Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AdAware Log[RESOLVED]

Started by ShoalBear , Apr 29 2005 10:36 PM

  • This topic is locked This topic is locked

#1
ShoalBear
Posted 29 April 2005 - 10:36 PM

ShoalBear

    Member

  • Member
  • PipPipPip
  • 212 posts
:tazz: I read the posting on the Hijackthis forum (it said to have this evaluated by you experts here first)....I followed those instructions. Here is my log after I ran the AdAware initially:


Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 10:27:48 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):33 total references
Alexa(TAC index:5):2 total references
AltnetBDE(TAC index:4):25 total references
BargainBuddy(TAC index:8):6 total references
BlazeFind(TAC index:5):5 total references
BonziBuddy(TAC index:7):3 total references
BrilliantDigital(TAC index:6):9 total references
Claria(TAC index:7):37 total references
Ebates MoneyMaker(TAC index:4):2 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
eUniverse(TAC index:10):11 total references
Hi-Wire(TAC index:4):89 total references
IBIS Toolbar(TAC index:5):10 total references
IGetNet(TAC index:8):2 total references
MediaMotor(TAC index:8):8 total references
MicroGaming(TAC index:4):5 total references
MRU List(TAC index:0):181 total references
Other(TAC index:5):4 total references
Possible Browser Hijack attempt(TAC index:3):23 total references
SahAgent(TAC index:9):15 total references
Search Relevancy(TAC index:5):7 total references
Softomate Toolbar(TAC index:9):6 total references
TopMoxie(TAC index:3):4 total references
Tracking Cookie(TAC index:3):137 total references
WindUpdates(TAC index:8):28 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

4-29-2005 10:21:53 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


4-29-2005 10:22:11 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:1047272 kb
Available physical memory:562732 kb
Total page file size:2499240 kb
Available on page file:1945964 kb
Total virtual memory:2097024 kb
Available virtual memory:2041212 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-29-2005 10:27:49 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 4-24-2005 11:34:04 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 4-24-2005 11:34:06 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 4-24-2005 11:34:07 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 4-24-2005 11:34:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4-24-2005 11:34:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 784
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 832
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 900
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1044
ThreadCreationTime : 4-24-2005 11:34:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1240
ThreadCreationTime : 4-24-2005 11:34:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [agentsrv.exe]
ModuleName : C:\Program Files\Connected\AgentSrv.EXE
Command Line : "C:\Program Files\Connected\AgentSrv.EXE" -asv
ProcessID : 1544
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Idle
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:13 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1568
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal


#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1592
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1644
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1688
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:17 [upssrv.exe]
ModuleName : C:\PowerPanel\upssrv.exe
Command Line : C:\PowerPanel\upssrv.exe
ProcessID : 1704
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : Power Panel ( Plus )
CompanyName : Cyber Power System Inc.
FileDescription : UPS Service
InternalName : upssrv.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upssrv.exe

#:18 [upsio.exe]
ModuleName : C:\PowerPanel\upsio.exe
Command Line : 1 0
ProcessID : 1752
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Realtime
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : PowerPanel (Plus)
CompanyName : Cyber Power System Inc.
FileDescription : upsio
InternalName : upsio.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upsio.exe

#:19 [inetinfo.exe]
ModuleName : C:\WINDOWS\system32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\system32\inetsrv\inetinfo.exe
ProcessID : 1780
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:20 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1832
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1900
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 164
ThreadCreationTime : 4-24-2005 11:34:22 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:23 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 408
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:24 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 420
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 536
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:26 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 792
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:27 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1176
ThreadCreationTime : 4-24-2005 11:34:24 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:28 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1388
ThreadCreationTime : 4-24-2005 11:34:25 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:29 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2372
ThreadCreationTime : 4-24-2005 11:34:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:30 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2880
ThreadCreationTime : 4-24-2005 11:34:44 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:31 [smax4pnp.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
ProcessID : 3020
ThreadCreationTime : 4-24-2005 11:34:51 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:32 [smax4.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\smax4.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
ProcessID : 3036
ThreadCreationTime : 4-24-2005 11:34:52 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 25
ProductVersion : 4, 0, 4, 25
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright © 2002-2003, Analog Devices
OriginalFilename : SMax4.EXE

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\Program Files\Analog Devices\SoundMAX\smax4.exe"Process terminated successfully

#:33 [gwhotkey.exe]
ModuleName : C:\WINDOWS\GWHotKey.exe
Command Line : "C:\WINDOWS\GWHotKey.exe"
ProcessID : 3072
ThreadCreationTime : 4-24-2005 11:34:52 PM
BasePriority : Normal
FileVersion : 4.4.1
ProductVersion : 4.4.1
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : Tartan Software www.BillP.com
FileDescription : Multi-function Keyboard Utility By Bill Pytlovany
LegalCopyright : Copyright © 1997-1998 Gateway 2000 Inc.
Comments : "You've got a friend in the business"

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\WINDOWS\GWHotKey.exe"Process terminated successfully

#:34 [hpztsb06.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe"
ProcessID : 3192
ThreadCreationTime : 4-24-2005 11:34:54 PM
BasePriority : Normal
FileVersion : 2,133,0,0
ProductVersion : 2,133,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe"Process terminated successfully

#:35 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 3356
ThreadCreationTime : 4-24-2005 11:34:55 PM
BasePriority : Normal
FileVersion : 9.76.046
ProductVersion : 9.76.046
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:36 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 3388
ThreadCreationTime : 4-24-2005 11:34:56 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:37 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 3404
ThreadCreationTime : 4-24-2005 11:34:56 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:38 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 3420
ThreadCreationTime : 4-24-2005 11:34:57 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:39 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 3428
ThreadCreationTime : 4-24-2005 11:34:57 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"Process terminated successfully

#:40 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 3460
ThreadCreationTime : 4-24-2005 11:34:58 PM
BasePriority : Normal
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"Process terminated successfully

#:41 [winstat.exe]
ModuleName : C:\Program Files\Windows AdStatus\WinStat.exe
Command Line : "C:\Program Files\Windows AdStatus\WinStat.exe"
ProcessID : 3472
ThreadCreationTime : 4-24-2005 11:34:59 PM
BasePriority : Normal

Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdStatus\WinStat.exe)

WindUpdates Object Recognized!
Type : Process
Data : WinStat.exe
Category : Malware
Comment :
Object : C:\Program Files\Windows AdStatus\


"C:\Program Files\Windows AdStatus\WinStat.exe"Process terminated successfully
"C:\Program Files\Windows AdStatus\WinStat.exe"Process terminated successfully

#:42 [p2p networking.exe]
ModuleName : C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 3508
ThreadCreationTime : 4-24-2005 11:34:59 PM
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"Process terminated successfully

#:43 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 3520
ThreadCreationTime : 4-24-2005 11:35:00 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)


#:44 [ar9e5tag.exe]
ModuleName : C:\WINDOWS\system32\ar9e5tag.exe
Command Line : "C:\WINDOWS\system32\ar9e5tag.exe"
ProcessID : 3568
ThreadCreationTime : 4-24-2005 11:35:01 PM
BasePriority : Normal
FileVersion : 4, 0, 1, 1
ProductVersion : 4, 0, 1, 1

SahAgent Object Recognized!
Type : Process
Data : ar9e5tag.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 1, 1
ProductVersion : 4, 0, 1, 1

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\ar9e5tag.exe)

"C:\WINDOWS\system32\ar9e5tag.exe"Process terminated successfully
"C:\WINDOWS\system32\ar9e5tag.exe"Process terminated successfully

#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3588
ThreadCreationTime : 4-24-2005 11:35:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)

"C:\WINDOWS\system32\ctfmon.exe"Process terminated successfully

#:46 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 3608
ThreadCreationTime : 4-24-2005 11:35:02 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:47 [aim.exe]
ModuleName : C:\Program Files\AIM95\aim.exe
Command Line : "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
ProcessID : 3624
ThreadCreationTime : 4-24-2005 11:35:02 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:48 [cbsystray.exe]
ModuleName : C:\Program Files\Connected\CBSysTray.exe
Command Line : "C:\Program Files\Connected\CBSysTray.exe"
ProcessID : 3660
ThreadCreationTime : 4/24/2005 11:35:03 PM
BasePriority : Normal
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Connected DataProtector System Tray
InternalName : CBSysTray
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : CBSysTray.exe

#:49 [dvzincmsgr.exe]
ModuleName : C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Command Line : "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe"
ProcessID : 3668
ThreadCreationTime : 4/24/2005 11:35:03 PM
BasePriority : Normal
FileVersion : 6,0,1,723
ProductVersion : 6,0,1,723
ProductName : Documents To Go
CompanyName : DataViz, Inc.
FileDescription : DataViz Update Checker
InternalName : Web Savvy Agent
LegalCopyright : Copyright © 1998-2004 by DataViz, Inc.
OriginalFilename : WebSavvyAgent.exe
Comments : This component checks for updates of DataViz products.

#:50 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 3688
ThreadCreationTime : 4/24/2005 11:35:06 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:51 [memturbo.exe]
ModuleName : C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
Command Line : "C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe" /starthidden
ProcessID : 3696
ThreadCreationTime : 4/24/2005 11:35:06 PM
BasePriority : Normal

ProductName : MemTurbo Application
CompanyName : SharewareOnline.com, Inc.
FileDescription : MemTurbo
InternalName : MemTurbo
LegalCopyright : Copyright © 1998-2000
LegalTrademarks : MemTurbo, RAMScrub
OriginalFilename : MemTurbo.EXE
Comments : http://www.memturbo.com

#:52 [winstatkeep.exe]
ModuleName : C:\Program Files\Windows AdStatus\WinStatKeep.exe
Command Line : "C:\Program Files\Windows AdStatus\WinStatKeep.exe"
ProcessID : 3772
ThreadCreationTime : 4/24/2005 11:35:11 PM
BasePriority : Normal

Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdStatus\WinStatKeep.exe)

WindUpdates Object Recognized!
Type : Process
Data : WinStatKeep.exe
Category : Malware
Comment :
Object : C:\Program Files\Windows AdStatus\


"C:\Program Files\Windows AdStatus\WinStatKeep.exe"Process terminated successfully
"C:\Program Files\Windows AdStatus\WinStatKeep.exe"Process terminated successfully

#:53 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1948
ThreadCreationTime : 4/24/2005 11:37:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:54 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 504
ThreadCreationTime : 4/25/2005 12:57:03 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:55 [mnybbsvc.exe]
ModuleName : C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe
Command Line : "C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe"
ProcessID : 2044
ThreadCreationTime : 4/25/2005 2:40:24 PM
BasePriority : Normal
FileVersion : 14.00.1105 built by: mnybuild
ProductVersion : 14.00.1105
ProductName : Microsoft® Money
CompanyName : Microsoft® Corporation
FileDescription : Microsoft Money Background Banking Service
InternalName : mnybbsvc
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
OriginalFilename : mnybbsvc.exe

#:56 [mypointspointalert1.exe]
ModuleName : C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe
Command Line : "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe"
ProcessID : 2136
ThreadCreationTime : 4/27/2005 5:02:29 AM
BasePriority : Normal


#:57 [aolsps~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE"
ProcessID : 732
ThreadCreationTime : 4/29/2005 2:59:58 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:58 [mypointspointalert0.exe]
ModuleName : C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
Command Line : "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
ProcessID : 5196
ThreadCreationTime : 4/29/2005 6:03:40 PM
BasePriority : Normal


TopMoxie Object Recognized!
Type : Process
Data : MyPointsPointAlert0.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\MyPoints_PointAlert\


Warning! TopMoxie Object found in memory(C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe)

"C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"Process terminated successfully
"C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"Process terminated successfully

#:59 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ypager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ypager.exe"
ProcessID : 4912
ThreadCreationTime : 4/29/2005 11:00:18 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:60 [sapisvr.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe"
ProcessID : 5584
ThreadCreationTime : 4/29/2005 11:00:19 PM
BasePriority : Normal
FileVersion : 5.1.4111.00 (XPClient.010817-1148)
ProductVersion : 5.1.4111.00
ProductName : Microsoft® Windows™ Operating System
CompanyName : Microsoft Corporation
FileDescription : SAPISVR 5
InternalName : SAPISVR5
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SAPISVR5

#:61 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
ProcessID : 2324
ThreadCreationTime : 4/29/2005 11:35:15 PM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:62 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 5636
ThreadCreationTime : 4/30/2005 3:21:38 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 18


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}
Value :

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}
Value : AppID

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11032fc2-c2f4-11d3-ad67-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
  • 0

Advertisements

#2
ShoalBear
Posted 29 April 2005 - 10:41 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11032fc2-c2f4-11d3-ad67-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11032fc2-c2f5-11d3-ad67-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11032fc2-c2f5-11d3-ad67-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{315ffe67-cebe-11d3-ad70-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{315ffe67-cebe-11d3-ad70-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5ca9d47f-4bbc-45e0-815f-670ae736a678}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5ca9d47f-4bbc-45e0-815f-670ae736a678}
Value :

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5ca9d47f-4bbc-45e0-815f-670ae736a678}
Value : AppID

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5dcde22e-e64f-11d3-ad74-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5dcde22e-e64f-11d3-ad74-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5dcde22e-e650-11d3-ad74-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5dcde22e-e650-11d3-ad74-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80f1b906-d066-11d3-ad70-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80f1b906-d066-11d3-ad70-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bcddab74-c3a8-11d3-ad69-009027b8adbc}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bcddab74-c3a8-11d3-ad69-009027b8adbc}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398a-8e21-4505-8bd7-784a4e9ac659}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398a-8e21-4505-8bd7-784a4e9ac659}
Value :

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398a-8e21-4505-8bd7-784a4e9ac659}
Value : AppID

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398b-8e21-4505-8bd7-784a4e9ac659}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398b-8e21-4505-8bd7-784a4e9ac659}
Value :

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398b-8e21-4505-8bd7-784a4e9ac659}
Value : AppID

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398c-8e21-4505-8bd7-784a4e9ac659}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398c-8e21-4505-8bd7-784a4e9ac659}
Value :

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c357398c-8e21-4505-8bd7-784a4e9ac659}
Value : AppID

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adplayer

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adplayer
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adplayer.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adplayer.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adscheduler

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adscheduler
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adscheduler.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.adscheduler.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.audioplayers

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.audioplayers
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.audioplayers.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.audioplayers.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.radioplayers

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.radioplayers
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.radioplayers.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.radioplayers.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.realadplayer

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.realadplayer
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.realadplayer.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.realadplayer.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.rreventmanager

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.rreventmanager
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.rreventmanager.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwadinsertion.rreventmanager.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwwebplayer.webplayer

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwwebplayer.webplayer
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwwebplayer.webplayer.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hwwebplayer.webplayer.1
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : rmactivex.rmplayer

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : rmactivex.rmplayer
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : rmactivex.rmplayer.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : rmactivex.rmplayer.1
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{08e05ee1-5ee9-11d4-9caf-00d0b76063fd}

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{96b2d8d3-e66d-11d3-ad74-009027b8adbc}

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1645522239-436374069-842925246-1003\\software\hiwire

Other Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\aveo

Other Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\aveo

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\brilliant digital entertainment

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\hiwire

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1645522239-436374069-842925246-1003\software\hiwire

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\syncroadx.installer
Value :

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microgaming

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microgaming

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microgaming

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microgaming

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1645522239-436374069-842925246-1003\software\microgaming

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\ncase

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\ncase
Value : SlowInfoCache

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\ncase
Value : Changed

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : Install_Dir

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : EXEName

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : VersionNumber

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : cid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : installDate

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : puid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : LastUpdateAttempt

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 134
Objects found so far: 152


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse "http://www.gamehouse.com"
Category : Data Miner
Comment : (http://www.gamehouse.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Collapse! Deluxe from GameHouse
Value : DisplayIcon

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out! "http://www.gamehouse.com/"
Category : Data Miner
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Super Bounce Out!
Value : DisplayIcon

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll
Value : .Owner

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinStatX.dll
Value : {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}

WindUpdates Object Recognized!
Type : File
Data : /windows/downloaded program files/winstatx.dll
Category : Malware
Comment :
Object : c:\


Possible Browser Hijack attempt : {E0CE16CB-741C-4B24-8D04-A817856E07F4} (http://cabs.media-mo.../cabs/alien.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-mo.../cabs/alien.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-mo.../cabs/alien.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}
Value : SystemComponent

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://cabs.media-mo.../cabs/alien.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E0CE16CB-741C-4B24-8D04-A817856E07F4}
Value : Installer

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Windows AdStatus"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Windows AdStatus

WindUpdates Object Recognized!
Type : File
Data : winstat.exe
Category : Malware
Comment :
Object : c:\program files\windows adstatus\



WindUpdates Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\WinStatX.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\WinStatX.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 26
Objects found so far: 180

Skipping MRU List Objects.....
  • 0

#3
ShoalBear
Posted 29 April 2005 - 10:44 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Again, I am Skipping MRU List Objects.....

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bluestreak[2].txt
Category : Data Miner
Comment : Hits:166
Value : Cookie:kari-lyn [email protected]/
Expires : 4/26/2015 3:57:14 AM
LastSync : Hits:166
UseCount : 0
Hits : 166

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@euniverseads[1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2010 7:00:00 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@247realmedia[1].txt
Category : Data Miner
Comment : Hits:49
Value : Cookie:kari-lyn [email protected]/
Expires : 2/23/2006 11:44:04 AM
LastSync : Hits:49
UseCount : 0
Hits : 49

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@trafficmp[2].txt
Category : Data Miner
Comment : Hits:381
Value : Cookie:kari-lyn [email protected]/
Expires : 10/21/2005 7:10:10 AM
LastSync : Hits:381
UseCount : 0
Hits : 381

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 1/9/2005 1:37:42 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[5].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:kari-lyn [email protected]/HTM/621/0
Expires : 2/4/2006 10:16:14 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@ad-logics[3].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:kari-lyn [email protected]/
Expires : 10/18/2014 10:30:30 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[5].txt
Category : Data Miner
Comment : Hits:4793
Value : Cookie:kari-lyn [email protected]/
Expires : 4/28/2010 9:48:00 PM
LastSync : Hits:4793
UseCount : 0
Hits : 4793

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[4].txt
Category : Data Miner
Comment : Hits:256
Value : Cookie:kari-lyn [email protected]/
Expires : 10/30/2014 8:36:28 AM
LastSync : Hits:256
UseCount : 0
Hits : 256

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@realmedia[4].txt
Category : Data Miner
Comment : Hits:377
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2010 7:00:00 PM
LastSync : Hits:377
UseCount : 0
Hits : 377

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[9].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:kari-lyn [email protected]/cgi-bin
Expires : 4/16/2015 10:46:26 PM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@domainsponsor[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:kari-lyn [email protected]/
Expires : 4/26/2005 8:55:22 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:70
Value : Cookie:kari-lyn [email protected]/
Expires : 10/23/2005 2:12:30 PM
LastSync : Hits:70
UseCount : 0
Hits : 70

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@apmebf[1].txt
Category : Data Miner
Comment : Hits:69
Value : Cookie:kari-lyn [email protected]/
Expires : 4/27/2010 5:36:44 PM
LastSync : Hits:69
UseCount : 0
Hits : 69

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:125
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2037 7:00:00 PM
LastSync : Hits:125
UseCount : 0
Hits : 125

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tripod[5].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:kari-lyn [email protected]/
Expires : 4/15/2006 6:27:44 PM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@maxserving[1].txt
Category : Data Miner
Comment : Hits:92
Value : Cookie:kari-lyn [email protected]/
Expires : 4/5/2015 6:22:04 PM
LastSync : Hits:92
UseCount : 0
Hits : 92

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:69
Value : Cookie:kari-lyn [email protected]/
Expires : 1/17/2006 4:14:24 PM
LastSync : Hits:69
UseCount : 0
Hits : 69

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@spylog[1].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:kari-lyn [email protected]/
Expires : 10/9/2005 6:24:08 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:109
Value : Cookie:kari-lyn [email protected]/
Expires : 3/19/2035 4:27:08 PM
LastSync : Hits:109
UseCount : 0
Hits : 109

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@qksrv[2].txt
Category : Data Miner
Comment : Hits:89
Value : Cookie:kari-lyn [email protected]/
Expires : 4/27/2010 5:36:46 PM
LastSync : Hits:89
UseCount : 0
Hits : 89

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:kari-lyn [email protected]/
Expires : 1/22/2006 2:05:36 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[6].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:kari-lyn [email protected]/cgi-bin/
Expires : 10/22/2006 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@adtech[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:kari-lyn [email protected]/
Expires : 3/8/2015 12:07:16 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:49
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2005 5:11:10 PM
LastSync : Hits:49
UseCount : 0
Hits : 49

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tickle[1].txt
Category : Data Miner
Comment : Hits:92
Value : Cookie:kari-lyn [email protected]/
Expires : 4/18/2007 10:02:10 PM
LastSync : Hits:92
UseCount : 0
Hits : 92

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@centrport[2].txt
Category : Data Miner
Comment : Hits:47
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2029 7:00:00 PM
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 5/12/2024 1:07:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@casalemedia[2].txt
Category : Data Miner
Comment : Hits:311
Value : Cookie:kari-lyn [email protected]/
Expires : 4/16/2006 3:21:28 AM
LastSync : Hits:311
UseCount : 0
Hits : 311

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:44
Value : Cookie:kari-lyn [email protected]/
Expires : 4/19/2006 11:00:00 PM
LastSync : Hits:44
UseCount : 0
Hits : 44

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:482
Value : Cookie:kari-lyn [email protected]/
Expires : 4/28/2006 11:21:02 PM
LastSync : Hits:482
UseCount : 0
Hits : 482

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:kari-lyn [email protected]/
Expires : 12/30/2037 11:00:00 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:247
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2009 7:00:00 PM
LastSync : Hits:247
UseCount : 0
Hits : 247

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@overstock[4].txt
Category : Data Miner
Comment : Hits:61
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2005 7:00:00 PM
LastSync : Hits:61
UseCount : 0
Hits : 61

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 1/9/2005 1:37:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@hotlog[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:kari-lyn [email protected]/
Expires : 10/23/2005 1:16:26 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2005
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:73
Value : Cookie:kari-lyn [email protected]/
Expires : 4/26/2005 6:51:58 AM
LastSync : Hits:73
UseCount : 0
Hits : 73

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[10].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:kari-lyn [email protected]/cgi-bin
Expires : 2/27/2015 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[1].txt
Category : Data Miner
Comment : Hits:628
Value : Cookie:kari-lyn [email protected]/HTM/507/0
Expires : 12/5/2005 7:21:28 PM
LastSync : Hits:628
UseCount : 0
Hits : 628

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:338
Value : Cookie:kari-lyn [email protected]/
Expires : 12/30/2037 11:00:00 AM
LastSync : Hits:338
UseCount : 0
Hits : 338

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 1/27/2005 10:01:26 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:kari-lyn [email protected]/
Expires : 4/30/2005
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:kari-lyn [email protected]/
Expires : 9/6/2014 6:50:08 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@fastclick[1].txt
Category : Data Miner
Comment : Hits:47
Value : Cookie:kari-lyn [email protected]/
Expires : 4/25/2007 7:52:28 PM
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@goclick[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2009 7:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@fortunecity[2].txt
Category : Data Miner
Comment : Hits:15
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2010 7:00:00 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:kari-lyn [email protected]/
Expires : 1/1/2038
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@questionmarket[5].txt
Category : Data Miner
Comment : Hits:227
Value : Cookie:kari-lyn [email protected]/
Expires : 6/20/2006 1:48:12 PM
LastSync : Hits:227
UseCount : 0
Hits : 227

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@serving-sys[1].txt
Category : Data Miner
Comment : Hits:86
Value : Cookie:kari-lyn [email protected]/
Expires : 1/1/2038
LastSync : Hits:86
UseCount : 0
Hits : 86

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[4].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:kari-lyn [email protected]/HTM/598/0
Expires : 2/2/2006 8:56:20 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@pro-market[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 5/31/2030 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tradedoubler[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:kari-lyn [email protected]/
Expires : 10/18/2024 1:52:20 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 2/28/2007 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 1/24/2005 11:51:42 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 1/13/2035 10:33:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:kari-lyn [email protected]/
Expires : 3/6/2005 6:47:40 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 1/25/2006 9:56:32 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@adrevolver[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:kari-lyn [email protected]/adrevolver/
Expires : 11/21/2007 10:45:48 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bluemountain[3].txt
Category : Data Miner
Comment : Hits:27
Value : Cookie:kari-lyn [email protected]/
Expires : 9/8/2009 7:01:00 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 4/26/2005
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[2].txt
Category : Data Miner
Comment : Hits:84
Value : Cookie:kari-lyn [email protected]/HTM/578/0
Expires : 2/4/2006 6:13:10 PM
LastSync : Hits:84
UseCount : 0
Hits : 84

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bravenet[1].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:kari-lyn [email protected]/
Expires : 4/11/2015 6:49:56 PM
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@overture[2].txt
Category : Data Miner
Comment : Hits:44
Value : Cookie:kari-lyn [email protected]/
Expires : 12/13/2014 8:08:56 PM
LastSync : Hits:44
UseCount : 0
Hits : 44

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:kari-lyn [email protected]/
Expires : 11/18/2007 6:12:40 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@x10[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:kari-lyn [email protected]
Expires : 1/23/2006 9:40:18 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[6].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/HTM/676/0
Expires : 3/5/2006 6:38:06 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@statcounter[1].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:kari-lyn [email protected]/
Expires : 4/24/2010 7:56:12 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[8].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/HTM/586/0
Expires : 4/11/2006 9:37:04 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:kari-lyn [email protected]/
Expires : 4/18/2006 6:32:24 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[8].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/cgi-bin
Expires : 2/27/2015 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[11].txt
Category : Data Miner
Comment : Hits:15
Value : Cookie:kari-lyn [email protected]/cgi-bin
Expires : 2/27/2015 7:00:00 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@[bleep]-access[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn bjorn@[bleep]-access.com/
Expires : 1/30/2005 1:25:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:kari-lyn [email protected]/
Expires : 11/21/2008 9:28:06 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[4].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:kari-lyn [email protected]/cgi-bin
Expires : 2/27/2015 7:00:00 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[10].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/HTM/447/0
Expires : 4/19/2006 10:04:52 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:kari-lyn [email protected]/
Expires : 12/31/2020 7:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@revenue[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:kari-lyn [email protected]/
Expires : 9/10/2032 8:55:40 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 4/7/2005 5:26:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 4/14/2005 2:35:46 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[7].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/HTM/774/0
Expires : 4/9/2006 8:37:12 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 4/26/2005 8:55:18 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@0[9].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/HTM/384/0
Expires : 4/19/2006 10:04:28 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 4/15/2015 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@2o7[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@ad-logics[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@ad-logics[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bluemountain[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@bluemountain[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bluemountain[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@bluemountain[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@cgi-bin[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@cgi-bin[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@cgi-bin[7].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@cgi-bin[7].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@dbbsrv[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@dbbsrv[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@overstock[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@overstock[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@overstock[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@overstock[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@pro-market[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@questionmarket[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@questionmarket[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@ru4[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@ru4[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tripod[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@tripod[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tripod[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@tripod[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@zedo[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[5].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Cookies\kari-lyn bjorn@zedo[5].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 121
Objects found so far: 482



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  • 0

#4
ShoalBear
Posted 29 April 2005 - 10:45 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\Cookies\kari-lyn bjorn@zedo[1].txt

Claria Object Recognized!
Type : File
Data : fsg_4104.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\
FileVersion : 4.1.0.4
ProductVersion : 4.1.0.4
OriginalFilename : Trickler.exe


TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsB.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\



BonziBuddy Object Recognized!
Type : File
Data : bbsetupmss.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\My Documents\Programs Downloaded\



BonziBuddy Object Recognized!
Type : File
Data : bonzi.exe
Category : Data Miner
Comment :
Object : C:\Program Files\FileSubmitDotCom\St Paddy Teddies\



Ebates MoneyMaker Object Recognized!
Type : File
Data : 800_1.dat
Category : Data Miner
Comment :
Object : C:\Program Files\MyPoints_PointAlert\Sy800\Sy800\



eUniverse Object Recognized!
Type : File
Data : PerfectNav150c.dll
Category : Data Miner
Comment :
Object : C:\Program Files\PerfectNav\BHO\
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL


Search Relevancy Object Recognized!
Type : File
Data : SearchRelevant.xml
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevant\



Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevant\



Ebates MoneyMaker Object Recognized!
Type : File
Data : 1050_1.dat
Category : Data Miner
Comment :
Object : C:\Program Files\Upromise_RemindU\Sy1050\Sy1050\



WindUpdates Object Recognized!
Type : File
Data : WinStatKeep.exe
Category : Malware
Comment :
Object : C:\Program Files\Windows AdStatus\



BlazeFind Object Recognized!
Type : File
Data : CComm.dll
Category : Malware
Comment :
Object : C:\Program Files\Windows SyncroAd\



BargainBuddy Object Recognized!
Type : File
Data : A0007092.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 8.0.2.9
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module


Claria Object Recognized!
Type : File
Data : A0007154.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGGCEngine dll


Claria Object Recognized!
Type : File
Data : A0007156.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGIEProcess dll


Claria Object Recognized!
Type : File
Data : A0007157.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGNSEngine dll


Claria Object Recognized!
Type : File
Data : A0007158.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : GatorRes Dynamic Link Library
InternalName : GatorRes DLL
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GatorRes DLL


Claria Object Recognized!
Type : File
Data : A0007165.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : A0007182.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMEIIAPI.DLL


Claria Object Recognized!
Type : File
Data : A0007183.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMESys.exe


Claria Object Recognized!
Type : File
Data : A0007184.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GAppMgr.dll


Claria Object Recognized!
Type : File
Data : A0007185.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GController.dll


Claria Object Recognized!
Type : File
Data : A0007186.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GDlwdEng.dll


Claria Object Recognized!
Type : File
Data : A0007187.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GIocl.dll


Claria Object Recognized!
Type : File
Data : A0007188.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GIoclClient.dll


Claria Object Recognized!
Type : File
Data : A0007189.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GMTProxy.dll


Claria Object Recognized!
Type : File
Data : A0007190.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : A0007191.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GStore.dll


Claria Object Recognized!
Type : File
Data : A0007192.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GStoreServer.dll


Claria Object Recognized!
Type : File
Data : A0007193.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GTools.dll


WindUpdates Object Recognized!
Type : File
Data : A0007346.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP10\



BargainBuddy Object Recognized!
Type : File
Data : A0007934.EXE
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 8.0.2.9
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module


Claria Object Recognized!
Type : File
Data : A0008007.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : Gator Client Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : A0008012.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGGCEngine dll


Claria Object Recognized!
Type : File
Data : A0008013.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGIEProcess dll


Claria Object Recognized!
Type : File
Data : A0008014.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : EGNSEngine dll


Claria Object Recognized!
Type : File
Data : A0008015.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : GAIN Publishing
CompanyName : GAIN Publishing, Inc
FileDescription : GatorRes Dynamic Link Library
InternalName : GatorRes DLL
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc
OriginalFilename : GatorRes DLL


Claria Object Recognized!
Type : File
Data : A0008017.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMESys.exe
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMESys.exe


Claria Object Recognized!
Type : File
Data : A0008018.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GAppMgr.dll


Claria Object Recognized!
Type : File
Data : A0008019.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GController.dll


Claria Object Recognized!
Type : File
Data : A0008020.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GDlwdEng.dll


Claria Object Recognized!
Type : File
Data : A0008021.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GIocl.dll


Claria Object Recognized!
Type : File
Data : A0008022.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GIoclClient.dll


Claria Object Recognized!
Type : File
Data : A0008023.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GMTProxy.dll


Claria Object Recognized!
Type : File
Data : A0008024.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : A0008025.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GStore.dll


Claria Object Recognized!
Type : File
Data : A0008026.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GStoreServer.dll


Claria Object Recognized!
Type : File
Data : A0008027.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : GTools.dll


Claria Object Recognized!
Type : File
Data : A0008031.DLL
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\
FileVersion : 5.1.1.5
ProductVersion : 5.1.1.5
ProductName : CME
CompanyName : GAIN Publishing, Inc.
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2003 GAIN Publishing, Inc.
OriginalFilename : CMEIIAPI.DLL


WindUpdates Object Recognized!
Type : File
Data : A0008148.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP11\



BargainBuddy Object Recognized!
Type : File
Data : A0018442.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP33\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


WindUpdates Object Recognized!
Type : File
Data : A0018443.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP33\



BargainBuddy Object Recognized!
Type : File
Data : A0018800.EXE
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP37\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


WindUpdates Object Recognized!
Type : File
Data : A0018822.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP37\



WindUpdates Object Recognized!
Type : File
Data : A0041467.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP42\



WindUpdates Object Recognized!
Type : File
Data : A0042939.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP42\



WindUpdates Object Recognized!
Type : File
Data : A0046632.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP55\



WindUpdates Object Recognized!
Type : File
Data : A0046922.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP56\



WindUpdates Object Recognized!
Type : File
Data : A0052001.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP84\



WindUpdates Object Recognized!
Type : File
Data : A0052358.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP87\



WindUpdates Object Recognized!
Type : File
Data : A0052546.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP87\



WindUpdates Object Recognized!
Type : File
Data : A0053026.VXD
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP87\



TopMoxie Object Recognized!
Type : File
Data : WebRebates_CDT_InstallSilent.exe
Category : Data Miner
Comment :
Object : C:\TEMP\



WindUpdates Object Recognized!
Type : File
Data : WinStatX.dll
Category : Malware
Comment :
Object : C:\WINDOWS\Downloaded Program Files\



VX2 Object Recognized!
Type : File
Data : localNRD.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : preInsln.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



IGetNet Object Recognized!
Type : File
Data : Update_RemoveOld.DLL
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 5, 0, 1, 0
ProductVersion : 5, 0, 1, 0
ProductName : iGetNet, LLC - Update_RemoveOld
CompanyName : iGetNet, LLC
FileDescription : Update_RemoveOld
InternalName : Update_RemoveOld
LegalCopyright : Copyright © 2002, 2003
OriginalFilename : Update_RemoveOld.dll


BargainBuddy Object Recognized!
Type : File
Data : exul.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\



BonziBuddy Object Recognized!
Type : File
Data : IEHelperMiddleMan.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : IEHelperMiddleMan Dynamic Link Library
FileDescription : IEHelperMiddleMan DLL
InternalName : IEHelperMiddleMan
LegalCopyright : Copyright © 2000
OriginalFilename : IEHelperMiddleMan.DLL


BargainBuddy Object Recognized!
Type : File
Data : msbe.dll
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 2, 0, 0, 16
ProductVersion : 2, 0, 0, 16
ProductName : apuc Module
CompanyName : eXact Advertising
FileDescription : apuc Module
InternalName : apuc
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


AltnetBDE Object Recognized!
Type : File
Data : adm.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 4, 0, 0, 5
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003, 2004 Altnet
OriginalFilename : ADM.exe


AltnetBDE Object Recognized!
Type : File
Data : adm25.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 1, 2, 4, 3
ProductVersion : 1, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright 2002
OriginalFilename : ADM25.dll


AltnetBDE Object Recognized!
Type : File
Data : adm4.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 4, 0, 0, 6
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADM4.dll


AltnetBDE Object Recognized!
Type : File
Data : admdata.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 1, 0, 1, 10
ProductVersion : 1, 0, 0, 0
ProductName : ADMData
CompanyName : Altnet
FileDescription : ADMData
InternalName : ADMData
LegalCopyright : Copyright 1999
OriginalFilename : ADMData.dll


AltnetBDE Object Recognized!
Type : File
Data : admdloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 3, 0, 39, 2
ProductVersion : 3, 0, 0, 0
ProductName : ADMDloader
CompanyName : Altnet
FileDescription : BDEDownloader
InternalName : ADMDloader
LegalCopyright : Copyright © 2001 Altnet
OriginalFilename : ADMDloader.dll


AltnetBDE Object Recognized!
Type : File
Data : admfdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 0
ProductName : ADMFdi
CompanyName : Altnet
FileDescription : ADMFdi
InternalName : ADMFdi
LegalCopyright : Copyright © 2000
OriginalFilename : ADMFdi


AltnetBDE Object Recognized!
Type : File
Data : admprog.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 0
ProductName : ADMProg
CompanyName : Altnet
InternalName : ADMProg
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADMProg.dll


AltnetBDE Object Recognized!
Type : File
Data : dmfiles.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : DMinfo3.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : dminstall7.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : pmexe.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : pmfiles.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : pminstall.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : Setup.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\



AltnetBDE Object Recognized!
Type : File
Data : Setup.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Altnet\
FileVersion : 1, 0, 4, 13
ProductVersion : 1, 0, 0, 0
ProductName : AltnetInstaller
CompanyName : Altnet
FileDescription : AltnetInstaller
InternalName : AltnetInstaller
LegalCopyright : Copyright © 2003
OriginalFilename : AltnetInstaller.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 584


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 584



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : TheBUGS.ws - Ultimate cracks and warez search engine. Security related portal. Underground TOP list, user forums, news and hack.url
Category : Misc
Comment : Problematic URL discovered: http://www.thebugs.ws/
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Favorites\Cracks\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Your Picture.url
Category : Misc
Comment : Problematic URL discovered: http://server142.smartbotpro.net/you/
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Desktop\PT Backup\Power Places\Frank's Favorites\Odds & Ends\Funny\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adstatus

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adstatus
Value : UninstallString

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adstatus
Value : DisplayName

TopMoxie Object Recognized!
Type : File
Data : jkill.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\KARI-L~1\LOCALS~1\Temp\



MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm
Value : check

MediaMotor Object Recognized!
Type : File
Data : mm21.INF
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



MediaMotor Object Recognized!
Type : File
Data : mm30.ocx
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 6.00
ProductVersion : 6.00
ProductName : DemoCtla
CompanyName : df
InternalName : mm30
OriginalFilename : mm30.ocx


Claria Object Recognized!
Type : File
Data : fsg_4104.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\KARI-L~1\LOCALS~1\Temp\
FileVersion : 4.1.0.4
ProductVersion : 4.1.0.4
OriginalFilename : Trickler.exe


IBIS Toolbar Object Recognized!
Type : File
Data : wtoolsb.dll
Category : Data Miner
Comment :
Object : C:\DOCUME~1\KARI-L~1\LOCALS~1\Temp\



BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d
Value :

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\\BDE

BrilliantDigital Object Recognized!
Type : File
Data : b3dsetup.exe
Category : Data Miner
Comment :
Object : c:\bde\
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
ProductName : BDE installer
CompanyName : Brilliant Digital
FileDescription : BDE installer
InternalName : BDE installer
LegalCopyright : Copyright © 2001,2002
OriginalFilename : BDE installer


BrilliantDigital Object Recognized!
Type : File
Data : setup.cab
Category : Data Miner
Comment :
Object : c:\bde\



180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : boom_ver

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : kw_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : keyword_file_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : recent_shown

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : key_int_high

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\msbb
Value : key_int_low

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : so
  • 0

#5
ShoalBear
Posted 29 April 2005 - 10:46 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : smt

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : boom

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt2

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : mt3

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gma

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gvi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : gpi

AltnetBDE Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\Altnet

AltnetBDE Object Recognized!
Type : File
Data : atl.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 3.00.8168
ProductVersion : 6.00.8168
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows (ANSI)
InternalName : ATL
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : ATL.DLL


AltnetBDE Object Recognized!
Type : File
Data : DMinfo2.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : dminstall3.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : msvcirt.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 6.00.8168.0
ProductVersion : 6.00.8168.0
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® C++ Runtime Library
InternalName : MSVCIRT.DLL
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : MSVCIRT.DLL


AltnetBDE Object Recognized!
Type : File
Data : mysearch.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\SearchRelevancy

Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.dll
Category : Misc
Comment :
Object : C:\Program Files\searchrelevancy\



eUniverse Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\PerfectNav

eUniverse Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\perfectnav\BHO

Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\..\GAIN Publishing

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

VX2 Object Recognized!
Type : File
Data : localNrd.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



IGetNet Object Recognized!
Type : File
Data : rules.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 71
Objects found so far: 657

10:53:25 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:36.578
Objects scanned:292485
Objects identified:464
Objects ignored:0
New critical objects:464
  • 0

#6
ShoalBear
Posted 29 April 2005 - 10:48 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
OK....now the second log after the computer restarted:


Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 11:01:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE(TAC index:4):15 total references
Ebates MoneyMaker(TAC index:4):1 total references
eUniverse(TAC index:10):1 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:70 %
Total physical memory:1047272 kb
Available physical memory:727732 kb
Total page file size:2499240 kb
Available on page file:2316140 kb
Total virtual memory:2097024 kb
Available virtual memory:2048204 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4/29/2005 11:01:16 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 4/30/2005 4:00:18 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 4/30/2005 4:00:21 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 4/30/2005 4:00:22 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 4/30/2005 4:00:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [savedump.exe]
ModuleName : C:\WINDOWS\system32\savedump.exe
Command Line : C:\WINDOWS\system32\savedump.exe
ProcessID : 612
ThreadCreationTime : 4/30/2005 4:00:23 AM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Save Dump Utility
InternalName : savedump
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : savedump.exe

#:6 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4/30/2005 4:00:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 792
ThreadCreationTime : 4/30/2005 4:00:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 836
ThreadCreationTime : 4/30/2005 4:00:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 904
ThreadCreationTime : 4/30/2005 4:00:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 972
ThreadCreationTime : 4/30/2005 4:00:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1048
ThreadCreationTime : 4/30/2005 4:00:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1236
ThreadCreationTime : 4/30/2005 4:00:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1648
ThreadCreationTime : 4/30/2005 4:00:31 AM
BasePriority : High
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
ProcessID : 1728
ThreadCreationTime : 4/30/2005 4:00:32 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:15 [agentsrv.exe]
ModuleName : C:\Program Files\Connected\AgentSrv.EXE
Command Line : "C:\Program Files\Connected\AgentSrv.EXE" -asv
ProcessID : 1776
ThreadCreationTime : 4/30/2005 4:00:33 AM
BasePriority : Idle
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:16 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1804
ThreadCreationTime : 4/30/2005 4:00:33 AM
BasePriority : Normal


#:17 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1816
ThreadCreationTime : 4/30/2005 4:00:33 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:18 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1880
ThreadCreationTime : 4/30/2005 4:00:33 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:19 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1928
ThreadCreationTime : 4/30/2005 4:00:33 AM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:20 [upssrv.exe]
ModuleName : C:\PowerPanel\upssrv.exe
Command Line : C:\PowerPanel\upssrv.exe
ProcessID : 1948
ThreadCreationTime : 4/30/2005 4:00:34 AM
BasePriority : Normal
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : Power Panel ( Plus )
CompanyName : Cyber Power System Inc.
FileDescription : UPS Service
InternalName : upssrv.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upssrv.exe

#:21 [upsio.exe]
ModuleName : C:\PowerPanel\upsio.exe
Command Line : 1 0
ProcessID : 1996
ThreadCreationTime : 4/30/2005 4:00:34 AM
BasePriority : Realtime
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : PowerPanel (Plus)
CompanyName : Cyber Power System Inc.
FileDescription : upsio
InternalName : upsio.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upsio.exe

#:22 [inetinfo.exe]
ModuleName : C:\WINDOWS\system32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\system32\inetsrv\inetinfo.exe
ProcessID : 2004
ThreadCreationTime : 4/30/2005 4:00:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:23 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 156
ThreadCreationTime : 4/30/2005 4:00:34 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:24 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 360
ThreadCreationTime : 4/30/2005 4:00:34 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:25 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 508
ThreadCreationTime : 4/30/2005 4:00:37 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:26 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 968
ThreadCreationTime : 4/30/2005 4:00:38 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:27 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1108
ThreadCreationTime : 4/30/2005 4:00:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1284
ThreadCreationTime : 4/30/2005 4:00:38 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:29 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 1356
ThreadCreationTime : 4/30/2005 4:00:38 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:30 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1404
ThreadCreationTime : 4/30/2005 4:00:39 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:31 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1516
ThreadCreationTime : 4/30/2005 4:00:39 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:32 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2764
ThreadCreationTime : 4/30/2005 4:00:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : temp.fr63E9
Category : Malware
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\



Ebates MoneyMaker Object Recognized!
Type : File
Data : temp.frFDE1
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Kari-Lyn Bjorn\Local Settings\Temp\



AltnetBDE Object Recognized!
Type : File
Data : adm.exe
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 4, 0, 0, 5
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003, 2004 Altnet
OriginalFilename : ADM.exe


AltnetBDE Object Recognized!
Type : File
Data : adm25.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 1, 2, 4, 3
ProductVersion : 1, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright 2002
OriginalFilename : ADM25.dll


AltnetBDE Object Recognized!
Type : File
Data : adm4.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 4, 0, 0, 6
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADM4.dll


AltnetBDE Object Recognized!
Type : File
Data : admdata.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 1, 0, 1, 10
ProductVersion : 1, 0, 0, 0
ProductName : ADMData
CompanyName : Altnet
FileDescription : ADMData
InternalName : ADMData
LegalCopyright : Copyright 1999
OriginalFilename : ADMData.dll


AltnetBDE Object Recognized!
Type : File
Data : admdloader.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 3, 0, 39, 2
ProductVersion : 3, 0, 0, 0
ProductName : ADMDloader
CompanyName : Altnet
FileDescription : BDEDownloader
InternalName : ADMDloader
LegalCopyright : Copyright © 2001 Altnet
OriginalFilename : ADMDloader.dll


AltnetBDE Object Recognized!
Type : File
Data : admfdi.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 0
ProductName : ADMFdi
CompanyName : Altnet
FileDescription : ADMFdi
InternalName : ADMFdi
LegalCopyright : Copyright © 2000
OriginalFilename : ADMFdi


AltnetBDE Object Recognized!
Type : File
Data : admprog.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 0
ProductName : ADMProg
CompanyName : Altnet
InternalName : ADMProg
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADMProg.dll


AltnetBDE Object Recognized!
Type : File
Data : dmfiles.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : DMinfo3.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : dminstall7.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : pmexe.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : pmfiles.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : pminstall.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : Setup.cab
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\



AltnetBDE Object Recognized!
Type : File
Data : Setup.exe
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc3\
FileVersion : 1, 0, 4, 13
ProductVersion : 1, 0, 0, 0
ProductName : AltnetInstaller
CompanyName : Altnet
FileDescription : AltnetInstaller
InternalName : AltnetInstaller
LegalCopyright : Copyright © 2003
OriginalFilename : AltnetInstaller.exe


eUniverse Object Recognized!
Type : File
Data : PerfectNav150c.dll
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-1645522239-436374069-842925246-1003\Dc5\BHO\
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL


WindUpdates Object Recognized!
Type : File
Data : A0054276.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 19




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Windows AdStatus

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 20

11:24:17 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:01.406
Objects scanned:288619
Objects identified:20
Objects ignored:0
New critical objects:20

WHEW!!! Hope you don't go blind trying to read that all!!
  • 0

#7
Rawe
Posted 30 April 2005 - 04:59 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to each "target family" you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:

Edited by Rawe, 30 April 2005 - 05:13 AM.

  • 0

#8
Rawe
Posted 30 April 2005 - 05:01 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#9
Guest_Andy_veal_*
Posted 30 April 2005 - 08:47 AM

Guest_Andy_veal_*
  • Guest
Please after following Rawe's advise please select a Full system scan instead of Custom.

Thanks :tazz:
  • 0

#10
ShoalBear
Posted 30 April 2005 - 10:32 AM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Sorry you all lost me. :tazz: Which steps am I to take first? And I don't have a clue about hosts files, let alone if I have a program that would change them or how I would have added to them. So right now, should I just run a full scan and then post that log? ;)
  • 0

Advertisements

#11
Rawe
Posted 30 April 2005 - 10:42 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Follow my removal instructions above the hosts file reply.
Let's take a step at a time.
Follow removal instructions, then we'll take a look at your logfile.

- Rawe :tazz:
  • 0

#12
ShoalBear
Posted 30 April 2005 - 01:34 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

If problems are caused by deleting a family, just leave it.
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Just to point out something funny....how do you post the results here without connecting to the internet??  :tazz:

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

- Rawe  ;)

View Post


Luckily I have a second computer here to help me! My scan is going now, and I will post it in a few minutes.
  • 0

#13
ShoalBear
Posted 30 April 2005 - 01:49 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 30, 2005 2:21:21 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE(TAC index:4):8 total references
eUniverse(TAC index:10):1 total references
MRU List(TAC index:0):7 total references
TopMoxie(TAC index:3):2 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:71 %
Total physical memory:1047272 kb
Available physical memory:733564 kb
Total page file size:2499240 kb
Available on page file:2181552 kb
Total virtual memory:2097024 kb
Available virtual memory:2045924 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-30-2005 2:21:21 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Kari-Lyn Bjorn\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Kari-Lyn Bjorn\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-436374069-842925246-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-436374069-842925246-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-436374069-842925246-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-436374069-842925246-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-436374069-842925246-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 4-30-2005 7:19:00 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 4-30-2005 7:19:02 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 4-30-2005 7:19:02 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 4-30-2005 7:19:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [savedump.exe]
ModuleName : C:\WINDOWS\system32\savedump.exe
Command Line : C:\WINDOWS\system32\savedump.exe
ProcessID : 612
ThreadCreationTime : 4-30-2005 7:19:03 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Save Dump Utility
InternalName : savedump
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : savedump.exe

#:6 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4-30-2005 7:19:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 784
ThreadCreationTime : 4-30-2005 7:19:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 828
ThreadCreationTime : 4-30-2005 7:19:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 868
ThreadCreationTime : 4-30-2005 7:19:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 932
ThreadCreationTime : 4-30-2005 7:19:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 968
ThreadCreationTime : 4-30-2005 7:19:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1152
ThreadCreationTime : 4-30-2005 7:19:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [agentsrv.exe]
ModuleName : C:\Program Files\Connected\AgentSrv.EXE
Command Line : "C:\Program Files\Connected\AgentSrv.EXE" -asv
ProcessID : 1240
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Idle
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : AgentSrv.exe

#:14 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1272
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Normal


#:15 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1292
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:16 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1352
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:17 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1380
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:18 [upssrv.exe]
ModuleName : C:\PowerPanel\upssrv.exe
Command Line : C:\PowerPanel\upssrv.exe
ProcessID : 1404
ThreadCreationTime : 4-30-2005 7:19:07 PM
BasePriority : Normal
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : Power Panel ( Plus )
CompanyName : Cyber Power System Inc.
FileDescription : UPS Service
InternalName : upssrv.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upssrv.exe

#:19 [inetinfo.exe]
ModuleName : C:\WINDOWS\system32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\system32\inetsrv\inetinfo.exe
ProcessID : 1448
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:20 [upsio.exe]
ModuleName : C:\PowerPanel\upsio.exe
Command Line : 1 0
ProcessID : 1452
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Realtime
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : PowerPanel (Plus)
CompanyName : Cyber Power System Inc.
FileDescription : upsio
InternalName : upsio.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upsio.exe

#:21 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1516
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:22 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1572
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:23 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 1616
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:24 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 1760
ThreadCreationTime : 4-30-2005 7:19:08 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:25 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1796
ThreadCreationTime : 4-30-2005 7:19:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1856
ThreadCreationTime : 4-30-2005 7:19:09 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 1900
ThreadCreationTime : 4-30-2005 7:19:09 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:28 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1976
ThreadCreationTime : 4-30-2005 7:19:10 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:29 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 176
ThreadCreationTime : 4-30-2005 7:19:10 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:30 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2156
ThreadCreationTime : 4-30-2005 7:19:13 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:31 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2624
ThreadCreationTime : 4-30-2005 7:19:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:32 [smax4pnp.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
ProcessID : 2684
ThreadCreationTime : 4-30-2005 7:19:23 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:33 [smax4.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\smax4.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
ProcessID : 2692
ThreadCreationTime : 4-30-2005 7:19:23 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 25
ProductVersion : 4, 0, 4, 25
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright © 2002-2003, Analog Devices
OriginalFilename : SMax4.EXE

#:34 [gwhotkey.exe]
ModuleName : C:\WINDOWS\GWHotKey.exe
Command Line : "C:\WINDOWS\GWHotKey.exe"
ProcessID : 2724
ThreadCreationTime : 4-30-2005 7:19:23 PM
BasePriority : Normal
FileVersion : 4.4.1
ProductVersion : 4.4.1
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : Tartan Software www.BillP.com
FileDescription : Multi-function Keyboard Utility By Bill Pytlovany
LegalCopyright : Copyright © 1997-1998 Gateway 2000 Inc.
Comments : "You've got a friend in the business"

#:35 [ndetect.exe]
ModuleName : C:\Program Files\ICQ\NDetect.exe
Command Line : "C:\Program Files\ICQ\NDetect.exe"
ProcessID : 2732
ThreadCreationTime : 4-30-2005 7:19:23 PM
BasePriority : Normal


#:36 [hpztsb06.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe"
ProcessID : 2792
ThreadCreationTime : 4-30-2005 7:19:24 PM
BasePriority : Normal
FileVersion : 2,133,0,0
ProductVersion : 2,133,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:37 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2836
ThreadCreationTime : 4-30-2005 7:19:24 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:38 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2912
ThreadCreationTime : 4-30-2005 7:19:25 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:39 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 2928
ThreadCreationTime : 4-30-2005 7:19:25 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:40 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 2936
ThreadCreationTime : 4-30-2005 7:19:25 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:41 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 2972
ThreadCreationTime : 4-30-2005 7:19:26 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:42 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 3044
ThreadCreationTime : 4-30-2005 7:19:26 PM
BasePriority : Normal
FileVersion : 9.76.046
ProductVersion : 9.76.046
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:43 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 3056
ThreadCreationTime : 4-30-2005 7:19:26 PM
BasePriority : Normal
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:44 [p2p networking.exe]
ModuleName : C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 3104
ThreadCreationTime : 4-30-2005 7:19:27 PM
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:45 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 3128
ThreadCreationTime : 4-30-2005 7:19:27 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:46 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 3140
ThreadCreationTime : 4-30-2005 7:19:27 PM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:47 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3172
ThreadCreationTime : 4-30-2005 7:19:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:48 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ypager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
ProcessID : 3184
ThreadCreationTime : 4-30-2005 7:19:29 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:49 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 3264
ThreadCreationTime : 4-30-2005 7:19:30 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:50 [aim.exe]
ModuleName : C:\Program Files\AIM95\aim.exe
Command Line : "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
ProcessID : 3288
ThreadCreationTime : 4-30-2005 7:19:31 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:51 [cbsystray.exe]
ModuleName : C:\Program Files\Connected\CBSysTray.exe
Command Line : "C:\Program Files\Connected\CBSysTray.exe"
ProcessID : 3580
ThreadCreationTime : 4-30-2005 7:19:39 PM
BasePriority : Normal
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Connected DataProtector System Tray
InternalName : CBSysTray
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : CBSysTray.exe

#:52 [dvzincmsgr.exe]
ModuleName : C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Command Line : "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe"
ProcessID : 3608
ThreadCreationTime : 4-30-2005 7:19:41 PM
BasePriority : Normal
FileVersion : 6,0,1,723
ProductVersion : 6,0,1,723
ProductName : Documents To Go
CompanyName : DataViz, Inc.
FileDescription : DataViz Update Checker
InternalName : Web Savvy Agent
LegalCopyright : Copyright © 1998-2004 by DataViz, Inc.
OriginalFilename : WebSavvyAgent.exe
Comments : This component checks for updates of DataViz products.

#:53 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 3656
ThreadCreationTime : 4-30-2005 7:19:44 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:54 [memturbo.exe]
ModuleName : C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
Command Line : "C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe" /starthidden
ProcessID : 3724
ThreadCreationTime : 4-30-2005 7:19:46 PM
BasePriority : Normal

ProductName : MemTurbo Application
CompanyName : SharewareOnline.com, Inc.
FileDescription : MemTurbo
InternalName : MemTurbo
LegalCopyright : Copyright © 1998-2000
LegalTrademarks : MemTurbo, RAMScrub
OriginalFilename : MemTurbo.EXE
Comments : http://www.memturbo.com

#:55 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[364]SUSDSe73b711dd9032546a7d80c084173e4f1
ProcessID : 3912
ThreadCreationTime : 4-30-2005 7:20:04 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:56 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 4020
ThreadCreationTime : 4-30-2005 7:20:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:57 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4052
ThreadCreationTime : 4-30-2005 7:20:08 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@2o7[2].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:kari-lyn [email protected]/
Expires : 4-29-2010 1:27:40 PM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:kari-lyn [email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kari-lyn bjorn@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:kari-lyn [email protected]/
Expires : 6-21-2006 4:00:48 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 10



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : File
Data : A0054295.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 4, 0, 0, 5
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003, 2004 Altnet
OriginalFilename : ADM.exe


AltnetBDE Object Recognized!
Type : File
Data : A0054296.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 1, 2, 4, 3
ProductVersion : 1, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright 2002
OriginalFilename : ADM25.dll


AltnetBDE Object Recognized!
Type : File
Data : A0054297.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 4, 0, 0, 6
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADM4.dll


AltnetBDE Object Recognized!
Type : File
Data : A0054298.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 1, 0, 1, 10
ProductVersion : 1, 0, 0, 0
ProductName : ADMData
CompanyName : Altnet
FileDescription : ADMData
InternalName : ADMData
LegalCopyright : Copyright 1999
OriginalFilename : ADMData.dll


AltnetBDE Object Recognized!
Type : File
Data : A0054299.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 3, 0, 39, 2
ProductVersion : 3, 0, 0, 0
ProductName : ADMDloader
CompanyName : Altnet
FileDescription : BDEDownloader
InternalName : ADMDloader
LegalCopyright : Copyright © 2001 Altnet
OriginalFilename : ADMDloader.dll


AltnetBDE Object Recognized!
Type : File
Data : A0054300.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 0
ProductName : ADMFdi
CompanyName : Altnet
FileDescription : ADMFdi
InternalName : ADMFdi
LegalCopyright : Copyright © 2000
OriginalFilename : ADMFdi


AltnetBDE Object Recognized!
Type : File
Data : A0054301.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 0
ProductName : ADMProg
CompanyName : Altnet
InternalName : ADMProg
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADMProg.dll


AltnetBDE Object Recognized!
Type : File
Data : A0054302.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 1, 0, 4, 13
ProductVersion : 1, 0, 0, 0
ProductName : AltnetInstaller
CompanyName : Altnet
FileDescription : AltnetInstaller
InternalName : AltnetInstaller
LegalCopyright : Copyright © 2003
OriginalFilename : AltnetInstaller.exe


eUniverse Object Recognized!
Type : File
Data : A0054303.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP93\
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL


TopMoxie Object Recognized!
Type : File
Data : A0054326.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP94\



TopMoxie Object Recognized!
Type : File
Data : A0054333.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4276FC52-9D56-4C0A-B1AB-DB7AAC1679AF}\RP94\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

2:46:35 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:13.750
Objects scanned:275297
Objects identified:14
Objects ignored:0
New critical objects:14
  • 0

#14
Rawe
Posted 30 April 2005 - 01:54 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.


Let's take care of this now..
So, if you don't have a program which changes your hosts file, or you haven't added listings to the host's file, please restore this to default.
Here is the link for the "Host file viewer";
http://members.acces...sFileReader.zip
Simply download it, open it, select to restore to default settings.
(Instructions are on the display screen of the program.)
After this, post a fresh Ad-aware "Full system scan" - logfile to this topic.

- Rawe :tazz:
  • 0

#15
ShoalBear
Posted 30 April 2005 - 02:01 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Let's take care of this now..
So, if you don't have a program which changes your hosts file, or you haven't added listings to the host's file, please restore this to default.
Here is the link for the "Host file viewer";
http://members.acces...sFileReader.zip
Simply download it, open it, select to restore to default settings.
(Instructions are on the display screen of the program.)
After this, post a fresh Ad-aware "Full system scan" - logfile to this topic.

- Rawe  :tazz:

View Post


But how do I know if I have a program that changes hosts files? I might and might not know it? Or is it one of those things where if you have it, You know it?
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP