Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wsaupdater (login loop) look-alike?

Started by tel33 , Apr 29 2005 12:47 PM

  • This topic is locked This topic is locked

#1
tel33
Posted 29 April 2005 - 12:47 PM

tel33

    New Member

  • Member
  • Pip
  • 2 posts
Hi,
I'm new to this forum so please excuse any incorrect protocol.
Used the latest up to date Ad-aware to scan pc and suffered the login loop usually associated with wsaupdater. This time the wsaupdater fix didn't work, had to do the long winded previous registry restore to recover. Wasn't helped by Lavasoft help forum being closed down.
Posted the log in the hope that someone recognises the culprit? Any suggestions gratefully received.
Thanks
Tel


Ad-Aware SE Build 1.05
Logfile Created on:29 April 2005 07:53:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
DyFuCA(TAC index:3):3 total references
EzuLa(TAC index:6):3 total references
Lycos Sidesearch(TAC index:7):10 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Powerscan(TAC index:5):2 total references
SideFind(TAC index:5):45 total references
Tracking Cookie(TAC index:3):2 total references
Win32.TrojanClicker(TAC index:6):16 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650

29-04-2005 07:46:13 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


29-04-2005 07:46:21 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:46 %
Total physical memory:785904 kb
Available physical memory:354340 kb
Total page file size:1529764 kb
Available on page file:1201020 kb
Total virtual memory:2097024 kb
Available virtual memory:2029144 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


29-04-2005 07:53:48 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 780
ThreadCreationTime : 28-04-2005 20:55:50
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 844
ThreadCreationTime : 28-04-2005 20:55:55
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 880
ThreadCreationTime : 28-04-2005 20:55:56
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 924
ThreadCreationTime : 28-04-2005 20:55:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 936
ThreadCreationTime : 28-04-2005 20:55:58
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1112
ThreadCreationTime : 28-04-2005 20:56:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1260
ThreadCreationTime : 28-04-2005 20:56:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1456
ThreadCreationTime : 28-04-2005 20:56:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1520
ThreadCreationTime : 28-04-2005 20:56:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1648
ThreadCreationTime : 28-04-2005 20:56:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1968
ThreadCreationTime : 28-04-2005 20:56:14
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1992
ThreadCreationTime : 28-04-2005 20:56:14
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 2024
ThreadCreationTime : 28-04-2005 20:56:14
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [dvdramsv.exe]
ModuleName : C:\WINDOWS\System32\DVDRAMSV.exe
Command Line : C:\WINDOWS\System32\DVDRAMSV.exe
ProcessID : 216
ThreadCreationTime : 28-04-2005 20:56:14
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : DVD-RAM Utility Helper Service
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2004
OriginalFilename : DVDRAMSV.EXE

#:15 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 252
ThreadCreationTime : 28-04-2005 20:56:14
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:16 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 284
ThreadCreationTime : 28-04-2005 20:56:15
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 696
ThreadCreationTime : 28-04-2005 20:56:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wt32exe.exe]
ModuleName : C:\WINDOWS\System32\Wt32exe.exe
Command Line : C:\WINDOWS\System32\Wt32exe.exe
ProcessID : 428
ThreadCreationTime : 28-04-2005 20:56:20
BasePriority : Realtime
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 0, 0, 1
ProductName : Aiptek wt32exe
CompanyName : Aiptek
FileDescription : wt32exe
InternalName : wt32exe
LegalCopyright : Copyright c 2000
OriginalFilename : wt32exe.exe

#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 796
ThreadCreationTime : 28-04-2005 20:56:20
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [pdsched.exe]
ModuleName : d:\Program Files\Raxco\PerfectDisk\PDSched.exe
Command Line : "d:\Program Files\Raxco\PerfectDisk\PDSched.exe"
ProcessID : 1212
ThreadCreationTime : 28-04-2005 20:56:23
BasePriority : Normal
FileVersion : 6, 0, 0, 34
ProductVersion : 6, 0, 0, 34
ProductName : PDSched Module
CompanyName : Raxco Software, Inc.
FileDescription : PDSched Module
InternalName : PDSched
LegalCopyright : Copyright © 2003
OriginalFilename : PDSched.exe

#:21 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1468
ThreadCreationTime : 28-04-2005 20:56:25
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [amoumain.exe]
ModuleName : D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
Command Line : "D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"
ProcessID : 2440
ThreadCreationTime : 28-04-2005 20:56:47
BasePriority : Normal
FileVersion : 7.46.0.0
ProductVersion : 7.46.0.0
ProductName : A4Tech iWheelWorks Mouse Driver
CompanyName : A4Tech Co.,Ltd.
FileDescription : Amoumain
InternalName : Amoumain
LegalCopyright : Copyright © A4Tech Co.,Ltd. 1999-2003
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Amoumain.exe
Comments : A4Tech iWheelWorks Mouse Driver

#:23 [daemon.exe]
ModuleName : D:\Program Files\D-Tools\daemon.exe
Command Line : "D:\Program Files\D-Tools\daemon.exe" -lang 1033
ProcessID : 2516
ThreadCreationTime : 28-04-2005 20:56:49
BasePriority : Normal


#:24 [mixer.exe]
ModuleName : C:\WINDOWS\Mixer.exe
Command Line : "C:\WINDOWS\Mixer.exe" /startup
ProcessID : 2572
ThreadCreationTime : 28-04-2005 20:56:50
BasePriority : Normal
FileVersion : 1.58
ProductVersion : 1.58
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih ([email protected])

#:25 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2840
ThreadCreationTime : 28-04-2005 19:56:54
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:26 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 2888
ThreadCreationTime : 28-04-2005 19:56:56
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:27 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\System32\RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ProcessID : 2972
ThreadCreationTime : 28-04-2005 19:56:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:28 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 3024
ThreadCreationTime : 28-04-2005 19:56:57
BasePriority : Normal


#:29 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 3116
ThreadCreationTime : 28-04-2005 19:56:59
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:30 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 3276
ThreadCreationTime : 28-04-2005 19:57:04
BasePriority : Normal


#:31 [pcalert4.exe]
ModuleName : C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
Command Line : "C:\Program Files\MSI\PC Alert 4\PCAlert4.exe"
ProcessID : 3516
ThreadCreationTime : 28-04-2005 19:57:09
BasePriority : Normal
FileVersion : 4, 0, 7, 2
ProductVersion : 4, 0, 7, 2
ProductName : PCAlert4 Application
FileDescription : PCAlert4 MFC Application
InternalName : PCAlert4
LegalCopyright : Copyright © 2002
OriginalFilename : PCAlert4.EXE

#:32 [onenotem.exe]
ModuleName : D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
Command Line : "D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE" /tsr
ProcessID : 3580
ThreadCreationTime : 28-04-2005 19:57:11
BasePriority : Normal


#:33 [stickies.exe]
ModuleName : D:\Program Files\stickies\stickies.exe
Command Line : "D:\Program Files\stickies\stickies.exe"
ProcessID : 3612
ThreadCreationTime : 28-04-2005 19:57:12
BasePriority : Normal
FileVersion : 5.0a
ProductVersion : 5.0a
ProductName : Stickies
FileDescription : Stickies 5.0a
InternalName : Stickies
LegalCopyright : Copyright © Tom Revell 2004
OriginalFilename : stickies.exe

#:34 [client01.exe]
ModuleName : D:\Program Files\DigiGuide TV Guide\client01.exe
Command Line : "D:\Program Files\DigiGuide TV Guide\Client.exe"
ProcessID : 4044
ThreadCreationTime : 28-04-2005 19:57:33
BasePriority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : Client01
CompanyName : GipsyMedia Limited
FileDescription : DigiGuide - The best interactive TV guide ever!
InternalName : Client01
LegalCopyright : Copyright ©1999-2002 GipsyMedia Limited
LegalTrademarks : DigiGuide and the DigiGuide logo are trademarks of GipsyMedia Limited. All rights reserved.
OriginalFilename : Client01
Comments : Visit www.digiguide.com for more information.

#:35 [mstsc.exe]
ModuleName : C:\WINDOWS\System32\mstsc.exe
Command Line : mstsc.exe "C:\Documents and Settings\Administrator.GAMES-PC\My Documents\Work PC.rdp"
ProcessID : 2720
ThreadCreationTime : 28-04-2005 20:54:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Desktop Connection
InternalName : mstsc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mstsc.exe

#:36 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 2908
ThreadCreationTime : 29-04-2005 06:33:02
BasePriority : Normal


#:37 [dumeter.exe]
ModuleName : D:\Program Files\DU Meter\DUMeter.exe
Command Line : "D:\Program Files\DU Meter\DUMeter.exe"
ProcessID : 856
ThreadCreationTime : 29-04-2005 06:43:46
BasePriority : Normal
FileVersion : 3.07 Build 200
ProductVersion : 3.07 Build 200
ProductName : DU Meter
CompanyName : Hagel Technologies
FileDescription : DU Meter
InternalName : DU Meter
LegalCopyright : Copyright © 1997-2004 Hagel Technologies
OriginalFilename : DUMETER.EXE

#:38 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 264
ThreadCreationTime : 29-04-2005 06:45:16
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
Value :

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{68831d00-169e-4feb-89b9-e099df439321}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{68831d00-169e-4feb-89b9-e099df439321}
Value :

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-842925246-823518204-839522115-500\software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-842925246-823518204-839522115-500\software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}
Value : Version

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}
Value : ComponentID

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}
Value : (Standard)

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}
Value : StubPath

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{77566c2a-2987-44bc-ac81-a02d19ee271b}
Value : Version

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-842925246-823518204-839522115-500\software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-842925246-823518204-839522115-500\software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}
Value : Version

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}
Value : CommSEC

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}
Value : (Standard)

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}
Value : StubPath

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\active setup\installed components\{c0dadd7e-d3f1-430d-b735-39dc6033592c}
Value : Version

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : Default Visible

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : ButtonText

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : HotIcon

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : Icon

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : CLSID

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : BandCLSID

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : webautosearch

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{1bb87441-6b7f-4b60-885c-b7af9f9afde3}

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c5183abc-eb6e-4e05-b8c9-500a16b6cf94}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind
Value : DisplayName

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind
Value : UninstallString

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : account_id

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathBHO

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathDLL

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathXML

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathEXE

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : InstallDate

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : SearchSite

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : update

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : ver

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : IntervalBetweenShows

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : show

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : NextShow

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 63
Objects found so far: 63


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : HelpLink

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 69


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 22-04-2010 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 22-06-2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 71



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : File
Data : A0050956.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{60C55ECB-12EC-4ABB-AA4C-B394E8D995EB}\RP268\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL


DyFuCA Object Recognized!
Type : File
Data : A0050957.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{60C55ECB-12EC-4ABB-AA4C-B394E8D995EB}\RP268\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL


DyFuCA Object Recognized!
Type : File
Data : A0050958.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{60C55ECB-12EC-4ABB-AA4C-B394E8D995EB}\RP268\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright © 2004
OriginalFilename : Power-Scan.exe


BargainBuddy Object Recognized!
Type : File
Data : A0050962.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{60C55ECB-12EC-4ABB-AA4C-B394E8D995EB}\RP268\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 75


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 75


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 75


Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 75


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : DisplayName

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : UninstallString

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoModify

Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoRepair

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Win32.TrojanClicker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit

Powerscan Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 88

08:09:42 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:53.922
Objects scanned:257743
Objects identified:89
Objects ignored:0
New critical objects:89
  • 0

Advertisements

#2
Rawe
Posted 29 April 2005 - 01:52 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
tel33
Posted 01 May 2005 - 10:33 PM

tel33

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Rawe,
Thanks for your reply to my problem.
I followed your procedure precisely, but when it came to rebooting after carrying out "safemode scan" I had the same old problem of not being able to login (wsaupdater symptoms). I had to do the tedious registry restore procedure again to get back.
Perhaps, from my previous posting, you could suggest which adware would be most likely culprit?
Also, I was a little confused by part of your instruction "Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not launch any programs or connect to the internet at this time." Although I didn't get this far, how would I post the results if I couldn't run any programs or connect to the internet?
Regards
Tel
  • 0

#4
Rawe
Posted 01 May 2005 - 11:30 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
It means that don't connect to the internet when scanning... And when the scan finishes, just connect to the internet and post a fresh log.

- Rawe :tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP