Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]trojan-spy.html.smitfraud.c


  • Please log in to reply

#1
iambrooke

iambrooke

    New Member

  • Member
  • Pip
  • 7 posts
I am having a terrible time attempting to get rid of this mess... if anyone has any suggestions, please let me know. otherwise, i am throwing this [bleep] machine out in road :tazz:
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 26, 2005 8:54:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
BrilliantDigital(TAC index:6):54 total references
CoolWebSearch(TAC index:10):31 total references
Possible Browser Hijack attempt(TAC index:3):36 total references
Tracking Cookie(TAC index:3):40 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:28 %
Total physical memory:261616 kb
Available physical memory:71660 kb
Total page file size:632560 kb
Available on page file:430808 kb
Total virtual memory:2097024 kb
Available virtual memory:2048860 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-26-2005 8:54:13 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 432
ThreadCreationTime : 4-27-2005 1:04:50 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 4-27-2005 1:04:51 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 4-27-2005 1:04:51 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 4-27-2005 1:04:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 4-27-2005 1:04:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 4-27-2005 1:04:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 796
ThreadCreationTime : 4-27-2005 1:04:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 4-27-2005 1:04:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 940
ThreadCreationTime : 4-27-2005 1:04:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 4-27-2005 1:04:55 AM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 4-27-2005 1:04:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 4-27-2005 1:04:55 AM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1268
ThreadCreationTime : 4-27-2005 1:04:55 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1416
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Normal
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:15 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 1424
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:16 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 1440
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1452
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [sunasdtserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1468
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:19 [sunasserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1476
ThreadCreationTime : 4-27-2005 1:04:57 AM
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:20 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1516
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:21 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 1568
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 7.1.1.44
ProductVersion : 7.1.1.44
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mscifapp.exe

#:22 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1576
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 6.1.0.6
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:23 [mcvsescn.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1624
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:24 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1628
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:25 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 1644
ThreadCreationTime : 4-27-2005 1:04:58 AM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:26 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1704
ThreadCreationTime : 4-27-2005 1:04:59 AM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:27 [wp.exe]
FilePath : C:\
ProcessID : 1712
ThreadCreationTime : 4-27-2005 1:04:59 AM
BasePriority : Normal


#:28 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1732
ThreadCreationTime : 4-27-2005 1:04:59 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:29 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 232
ThreadCreationTime : 4-27-2005 1:05:04 AM
BasePriority : Normal


#:30 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 348
ThreadCreationTime : 4-27-2005 1:05:04 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:31 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 364
ThreadCreationTime : 4-27-2005 1:05:04 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:32 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 420
ThreadCreationTime : 4-27-2005 1:05:04 AM
BasePriority : Normal
FileVersion : 6.1.0.7
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 1998-2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE

#:33 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 452
ThreadCreationTime : 4-27-2005 1:05:04 AM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:34 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1052
ThreadCreationTime : 4-27-2005 1:05:05 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:35 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1504
ThreadCreationTime : 4-27-2005 1:05:06 AM
BasePriority : Normal


#:36 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 4-27-2005 1:05:11 AM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright ©PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:37 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 896
ThreadCreationTime : 4-27-2005 1:05:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2068
ThreadCreationTime : 4-27-2005 1:05:18 AM
BasePriority : High


#:39 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2316
ThreadCreationTime : 4-27-2005 1:05:26 AM
BasePriority : Normal
FileVersion : 7.0.0.1167
ProductVersion : 7.0.0.1167
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3768
ThreadCreationTime : 4-27-2005 1:51:18 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{51958166-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{82fc7881-aacc-11d2-b9c6-0000e842e40a}

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : DisplayName

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : UnInstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : Type

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : Start

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ErrorControl

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ImagePath

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ObjectName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : FailureActions

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08
Value : NextInstance

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-484061587-725345543-1008\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 53
Objects found so far: 53


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : 05p.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
Value : *
Trusted zone presumably compromised : blazefind.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Value : *
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : slotch.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Value : *
Trusted zone presumably compromised : xxxtoolbar.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Value : *
Trusted zone presumably compromised : 05p.com
Trusted zone presumably compromised : blazefind.com
Trusted zone presumably compromised : clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : slotch.com
Trusted zone presumably compromised : static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
Value : *
Trusted zone presumably compromised : 05p.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
Trusted zone presumably compromised : blazefind.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Trusted zone presumably compromised : slotch.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Trusted zone presumably compromised : xxxtoolbar.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Trusted zone presumably compromised : 05p.com
Trusted zone presumably compromised : blazefind.com
Trusted zone presumably compromised : clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Trusted zone presumably compromised : my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Trusted zone presumably compromised : scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : slotch.com
Trusted zone presumably compromised : static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Ro
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log.
  • 0

#3
iambrooke

iambrooke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your help, Andy. I will post the results of the scan on hijack this.
:tazz:
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Are you still having problems?

Did the above instructions help?
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Dammz your topic has been split and moved to here:
http://www.geekstogo...070
  • 0

#6
iambrooke

iambrooke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hey Andy, the help you gave me cleared up my desktop issue--thank goodness. thanks so much. the activescan found around 40 other spyware on the computer so I guess I will post it on hijackthis. thanks again!
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hi

I'm glad one of your problems is solved.

Though before we got to HJT, could I possibly see your latest Ad-aware SE logfile with the latest definition file,

Just to see if Ad-aware can help ;)

Thanks :tazz:
  • 0

#8
iambrooke

iambrooke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey Andy,
Here's my latest adware scan results, hope its in the right format. Thanks for all of your help!! :tazz:

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 10:54:03 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
BrilliantDigital(TAC index:6):54 total references
CoolWebSearch(TAC index:10):28 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:17 %
Total physical memory:261616 kb
Available physical memory:42836 kb
Total page file size:632560 kb
Available on page file:392268 kb
Total virtual memory:2097024 kb
Available virtual memory:2049392 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 10:54:03 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 5-1-2005 3:18:12 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 5-1-2005 3:18:14 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 5-1-2005 3:18:14 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 5-1-2005 3:18:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 5-1-2005 3:18:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 5-1-2005 3:18:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 760
ThreadCreationTime : 5-1-2005 3:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 5-1-2005 3:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 5-1-2005 3:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 5-1-2005 3:18:17 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 5-1-2005 3:18:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 5-1-2005 3:18:17 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1280
ThreadCreationTime : 5-1-2005 3:18:19 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1352
ThreadCreationTime : 5-1-2005 3:18:20 PM
BasePriority : Normal


#:15 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1388
ThreadCreationTime : 5-1-2005 3:18:20 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:16 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1424
ThreadCreationTime : 5-1-2005 3:18:20 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:17 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1436
ThreadCreationTime : 5-1-2005 3:18:20 PM
BasePriority : Normal
FileVersion : 6.1.0.7
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 1998-2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE

#:18 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1612
ThreadCreationTime : 5-1-2005 3:18:21 PM
BasePriority : Normal
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:19 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 1644
ThreadCreationTime : 5-1-2005 3:18:21 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:20 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1680
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:21 [sunasserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1688
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:22 [sunasdtserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1696
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:23 [qkshield.exe]
FilePath : C:\WINDOWS\
ProcessID : 1712
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 2.3.0.0
ProductVersion : 2.3.0.0
ProductName : QuikShield
CompanyName : United Software
FileDescription : QuikShield
InternalName : QuikShield
LegalCopyright : Copyright © 2003 United Software.
LegalTrademarks : United Software
QuikShield
OriginalFilename : qkshield.exe
Comments : http://www.quikshield.com

#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1720
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:25 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 1748
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 7.1.1.44
ProductVersion : 7.1.1.44
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mscifapp.exe

#:26 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1756
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:27 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1768
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:28 [lxbfbmgr.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1776
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:29 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 1808
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:30 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1820
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:31 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 1844
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:32 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1864
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 6.1.0.6
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1884
ThreadCreationTime : 5-1-2005 3:18:22 PM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:34 [lxbfbmon.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1928
ThreadCreationTime : 5-1-2005 3:18:23 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:35 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 844
ThreadCreationTime : 5-1-2005 3:18:34 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:36 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 940
ThreadCreationTime : 5-1-2005 3:18:35 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:37 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 5-1-2005 3:18:35 PM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright ©PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:38 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1004
ThreadCreationTime : 5-1-2005 3:18:35 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:39 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1632
ThreadCreationTime : 5-1-2005 3:18:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:40 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2272
ThreadCreationTime : 5-1-2005 3:18:43 PM
BasePriority : Normal


#:41 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2632
ThreadCreationTime : 5-1-2005 3:18:51 PM
BasePriority : High


#:42 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3192
ThreadCreationTime : 5-1-2005 3:19:18 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:43 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 192
ThreadCreationTime : 5-1-2005 3:19:49 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:44 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3288
ThreadCreationTime : 5-1-2005 3:38:29 PM
BasePriority : Normal
FileVersion : 7.0.0.1167
ProductVersion : 7.0.0.1167
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:45 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3588
ThreadCreationTime : 5-1-2005 3:50:48 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:46 [ybrowser.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 1132
ThreadCreationTime : 5-1-2005 3:51:37 PM
BasePriority : Normal
FileVersion : 2003, 10, 22, 2
ProductVersion : 3, 0, 2, 0
ProductName : Yahoo! Browser
CompanyName : Yahoo!, Inc.
FileDescription : Yahoo! Browser
InternalName : YBrowser
LegalCopyright : Copyright © 2002-2003 Yahoo! Inc.
OriginalFilename : YBrowser.EXE

#:47 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3992
ThreadCreationTime : 5-1-2005 3:53:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2016
ThreadCreationTime : 5-1-2005 3:53:39 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{51958166-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{82fc7881-aacc-11d2-b9c6-0000e842e40a}

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : DisplayName

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : UnInstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : Type

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : Start

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ErrorControl

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ImagePath

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : ObjectName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\ 6qÔõ'ª´ÆÐ8
Value : FailureActions

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08
Value : NextInstance

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-484061587-725345543-1008\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 51
Objects found so far: 51


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : brooke and ngaruiya@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:brooke and ngaruiya@imrworldwide.com/cgi-bin
Expires : 1-18-2009 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 52



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : customer@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\customer(2)\Cookies(2)\customer@bfast[1].txt

CoolWebSearch Object Recognized!
Type : File
Data : agacr.log
Category : Malware
Comment :
Object : C:\WINDOWS\



BrilliantDigital Object Recognized!
Type : File
Data : bdeclean.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 0, 7, 0
ProductVersion : 3, 0, 7, 0
ProductName : Brilliant Digital uninstaller
CompanyName : Brilliant Digital
FileDescription : BDEClean
InternalName : BDEClean
LegalCopyright : Copyright © 2001
OriginalFilename : BDEClean.exe


CoolWebSearch Object Recognized!
Type : File
Data : oovyq.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



BrilliantDigital Object Recognized!
Type : File
Data : bde3d_ref2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 6, 0
ProductVersion : 3, 1, 6, 0
ProductName : bde3d_ref
CompanyName : Brilliant Digital
FileDescription : bde3d_ref
InternalName : bde3d_ref
LegalCopyright : Copyright © 2000
OriginalFilename : bde3d_ref.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdedata2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 1, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEData Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEData (Release)
InternalName : BDEDATA
LegalCopyright : Copyright 1999
OriginalFilename : BDEDATA2.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdedownloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 38, 0
ProductVersion : 3, 0, 38, 0
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
LegalCopyright : Copyright © 2001 Brilliant Digital Entertainment Inc.
OriginalFilename : BDEDownloader.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdefdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
LegalCopyright : Copyright © 2000
OriginalFilename : BDEFdiTest.exe


BrilliantDigital Object Recognized!
Type : File
Data : bdeinsta.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 2, 3, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEInstallerComponent Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESmartInstaller (Release)
InternalName : BDEINSTALLERCOMPONENT
LegalCopyright : Copyright 1999
OriginalFilename : BDEINSTALLERCOMPONENT.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdeinsta2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 2, 3, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEInstallerComponent Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESmartInstaller (Release)
InternalName : BDEINSTALLERCOMPONENT
LegalCopyright : Copyright 1999
OriginalFilename : BDEINSTALLERCOMPONENT.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdeload.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 11, 0
ProductVersion : 3, 0, 11, 0
ProductName : Brilliant Digital Entertainment bdeload
CompanyName : Brilliant Digital Entertainment
FileDescription : bdeload
InternalName : bdeload
LegalCopyright : Copyright © 2000
OriginalFilename : bdeload.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDERastDx6_30002.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
ProductName : DX6Rast
CompanyName : Brilliant Digital
FileDescription : DX6Rast
InternalName : DX6Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : DX6Rast.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDERastMMX_30001.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 22, 0
ProductVersion : 3, 0, 22, 0
ProductName : MMX16Rast
CompanyName : Brilliant Digital
FileDescription : MMX16Rast
InternalName : MMX16Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : MMX16Rast.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDESac10.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
ProductName : BDESound
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESac10
InternalName : BDESac10
LegalCopyright : Copyright © 2001
OriginalFilename : BDESac10.dll


CoolWebSearch Object Recognized!
Type : File
Data : fpfvv.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : iasdb.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : mdtzy.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : rcvkh.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : xusmk.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : vgjyp.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : zojio.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 73




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d
Value :

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\\BDE

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde

BrilliantDigital Object Recognized!
Type : File
Data : bdeengine2.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : BDEimage.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : bdeplayer2.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : bdeviewer.exe
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : npbdplay2.dll
Category : Data Miner
Comment :
Object : c:\bde\



CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next CoolWebSearch ONLY. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#10
iambrooke

iambrooke

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Andy, I followed the instructions you gave and here are my log results. Thanks again, for your time.

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 3:34:33 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
BrilliantDigital(TAC index:6):54 total references
CoolWebSearch(TAC index:10):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:13 %
Total physical memory:261616 kb
Available physical memory:33924 kb
Total page file size:632560 kb
Available on page file:437280 kb
Total virtual memory:2097024 kb
Available virtual memory:2049388 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 3:34:33 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 428
ThreadCreationTime : 5-1-2005 8:32:54 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 476
ThreadCreationTime : 5-1-2005 8:32:55 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 5-1-2005 8:32:56 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 5-1-2005 8:32:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 5-1-2005 8:32:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 5-1-2005 8:32:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 5-1-2005 8:32:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 884
ThreadCreationTime : 5-1-2005 8:32:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 5-1-2005 8:32:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 5-1-2005 8:32:59 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1156
ThreadCreationTime : 5-1-2005 8:33:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 5-1-2005 8:33:00 PM
BasePriority : Normal
FileVersion : 8.19
ProductVersion : 8.19
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1244
ThreadCreationTime : 5-1-2005 8:33:00 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1444
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:15 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ProcessID : 1460
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:16 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1480
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:17 [sunasserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1492
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Idle
FileVersion : 1.00.0054
ProductVersion : 1.00.0054
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy AntiSpyware Service
InternalName : sunasServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasServ.exe

#:18 [sunasdtserv.exe]
FilePath : C:\Program Files\Sunbelt Software\CounterSpy Client\
ProcessID : 1500
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 1.00.0121
ProductVersion : 1.00.0121
ProductName : CounterSpy
CompanyName : Sunbelt Software Inc.
FileDescription : CounterSpy Data Service
InternalName : sunasDtServ
LegalCopyright : Copyright © 2004, Sunbelt Software Inc. All rights reserved.
OriginalFilename : sunasDtServ.exe

#:19 [qkshield.exe]
FilePath : C:\WINDOWS\
ProcessID : 1516
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 2.3.0.0
ProductVersion : 2.3.0.0
ProductName : QuikShield
CompanyName : United Software
FileDescription : QuikShield
InternalName : QuikShield
LegalCopyright : Copyright © 2003 United Software.
LegalTrademarks : United Software
QuikShield
OriginalFilename : qkshield.exe
Comments : http://www.quikshield.com

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1524
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1552
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:22 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 1568
ThreadCreationTime : 5-1-2005 8:33:02 PM
BasePriority : Normal
FileVersion : 7.1.1.44
ProductVersion : 7.1.1.44
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mscifapp.exe

#:23 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1576
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:24 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1584
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:25 [lxbfbmgr.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1592
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Manager
InternalName : lxbfbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmgr.exe

#:26 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 1644
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:27 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1652
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 6.1.0.6
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:28 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1672
ThreadCreationTime : 5-1-2005 8:33:03 PM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:29 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 1692
ThreadCreationTime : 5-1-2005 8:33:04 PM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:30 [lxbfbmon.exe]
FilePath : C:\Program Files\Lexmark X6100 Series\
ProcessID : 1700
ThreadCreationTime : 5-1-2005 8:33:04 PM
BasePriority : Normal
FileVersion : 0.1.25.0
ProductVersion : 0.1.25.0
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X6100 Series Button Monitor
InternalName : lxbfbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbfbmon.exe

#:31 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 2008
ThreadCreationTime : 5-1-2005 8:33:08 PM
BasePriority : Normal


#:32 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 172
ThreadCreationTime : 5-1-2005 8:33:08 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:33 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 196
ThreadCreationTime : 5-1-2005 8:33:09 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:34 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 232
ThreadCreationTime : 5-1-2005 8:33:09 PM
BasePriority : Normal
FileVersion : 6.1.0.7
ProductVersion : 6.1
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 1998-2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE

#:35 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 416
ThreadCreationTime : 5-1-2005 8:33:11 PM
BasePriority : Normal
FileVersion : 6.1.0.44
ProductVersion : 6.1.0.44
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:36 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 944
ThreadCreationTime : 5-1-2005 8:33:14 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:37 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1512
ThreadCreationTime : 5-1-2005 8:33:14 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:38 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2112
ThreadCreationTime : 5-1-2005 8:33:18 PM
BasePriority : Normal


#:39 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2196
ThreadCreationTime : 5-1-2005 8:33:22 PM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright ©PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:40 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2244
ThreadCreationTime : 5-1-2005 8:33:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:41 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2328
ThreadCreationTime : 5-1-2005 8:33:23 PM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:42 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2596
ThreadCreationTime : 5-1-2005 8:33:32 PM
BasePriority : High


#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3704
ThreadCreationTime : 5-1-2005 8:34:05 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:44 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3896
ThreadCreationTime : 5-1-2005 8:34:15 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller.bdesmartinstaller.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{67925165-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{51958166-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{82fc7881-aacc-11d2-b9c6-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\brilliant digital entertainment

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : DisplayName

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : UnInstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-484061587-725345543-1008\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 42
Objects found so far: 42


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : customer@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\customer(2)\Cookies(2)\customer@bfast[1].txt

BrilliantDigital Object Recognized!
Type : File
Data : bdeclean.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 0, 7, 0
ProductVersion : 3, 0, 7, 0
ProductName : Brilliant Digital uninstaller
CompanyName : Brilliant Digital
FileDescription : BDEClean
InternalName : BDEClean
LegalCopyright : Copyright © 2001
OriginalFilename : BDEClean.exe


BrilliantDigital Object Recognized!
Type : File
Data : bde3d_ref2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 6, 0
ProductVersion : 3, 1, 6, 0
ProductName : bde3d_ref
CompanyName : Brilliant Digital
FileDescription : bde3d_ref
InternalName : bde3d_ref
LegalCopyright : Copyright © 2000
OriginalFilename : bde3d_ref.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdedata2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 1, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEData Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEData (Release)
InternalName : BDEDATA
LegalCopyright : Copyright 1999
OriginalFilename : BDEDATA2.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdedownloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 38, 0
ProductVersion : 3, 0, 38, 0
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
LegalCopyright : Copyright © 2001 Brilliant Digital Entertainment Inc.
OriginalFilename : BDEDownloader.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdefdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
LegalCopyright : Copyright © 2000
OriginalFilename : BDEFdiTest.exe


BrilliantDigital Object Recognized!
Type : File
Data : bdeinsta.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 2, 3, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEInstallerComponent Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESmartInstaller (Release)
InternalName : BDEINSTALLERCOMPONENT
LegalCopyright : Copyright 1999
OriginalFilename : BDEINSTALLERCOMPONENT.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdeinsta2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 2, 3, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEInstallerComponent Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESmartInstaller (Release)
InternalName : BDEINSTALLERCOMPONENT
LegalCopyright : Copyright 1999
OriginalFilename : BDEINSTALLERCOMPONENT.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdeload.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 11, 0
ProductVersion : 3, 0, 11, 0
ProductName : Brilliant Digital Entertainment bdeload
CompanyName : Brilliant Digital Entertainment
FileDescription : bdeload
InternalName : bdeload
LegalCopyright : Copyright © 2000
OriginalFilename : bdeload.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDERastDx6_30002.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
ProductName : DX6Rast
CompanyName : Brilliant Digital
FileDescription : DX6Rast
InternalName : DX6Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : DX6Rast.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDERastMMX_30001.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 0, 22, 0
ProductVersion : 3, 0, 22, 0
ProductName : MMX16Rast
CompanyName : Brilliant Digital
FileDescription : MMX16Rast
InternalName : MMX16Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : MMX16Rast.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDESac10.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
ProductName : BDESound
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESac10
InternalName : BDESac10
LegalCopyright : Copyright © 2001
OriginalFilename : BDESac10.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 54


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 54




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d
Value :

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\\BDE

BrilliantDigital Object Recognized!
Type : File
Data : bdeengine2.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : BDEimage.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : bdeplayer2.dll
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : bdeviewer.exe
Category : Data Miner
Comment :
Object : c:\bde\



BrilliantDigital Object Recognized!
Type : File
Data : npbdplay2.dll
Category : Data Miner
Comment :
Object : c:\bde\



CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 68

3:45:52 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:18.891
Objects scanned:104412
Objects identified:68
Objects ignored:0
New critical objects:68
  • 0

#11
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi iambrooke
I noticed in another topic you started that you Security patches are not current, ( By the way I closed the topic )

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.


Thanks
Don
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP