Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 7:10:49 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):2 total references
EzuLa(TAC index:6):1 total references
MemoryWatcher(TAC index:4):2 total references
Tracking Cookie(TAC index:3):39 total references
TurboDownload(TAC index:8):1 total references
WindUpdates(TAC index:8):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
4-29-2005 7:07:11 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
4-29-2005 7:07:31 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:13 %
Total physical memory:129328 kb
Available physical memory:15948 kb
Total page file size:307516 kb
Available on page file:84720 kb
Total virtual memory:2097024 kb
Available virtual memory:2042212 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-29-2005 7:10:49 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 168
ThreadCreationTime : 4-28-2005 5:58:08 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 4-28-2005 5:58:14 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 4-28-2005 5:58:15 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 244
ThreadCreationTime : 4-28-2005 5:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 256
ThreadCreationTime : 4-28-2005 5:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 440
ThreadCreationTime : 4-28-2005 5:58:24 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 452
ThreadCreationTime : 4-28-2005 5:58:26 PM
BasePriority : Normal
FileVersion : 5.4.4.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:8 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 484
ThreadCreationTime : 4-28-2005 5:58:27 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 552
ThreadCreationTime : 4-28-2005 5:58:28 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:10 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 684
ThreadCreationTime : 4-28-2005 5:58:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:11 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 712
ThreadCreationTime : 4-28-2005 5:58:31 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:12 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 744
ThreadCreationTime : 4-28-2005 5:58:31 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:13 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 792
ThreadCreationTime : 4-28-2005 5:58:32 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 848
ThreadCreationTime : 4-28-2005 5:58:33 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:15 [launcher.exe]
FilePath : C:\Program Files\Dantz\Retrospect\
ProcessID : 920
ThreadCreationTime : 4-28-2005 5:58:39 PM
BasePriority : Normal
FileVersion : 5.15
ProductVersion : 5.15
ProductName : Retrospect
CompanyName : Dantz Development Corporation
FileDescription : Retrospect Launcher
InternalName :
LegalCopyright : Copyright Dantz 1996-2000
LegalTrademarks : Dantz® Retrospect®
OriginalFilename : Launcher.exe
#:16 [savscan.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 976
ThreadCreationTime : 4-28-2005 5:58:43 PM
BasePriority : Normal
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:17 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1004
ThreadCreationTime : 4-28-2005 5:58:46 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:18 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1028
ThreadCreationTime : 4-28-2005 5:58:49 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:19 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1144
ThreadCreationTime : 4-28-2005 5:58:53 PM
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:20 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1124
ThreadCreationTime : 4-28-2005 5:58:59 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:21 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1216
ThreadCreationTime : 4-28-2005 6:15:38 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:22 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 984
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 9.01.78
ProductVersion : 9.01
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:23 [directcd.exe]
FilePath : C:\PROGRA~1\Adaptec\DirectCD\
ProcessID : 1628
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 3.01d (177)
ProductVersion : 3.01d (177)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2000 Adaptec, Inc.
OriginalFilename : DirectCD.EXE
#:24 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1032
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe
#:25 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 344
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1760
ThreadCreationTime : 4-28-2005 6:15:40 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:27 [aim.exe]
FilePath : C:\PROGRA~1\AIM95\
ProcessID : 1416
ThreadCreationTime : 4-28-2005 6:15:43 PM
BasePriority : Normal
FileVersion : 4.3.2229
ProductVersion : 4.3.2229
ProductName : AOL Instant Messenger (SM)
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger (SM)
InternalName : AIM
LegalCopyright : Copyright © 1996-2000 America Online, Inc.
OriginalFilename : AIM.EXE
#:28 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 1356
ThreadCreationTime : 4-28-2005 6:16:24 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:29 [qbupdate.exe]
FilePath : C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\
ProcessID : 540
ThreadCreationTime : 4-28-2005 6:16:24 PM
BasePriority : Normal
FileVersion : 12.0 R10
ProductVersion : 12.0 R10
ProductName : QuickBooks
CompanyName : Intuit, Inc.
FileDescription : QBUpdate Module
InternalName : QBUpdate
LegalCopyright : Copyright © Intuit, Inc. 1993-2003.
OriginalFilename : QBUpdate.exe
#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1184
ThreadCreationTime : 4-28-2005 10:47:32 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [acrord32.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Reader\
ProcessID : 1852
ThreadCreationTime : 4-28-2005 11:43:11 PM
BasePriority : Normal
FileVersion : 5.0.5.2001092400
ProductVersion : 5.0.5.0
ProductName : Adobe Acrobat Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Acrobat Reader 5.0
LegalCopyright : Copyright 1984-2001 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe
#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1976
ThreadCreationTime : 4-29-2005 12:06:10 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaaccess.installer
Value :
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 4-28-2006 7:10:46 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-26-2010 6:56:50 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-27-2005 6:56:50 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 4-26-2010 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:[email protected]/
Expires : 4-28-2006 5:48:12 PM
LastSync : Hits:29
UseCount : 0
Hits : 29
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-25-2020 6:57:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-26-2008 9:44:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin
Expires : 4-26-2015 12:36:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 2-27-2015 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@overture[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 4-26-2015 7:08:30 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@hitbox[2].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 4-28-2006 5:48:12 PM
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 21
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
TurboDownload Object Recognized!
Type : File
Data : setup_td.exe
Category : Data Miner
Comment :
Object : C:\
EzuLa Object Recognized!
Type : File
Data : ezStub.exe
Category : Data Miner
Comment :
Object : C:\
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : EARNStatBlaster2
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@qksrv[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@qksrv[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tmpad[1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@tmpad[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@hitbox[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@hitbox[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bfast[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@bfast[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@ezcybersearch[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@ezcybersearch[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@fastclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@x10[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\COOKIES\administrator@x10[1].txt
ClickSpring Object Recognized!
Type : File
Data : !update.0000
Category : Malware
Comment :
Object : C:\Documents and Settings\Al\Application Data\rwch\
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@overture[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : al@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\al@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Al\COOKIES\[email protected][2].txt
MemoryWatcher Object Recognized!
Type : File
Data : MemWatcher2.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Default User\My Documents\Data\Data\
MemoryWatcher Object Recognized!
Type : File
Data : MemWatcher2.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Default User\My Documents\Data\
ClickSpring Object Recognized!
Type : File
Data : !update.exe
Category : Malware
Comment :
Object : C:\Program Files\Media\Media\
FileVersion : 1, 0, 0, 1018
ProductVersion : 1.0
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 53
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\loaderx.exe
Value : AppID
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Media Access
WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Media Access
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 60
7:22:43 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:53.646
Objects scanned:94736
Objects identified:60
Objects ignored:0
New critical objects:60