Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

p2esocks_1020.dll problems

Started by famv , Apr 28 2005 09:18 PM

  • This topic is locked This topic is locked

#1
famv
Posted 28 April 2005 - 09:18 PM

famv

    Member

  • Member
  • PipPip
  • 11 posts
when i turn on the pc an error with the p2esocks_1020.dll apears, i decided to scan with ad-awere and post my log maybe you can help me to fix my problem.

many thanx. :tazz:

Ad-Aware SE Build 1.05
Logfile Created on:Jueves, 28 de Abril de 2005 08:33:45 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE(TAC index:4):15 total references
DialPass(TAC index:5):4 total references
DyFuCA(TAC index:3):4 total references
Elitum.ElitebarBHO(TAC index:5):3 total references
IBIS Toolbar(TAC index:5):87 total references
istbar.dotcomToolbar(TAC index:5):23 total references
istbar(TAC index:7):5 total references
MagicControl(TAC index:7):21 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):102 total references
WindUpdates(TAC index:8):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:46 %
Total physical memory:523760 kb
Available physical memory:239304 kb
Total page file size:1280660 kb
Available on page file:1029564 kb
Total virtual memory:2097024 kb
Available virtual memory:2047532 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


28-04-2005 08:33:45 p.m. - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 476
ThreadCreationTime : 28-04-2005 10:17:55 p.m.
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 524
ThreadCreationTime : 28-04-2005 10:17:56 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 548
ThreadCreationTime : 28-04-2005 10:17:57 p.m.
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 592
ThreadCreationTime : 28-04-2005 10:17:57 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 604
ThreadCreationTime : 28-04-2005 10:17:57 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 760
ThreadCreationTime : 28-04-2005 10:17:58 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 28-04-2005 10:17:58 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 892
ThreadCreationTime : 28-04-2005 10:17:58 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 940
ThreadCreationTime : 28-04-2005 10:17:58 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1068
ThreadCreationTime : 28-04-2005 10:17:59 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1284
ThreadCreationTime : 28-04-2005 10:18:00 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1372
ThreadCreationTime : 28-04-2005 10:18:00 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1460
ThreadCreationTime : 28-04-2005 10:18:01 p.m.
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:14 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 1484
ThreadCreationTime : 28-04-2005 10:18:01 p.m.
BasePriority : Normal
FileVersion : 1.1.0.121
ProductVersion : 1.1.0.121
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE

#:15 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1496
ThreadCreationTime : 28-04-2005 10:18:01 p.m.
BasePriority : High


#:16 [p2p networking.exe]
ModuleName : C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 1608
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 1, 23, 10, 40
ProductVersion : 1, 23, 10, 40
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2003 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:17 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 1624
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 7.00.0617.0
ProductVersion : 7.00.0617.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Detección de Microsoft® Works Update
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:18 [apvxdwin.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
ProcessID : 1652
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 3, 3, 23, 0
ProductVersion : 8.05.01
ProductName : Panda Antivirus Platinum
CompanyName : Panda Software International
FileDescription : Platinum permanent protection
InternalName : Apvxdwin.exe
LegalCopyright : © Panda Software 2004

#:19 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1668
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 1676
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:21 [msgplus.exe]
ModuleName : C:\Program Files\MessengerPlus! 3\MsgPlus.exe
Command Line : "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ProcessID : 1684
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal


#:22 [gamedrvr.exe]
ModuleName : C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
Command Line : "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
ProcessID : 1696
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : 5.0.0.190
ProductVersion : 5.0.0.190
ProductName : WildTangent Game Loader
CompanyName : WildTangent, Inc.
FileDescription : WildTangent Automatic Update Manager
LegalCopyright : All Rights Reserved © 2003-2004 WildTangent, Inc.

#:23 [shadowbar.exe]
ModuleName : C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
Command Line : "C:\Program Files\hp center\137903\Shadow\ShadowBar.exe" -STARTUP
ProcessID : 1852
ThreadCreationTime : 28-04-2005 10:18:02 p.m.
BasePriority : Normal
FileVersion : Version 1.0 (Build 194R)
ProductVersion : Version 1.0 (Build 194R)
ProductName : ShadowBar Module
FileDescription : ShadowBar Module
InternalName : ShadowBar
LegalCopyright : ©2001 BackWeb Technologies.
OriginalFilename : ShadowBar.EXE

#:24 [backweb-137903.exe]
ModuleName : C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
Command Line : "C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" -startup
ProcessID : 1896
ThreadCreationTime : 28-04-2005 10:18:03 p.m.
BasePriority : Normal


#:25 [backweb-7288971.exe]
ModuleName : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
Command Line : "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"
ProcessID : 1928
ThreadCreationTime : 28-04-2005 10:18:03 p.m.
BasePriority : Normal


#:26 [msoffice.exe]
ModuleName : C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
Command Line : "C:\Program Files\Microsoft Office\Office\1033\msoffice.exe"
ProcessID : 2044
ThreadCreationTime : 28-04-2005 10:18:04 p.m.
BasePriority : Normal
FileVersion : 9.0.2601
ProductVersion : 9.0.2601
ProductName : Microsoft Office 2000
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office 2000 component
InternalName : MSOFFICE
LegalCopyright : Copyright© Microsoft Corporation 1994-1999. All rights reserved.
OriginalFilename : MSOFFICE.EXE

#:27 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 112
ThreadCreationTime : 28-04-2005 10:18:08 p.m.
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe

#:28 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 520
ThreadCreationTime : 28-04-2005 10:18:08 p.m.
BasePriority : Normal
FileVersion : 6.13.10.2942
ProductVersion : 6.13.10.2942
ProductName : NVIDIA Driver Helper Service, Version 29.42
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.42
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [passrv.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe"
ProcessID : 660
ThreadCreationTime : 28-04-2005 10:18:08 p.m.
BasePriority : Normal


#:30 [pavfires.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
Command Line : n/a
ProcessID : 876
ThreadCreationTime : 28-04-2005 10:18:11 p.m.
BasePriority : Normal
FileVersion : 1, 5, 1, 4
ProductVersion : 8, 4, 0, 0
ProductName : Platinum Internet Security
CompanyName : Panda Software
FileDescription : Personal Firewall Service
InternalName : Pavfires
LegalCopyright : Copyright © 2004 Panda Software
OriginalFilename : Pavfires.exe

#:31 [srvload.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
Command Line : C:\Program FILES\PANDA SOFTWARE\PANDA PLATINUM INTERNET SECURITY\SRVLOAD.EXE
ProcessID : 968
ThreadCreationTime : 28-04-2005 10:18:14 p.m.
BasePriority : Normal
FileVersion : 1, 4, 3, 0
ProductVersion : 8, 4, 0, 0
ProductName : Panda Platinum Internet Security
CompanyName : panda
FileDescription : SrvLoader
InternalName : SrvLoader
LegalCopyright : © Panda Software 2004
OriginalFilename : SrvLoad.exe

#:32 [pavprsrv.exe]
ModuleName : C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Command Line : "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"
ProcessID : 1164
ThreadCreationTime : 28-04-2005 10:18:21 p.m.
BasePriority : Normal
FileVersion : 1.1.1.0
ProductVersion : 1.1.1.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2003, Panda Software
OriginalFilename : PavPrSrv.exe

#:33 [pavsrv51.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe"
ProcessID : 1188
ThreadCreationTime : 28-04-2005 10:18:21 p.m.
BasePriority : High
FileVersion : 1, 2, 1026, 6
ProductVersion : 1.2.1026.0
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : On-Access Antivirus Scanner Service.
InternalName : pavsrv.exe
LegalCopyright : © Panda Software 2003.
OriginalFilename : pavsrv.exe

#:34 [psimsvc.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\psimsvc.exe"
ProcessID : 1252
ThreadCreationTime : 28-04-2005 10:18:22 p.m.
BasePriority : Normal
FileVersion : 1, 3, 2, 0
ProductVersion : 1, 3, 2, 0
ProductName : Panda Antivirus
CompanyName : Panda Software Internacional
FileDescription : Common Interface Manager
InternalName : PsImSvc
LegalCopyright : © Panda Software 2004.
OriginalFilename : PsImSvc.exe

#:35 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 1096
ThreadCreationTime : 28-04-2005 10:18:22 p.m.
BasePriority : Normal


#:36 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 1476
ThreadCreationTime : 28-04-2005 10:18:22 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:37 [avengine.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\\AVENGINE.EXE"
ProcessID : 1744
ThreadCreationTime : 28-04-2005 10:18:22 p.m.
BasePriority : Normal
FileVersion : 1, 2, 1026, 3
ProductVersion : 1.2.1026.0
ProductName : Panda Antivirus for Windows NT/2000/XP/2003
CompanyName : Panda Software
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine.exe
LegalCopyright : © Panda Software 2003.
OriginalFilename : avengine.exe

#:38 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1836
ThreadCreationTime : 28-04-2005 10:18:22 p.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:39 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 2004
ThreadCreationTime : 28-04-2005 10:18:23 p.m.
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:40 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3116
ThreadCreationTime : 28-04-2005 10:18:55 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:41 [webproxy.exe]
ModuleName : C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe
Command Line : "C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe"
ProcessID : 3884
ThreadCreationTime : 28-04-2005 10:19:12 p.m.
BasePriority : Normal
FileVersion : 4, 6, 9, 6
ProductVersion : 2, 1, 0, 0
ProductName : Internet Resident
CompanyName : Panda Software
FileDescription : WebProxy
InternalName : WebProxy
LegalCopyright : © Panda Software 2004
OriginalFilename : WebProxy.exe

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1316
ThreadCreationTime : 29-04-2005 02:33:33 a.m.
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
Value :

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d}

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d7a82a12-05f5-42d8-b30d-6ef995075d2d}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
Value :

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : component.mc

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : component.mc
Value :

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : component.mc.1

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : component.mc.1
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
Value :

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}

DialPass Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
Value :

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91}

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6d3f48f4-b40a-4c3f-a95c-85e23c3a8a91}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
Value :

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}

DialPass Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{37ac49e3-e906-4bd8-ae83-d0f7fb48fd17}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ba49bd6a-039c-428e-af33-8c1288d75a7b}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\software\ist
Value : InstallDate

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\software\ist
Value : config

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AccountNumber

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 79
Objects found so far: 79


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\MainSearch Page.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotf...ount_id=155828"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.couldnotf...ount_id=155828"
Possible Browser Hijack attempt : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\MainSearch Bar.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotf...ount_id=155828"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.couldnotf...ount_id=155828"
Possible Browser Hijack attempt : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\SearchSearchAssistant.couldnotfind.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.couldnotf...ount_id=155828"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1769746386-813958858-793999233-1003\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.couldnotf...ount_id=155828"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 82


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:706
Value : Cookie:[email protected]/
Expires : 18-05-2005 09:33:48 p.m.
LastSync : Hits:706
UseCount : 0
Hits : 706

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 10-03-2010 12:45:30 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[1].txt
Category : Data Miner
Comment : Hits:82
Value : Cookie:[email protected]/
Expires : 17-04-2010 09:33:46 p.m.
LastSync : Hits:82
UseCount : 0
Hits : 82

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[4].txt
Category : Data Miner
Comment : Hits:39
Value : Cookie:[email protected]/cgi-bin
Expires : 29-03-2015 08:28:34 p.m.
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@euniverseads[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 31-12-2010 06:00:00 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tripod[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 24-12-2005 10:11:20 p.m.
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:39
Value : Cookie:[email protected]/
Expires : 01-01-2038 02:00:00 a.m.
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[3].tx
  • 0

Advertisements

#2
famv
Posted 28 April 2005 - 09:24 PM

famv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@euniverseads[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 31-12-2010 06:00:00 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tripod[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 24-12-2005 10:11:20 p.m.
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:39
Value : Cookie:[email protected]/
Expires : 01-01-2038 02:00:00 a.m.
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[3].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/
Expires : 21-04-2030 06:34:18 p.m.
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 23-01-2006 12:10:08 a.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-06-2006 02:01:22 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@spylog[1].txt
Category : Data Miner
Comment : Hits:78
Value : Cookie:[email protected]/
Expires : 30-09-2005 09:10:48 p.m.
LastSync : Hits:78
UseCount : 0
Hits : 78

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 27-12-2004 08:50:02 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sexlist[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 25-04-2006 02:50:00 a.m.
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 14-03-2005 01:22:42 a.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@paycounter[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 30-12-2030 07:00:00 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 31-12-2020 06:00:00 p.m.
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][3].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 01-04-2005 08:28:28 p.m.
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:46
Value : Cookie:[email protected]/
Expires : 31-12-2037 06:00:00 p.m.
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[2].txt
Category : Data Miner
Comment : Hits:231
Value : Cookie:[email protected]/
Expires : 24-04-2015 10:38:34 a.m.
LastSync : Hits:231
UseCount : 0
Hits : 231

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 05-04-2073 09:01:44 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 03-03-2005 07:54:58 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:275
Value : Cookie:[email protected]/
Expires : 23-02-2010 07:44:56 p.m.
LastSync : Hits:275
UseCount : 0
Hits : 275

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valuecommerce[2].txt
Category : Data Miner
Comment : Hits:173
Value : Cookie:[email protected]/
Expires : 26-02-2008 10:04:42 p.m.
LastSync : Hits:173
UseCount : 0
Hits : 173

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
Category : Data Miner
Comment : Hits:658
Value : Cookie:[email protected]/
Expires : 08-04-2007 05:08:26 p.m.
LastSync : Hits:658
UseCount : 0
Hits : 658

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/
Expires : 27-04-2005 11:42:14 a.m.
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:358
Value : Cookie:[email protected]/
Expires : 24-04-2006 06:19:32 p.m.
LastSync : Hits:358
UseCount : 0
Hits : 358

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 26-12-2005 08:29:34 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:305
Value : Cookie:[email protected]/
Expires : 22-12-2009 06:00:00 p.m.
LastSync : Hits:305
UseCount : 0
Hits : 305

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@okcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 31-12-2004 10:57:36 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 11-01-2005 01:14:34 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[7].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/cgi-bin
Expires : 27-02-2015 06:00:00 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 17-01-2038 11:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[3].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:[email protected]/adrevolver/
Expires : 04-01-2006 10:06:10 a.m.
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[5].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/cgi-bin/
Expires : 03-04-2005 11:54:42 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@hitbox[2].txt
Category : Data Miner
Comment : Hits:35
Value : Cookie:[email protected]/
Expires : 27-04-2006 10:56:52 p.m.
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adrevolver[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/adrevolver/
Expires : 19-09-2007 02:59:50 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 05-01-2015 01:23:14 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:54
Value : Cookie:[email protected]/
Expires : 31-12-2009 06:00:00 p.m.
LastSync : Hits:54
UseCount : 0
Hits : 54

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 21-03-2006 05:54:38 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:56
Value : Cookie:[email protected]/
Expires : 21-06-2009 06:00:00 p.m.
LastSync : Hits:56
UseCount : 0
Hits : 56

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[1].txt
Category : Data Miner
Comment : Hits:236
Value : Cookie:[email protected]/
Expires : 18-04-2006 06:22:04 p.m.
LastSync : Hits:236
UseCount : 0
Hits : 236

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bravenet[2].txt
Category : Data Miner
Comment : Hits:42
Value : Cookie:[email protected]/
Expires : 27-03-2015 11:35:10 a.m.
LastSync : Hits:42
UseCount : 0
Hits : 42

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@overture[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/
Expires : 27-03-2015 11:17:32 p.m.
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@targetnet[1].txt
Category : Data Miner
Comment : Hits:39
Value : Cookie:[email protected]/
Expires : 17-05-2033 09:33:20 p.m.
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bfast[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 21-03-2025 06:29:24 p.m.
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@centrport[2].txt
Category : Data Miner
Comment : Hits:84
Value : Cookie:[email protected]/
Expires : 31-12-2029 06:00:00 p.m.
LastSync : Hits:84
UseCount : 0
Hits : 84

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 08-01-2005 08:55:14 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 03-04-2015 06:00:00 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[2].txt
Category : Data Miner
Comment : Hits:158
Value : Cookie:[email protected]/
Expires : 24-12-2007 06:46:52 p.m.
LastSync : Hits:158
UseCount : 0
Hits : 158

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tripod[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 26-12-2005 05:32:10 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/
Expires : 12-05-2024 12:07:28 p.m.
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 30-03-2005 10:49:52 a.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 31-12-2005 06:44:06 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ad-logics[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 27-12-2014 09:37:54 p.m.
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@estat[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 25-04-2015 06:34:18 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@goclick[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 31-12-2009 06:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@0[3].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/HTM/582/0
Expires : 07-01-2006 08:46:14 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 04-01-2015 11:57:20 a.m.
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tickle[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 21-04-2007 09:56:42 p.m.
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adtech[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 23-01-2015 07:41:14 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@maxserving[1].txt
Category : Data Miner
Comment : Hits:36
Value : Cookie:[email protected]/
Expires : 22-04-2015 06:17:08 p.m.
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 01-03-2006 11:35:10 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@weborama[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 20-03-2010 06:00:18 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@xxxcounter[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 23-04-2005 11:56:08 a.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 31-12-2034 06:00:00 p.m.
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@247realmedia[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 31-12-2010 06:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 17-01-2006 08:39:28 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 30-03-2005 10:39:40 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 26-09-2005 10:40:10 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fortunecity[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 31-12-2010 06:00:00 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 07-04-2010 05:36:30 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 30-12-2037 10:00:00 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 28-03-2005 01:48:56 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@linksynergy[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 23-04-2025 10:21:42 a.m.
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 14-03-2005 01:40:30 a.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@inet-traffic[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 20-07-2009 06:15:54 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 30-03-2005 08:02:42 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@spinbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 01-06-2006 01:05:32 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 27-04-2006 10:56:52 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 23-02-2005 02:50:34 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/cgi-bin/
Expires : 04-02-2006 01:53:12 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/cgi-bin
Expires : 27-02-2015 06:00:00 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@overstock[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 31-12-2005 06:00:00 p.m.
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 27-05-2005 06:36:28 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 28-08-2014 05:12:18 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@domainsponsor[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 30-03-2005 10:50:18 a.m.
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 20-02-2030 02:52:50 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 07-04-2010 05:36:30 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:150
Value : Cookie:[email protected]/
Expires : 21-04-2006 04:18:36 p.m.
LastSync : Hits:150
UseCount : 0
Hits : 150

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 29-01-2030 01:26:04 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 30-03-2005 08:53:10 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 22-03-2005 10:42:58 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/HTM/582/0
Expires : 07-01-2006 08:46:10 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valuead[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 31-12-2020 06:00:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[2].txt
Category : Data Miner
Comment : Hits:96
Value : Cookie:[email protected]/
Expires : 25-04-2010 10:49:52 p.m.
LastSync : Hits:96
UseCount : 0
Hits : 96

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 27-04-2005 04:42:14 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 15-01-2006 09:17:56 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 16-05-2005 04:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@hotlog[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 26-02-2006 03:33:34 p.m.
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 11-02-2009 08:14:08 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@[bleep]-access[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@[bleep]-access.com/
Expires : 04-04-2005 10:25:26 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[6].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 27-02-2015 06:00:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 102
Objects found so far: 184



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : File
Data : fGEdLPu.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : redirect9a[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63QB2PUR\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect9a
OriginalFilename : redirect9a.exe


istbar.dotcomToolbar Object Recognized!
Type : File
Data : dotcomtoolbar[2].asp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : dotcomtoolbar[3].asp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo2[1].gif
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo2[2].gif
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo[2].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo[3].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo[4].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : nav_hot[2].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : nav_hot[3].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : nav_hot[4].bmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K5YRGTAR\


Object "TB_setup.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : tb_setup[1].cab
Category : Data Miner
Comment : Object "TB_setup.exe" found in this archive.
Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WP2ZARGP\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : DotComToolbar.asp
Category : Data Miner
Comment :
Object : C:\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo.bmp
Category : Data Miner
Comment :
Object : C:\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo2.gif
Category : Data Miner
Comment :
Object : C:\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : nav_hot.bmp
Category : Data Miner
Comment :
Object : C:\



WindUpdates Object Recognized!
Type : File
Data : A0153265.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP222\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE


istbar.dotcomToolbar Object Recognized!
Type : File
Data : toolbar_nieuw11.dll
Category : Data Miner
Comment :
Object : C:\
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : TheLocalSearch Toolbar
FileDescription : TheLocalSearch Toolbar
InternalName : TheLocalSearch
LegalCopyright : Copyright 2002
OriginalFilename : tlsbar.dll


istbar.dotcomToolbar Object Recognized!
Type : File
Data : DotComToolbar.asp
Category : Data Miner
Comment :
Object : C:\WINDOWS\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : logo2.gif
Category : Data Miner
Comment :
Object : C:\WINDOWS\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : nav_hot.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\



istbar.dotcomToolbar Object Recognized!
Type : File
Data : redirect9a.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect9a
OriginalFilename : redirect9a.exe


WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



IBIS Toolbar Object Recognized!
Type : File
Data : ~343997.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~408679.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~411047.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~428449.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~440737.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~468429.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~511083.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~570606.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~625148.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~64345.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~654916.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~681204.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~708016.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~717715.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~732819.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~748835.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~845019.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~849849.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~851974.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~926785.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~956710.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : ~966648.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 231


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 231


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 231




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media access

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media access
Value : DisplayName

WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Media Access

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : common.buttons\clsid

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : common.buttons\clsid
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recogn
  • 0

#3
famv
Posted 28 April 2005 - 09:27 PM

famv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
Value : NextInstance

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc
Value : NextInstance

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : CustomizeSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata
Value : TUID

MagicControl Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\mc

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\mc
Value : 0

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\mc
Value : a0

MagicControl Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\mc
Value : SA

MagicControl Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent

MagicControl Object Recognized!
Type : File
Data : msegcompid.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



MagicControl Object Recognized!
Type : File
Data : acknowledged.mc2
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



MagicControl Object Recognized!
Type : File
Data : CompManagerPersist.mc2
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



MagicControl Object Recognized!
Type : File
Data : NaviPersist.mc2
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



MagicControl Object Recognized!
Type : File
Data : NaviPromo.mc2
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



MagicControl Object Recognized!
Type : File
Data : OrderPersist.mc2
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



MagicControl Object Recognized!
Type : File
Data : TimePersist
Category : Data Miner
Comment :
Object : C:\WINDOWS\mslagent\



AltnetBDE Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Altnet

AltnetBDE Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\Altnet

AltnetBDE Object Recognized!
Type : File
Data : admdata.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 1, 0, 1, 10
ProductVersion : 1, 0, 0, 0
ProductName : ADMData
CompanyName : Altnet
FileDescription : ADMData
InternalName : ADMData
LegalCopyright : Copyright 1999
OriginalFilename : ADMData.dll


AltnetBDE Object Recognized!
Type : File
Data : Atl.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 3.00.8168
ProductVersion : 6.00.8168
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : ATL.DLL


AltnetBDE Object Recognized!
Type : File
Data : DMinfo2.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : dminstall3.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : msvcirt.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 6.00.8168.0
ProductVersion : 6.00.8168.0
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® C++ Runtime Library
InternalName : MSVCIRT.DLL
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : MSVCIRT.DLL


AltnetBDE Object Recognized!
Type : File
Data : mysearch.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : pmfiles.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : pminstall.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : Setup.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar.dotcomToolbar Object Recognized!
Type : File
Data : redirect8.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect8
OriginalFilename : redirect8.exe


istbar.dotcomToolbar Object Recognized!
Type : File
Data : redirect9.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect9
OriginalFilename : redirect9.exe


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 54
Objects found so far: 285

09:10:22 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:36:36.266
Objects scanned:368650
Objects identified:285
Objects ignored:0
New critical objects:285

that's all the ad-aware log
  • 0

#4
Rawe
Posted 29 April 2005 - 07:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#5
Rawe
Posted 01 May 2005 - 09:03 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#6
famv
Posted 01 May 2005 - 12:35 PM

famv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanx man, i'll check that out too. :tazz:

well, here is the new log anyways.


Ad-Aware SE Build 1.05
Logfile Created on:Domingo, 01 de Mayo de 2005 11:50:56 a.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar.dotcomToolbar(TAC index:5):2 total references
WindUpdates(TAC index:8):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:74 %
Total physical memory:523760 kb
Available physical memory:386712 kb
Total page file size:1280660 kb
Available on page file:1207892 kb
Total virtual memory:2097024 kb
Available virtual memory:2048568 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01-05-2005 11:50:56 a.m. - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 140
ThreadCreationTime : 01-05-2005 05:49:29 p.m.
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 188
ThreadCreationTime : 01-05-2005 05:49:43 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 212
ThreadCreationTime : 01-05-2005 05:49:44 p.m.
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 256
ThreadCreationTime : 01-05-2005 05:49:49 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 268
ThreadCreationTime : 01-05-2005 05:49:49 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 420
ThreadCreationTime : 01-05-2005 05:49:54 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 480
ThreadCreationTime : 01-05-2005 05:49:56 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 540
ThreadCreationTime : 01-05-2005 05:49:59 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 736
ThreadCreationTime : 01-05-2005 05:50:24 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 836
ThreadCreationTime : 01-05-2005 05:50:37 p.m.
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : A0153265.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP222\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE


istbar.dotcomToolbar Object Recognized!
Type : File
Data : A0160617.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP236\
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : TheLocalSearch Toolbar
FileDescription : TheLocalSearch Toolbar
InternalName : TheLocalSearch
LegalCopyright : Copyright 2002
OriginalFilename : tlsbar.dll


istbar.dotcomToolbar Object Recognized!
Type : File
Data : A0160618.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP236\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect9a
OriginalFilename : redirect9a.exe


WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 12




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media access

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media access
Value : DisplayName

WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Media Access

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 20

12:17:32 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:36.563
Objects scanned:234420
Objects identified:20
Objects ignored:0
New critical objects:20
  • 0

#7
Rawe
Posted 01 May 2005 - 12:38 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok..
Now, restore your hosts file to default and post a fresh scanlog in this topic again..

- Rawe :tazz:
  • 0

#8
famv
Posted 09 May 2005 - 09:16 AM

famv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
it took me a while to post again, i've been a bit bussy.

I fixed the host problems but i'm still an error loading the p2esocks_1020.dll

here is the new log

Ad-Aware SE Build 1.05
Logfile Created on:Lunes, 09 de Mayo de 2005 08:21:33 a.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar.dotcomToolbar(TAC index:5):2 total references
Tracking Cookie(TAC index:3):28 total references
WindUpdates(TAC index:8):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:75 %
Total physical memory:523760 kb
Available physical memory:388456 kb
Total page file size:1280660 kb
Available on page file:1209380 kb
Total virtual memory:2097024 kb
Available virtual memory:2048576 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-05-2005 08:21:33 a.m. - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 140
ThreadCreationTime : 09-05-2005 02:19:55 p.m.
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 188
ThreadCreationTime : 09-05-2005 02:20:08 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 212
ThreadCreationTime : 09-05-2005 02:20:10 p.m.
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 256
ThreadCreationTime : 09-05-2005 02:20:14 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 268
ThreadCreationTime : 09-05-2005 02:20:14 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 416
ThreadCreationTime : 09-05-2005 02:20:19 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 480
ThreadCreationTime : 09-05-2005 02:20:20 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 540
ThreadCreationTime : 09-05-2005 02:20:23 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 760
ThreadCreationTime : 09-05-2005 02:21:04 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 852
ThreadCreationTime : 09-05-2005 02:21:18 p.m.
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin
Expires : 01-05-2015 06:59:02 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 03-05-2005 11:48:00 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@estat[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 06-05-2015 12:40:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@paycounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 30-12-2030 07:00:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 31-12-2010 06:00:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 04-05-2005 06:57:26 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 07-05-2010 12:44:10 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 06-05-2015 02:03:40 p.m.
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 31-12-2037 06:00:00 p.m.
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:[email protected]/
Expires : 07-05-2010 03:27:34 p.m.
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 03-05-2010 10:14:26 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@zedo[2].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:[email protected]/
Expires : 06-05-2015 02:43:52 p.m.
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 07-05-2010 12:44:08 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:34
Value : Cookie:[email protected]/
Expires : 07-05-2006 05:18:48 p.m.
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[2].txt
Category : Data Miner
Comment : Hits:185
Value : Cookie:[email protected]/
Expires : 08-05-2007 06:35:18 p.m.
LastSync : Hits:185
UseCount : 0
Hits : 185

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 03-05-2005 06:54:56 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 07-06-2005 12:56:18 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:27
Value : Cookie:[email protected]/
Expires : 01-05-2010 06:00:00 p.m.
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@maxserving[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 06-05-2015 02:59:40 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 08-05-2006 01:30:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 08-05-2006 01:30:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@inet-traffic[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 07-05-2010 02:44:16 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[2].txt
Category : Data Miner
Comment : Hits:208
Value : Cookie:[email protected]/
Expires : 29-04-2006 10:49:58 a.m.
LastSync : Hits:208
UseCount : 0
Hits : 208

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 21-06-2009 06:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@targetnet[1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 17-05-2033 09:33:20 p.m.
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@centrport[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 31-12-2029 06:00:00 p.m.
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bfast[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 08-05-2025 03:34:20 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:[email protected]/
Expires : 31-12-2030 06:00:00 p.m.
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 34



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : A0153265.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP222\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE


istbar.dotcomToolbar Object Recognized!
Type : File
Data : A0160617.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP236\
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : TheLocalSearch Toolbar
FileDescription : TheLocalSearch Toolbar
InternalName : TheLocalSearch
LegalCopyright : Copyright 2002
OriginalFilename : tlsbar.dll


istbar.dotcomToolbar Object Recognized!
Type : File
Data : A0160618.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP236\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : redirect9a
OriginalFilename : redirect9a.exe


WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 38




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Media Access

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 42

08:50:05 a.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:32.62
Objects scanned:249875
Objects identified:42
Objects ignored:0
New critical objects:42
  • 0

#9
Guest_Andy_veal_*
Posted 12 May 2005 - 04:15 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#10
Guest_Andy_veal_*
Posted 12 May 2005 - 04:15 PM

Guest_Andy_veal_*
  • Guest
Please make sure you are using the full system scan option
  • 0

#11
famv
Posted 21 May 2005 - 10:56 AM

famv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok here is the new log

Ad-Aware SE Build 1.05
Logfile Created on:Sábado, 21 de Mayo de 2005 10:14:55 a.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:58 %
Total physical memory:523760 kb
Available physical memory:302552 kb
Total page file size:1280660 kb
Available on page file:1196344 kb
Total virtual memory:2097024 kb
Available virtual memory:2048576 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


21-05-2005 10:14:55 a.m. - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 140
ThreadCreationTime : 21-05-2005 03:35:47 p.m.
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 188
ThreadCreationTime : 21-05-2005 03:36:00 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 212
ThreadCreationTime : 21-05-2005 03:36:02 p.m.
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 256
ThreadCreationTime : 21-05-2005 03:36:06 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 268
ThreadCreationTime : 21-05-2005 03:36:06 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 416
ThreadCreationTime : 21-05-2005 03:36:11 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 476
ThreadCreationTime : 21-05-2005 03:36:12 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 540
ThreadCreationTime : 21-05-2005 03:36:15 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 768
ThreadCreationTime : 21-05-2005 03:37:07 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1124
ThreadCreationTime : 21-05-2005 04:14:46 p.m.
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : A0168096.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP246\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

10:41:38 a.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:43.235
Objects scanned:237100
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#12
Guest_Andy_veal_*
Posted 21 May 2005 - 06:45 PM

Guest_Andy_veal_*
  • Guest
Hello again

I have reviewed your logfile and all that is detected is safe to remove, should you wish to do so:

It seems all your infected items are now just within your system restore folder:

To finish cleaning your computer, you will have to turn off System restore, to clear the folder and then to turn it back on.

IMPORTANT NOTES:

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.


NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

To turn off Windows XP System Restore:

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Then could you run a full system scan.... And then post it here

Hope this helps and all the best

Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP