category : Dialer
Comment :
Object : c:\
Dialer.IEDisco Object Recognized!
Type : RegValue
Data : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\SYSTEM\EGDACCESS_1056.dll
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 103
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@bluestreak[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@tripod[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : unknown user@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\unknown user@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tickle[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tripod[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@tripod[3].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@tripod[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[7].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[7].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@qksrv[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@maxserving[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@cgi-bin[9].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\seymour@cgi-bin[9].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : seymour@valueclick[2].txt
Category : Data Miner
Comment :