Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multi-layered trojan/adware/spyware


  • This topic is locked This topic is locked

#1
KETADASETA

KETADASETA

    New Member

  • Member
  • Pip
  • 4 posts
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 2:59:54 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):25 total references
Ebates MoneyMaker(TAC index:4):7 total references
istbar(TAC index:7):8 total references
Possible Browser Hijack attempt(TAC index:3):39 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Bruce's clean-up tools\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:41 %
Total physical memory:490900 kb
Available physical memory:200080 kb
Total page file size:1153344 kb
Available on page file:931568 kb
Total virtual memory:2097024 kb
Available virtual memory:2046884 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 2:59:54 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 616
ThreadCreationTime : 4-30-2005 10:24:08 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 688
ThreadCreationTime : 4-30-2005 10:24:11 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 732
ThreadCreationTime : 4-30-2005 10:24:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 744
ThreadCreationTime : 4-30-2005 10:24:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 912
ThreadCreationTime : 4-30-2005 10:24:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1004
ThreadCreationTime : 4-30-2005 10:24:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1360
ThreadCreationTime : 4-30-2005 10:24:14 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1388
ThreadCreationTime : 4-30-2005 10:24:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : n/a
ProcessID : 1420
ThreadCreationTime : 4-30-2005 10:24:14 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:10 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : n/a
ProcessID : 1564
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:11 [aoltsmon.exe]
ModuleName : C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Command Line : n/a
ProcessID : 1576
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:12 [compaq-rba.exe]
ModuleName : C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
Command Line : n/a
ProcessID : 1588
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 653
ProductVersion : 1, 0, 0, 653
ProductName : NeoPlanet RBA
CompanyName : NeoPlanet
FileDescription : RBA
InternalName : RBA
LegalCopyright : Copyright © 2001
OriginalFilename : RBA.exe

#:13 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : n/a
ProcessID : 1664
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe

#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : n/a
ProcessID : 1680
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 6.13.10.2312
ProductVersion : 6.13.10.2312
ProductName : NVIDIA Driver Helper Service, Version 23.12
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 23.12
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:15 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : n/a
ProcessID : 1712
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal


#:16 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1748
ThreadCreationTime : 4-30-2005 10:24:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 1908
ThreadCreationTime : 4-30-2005 10:24:26 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:18 [spools.exe]
ModuleName : C:\WINDOWS\System32\spools.exe
Command Line : "C:\WINDOWS\System32\spools.exe"
ProcessID : 548
ThreadCreationTime : 4-30-2005 10:25:36 AM
BasePriority : Normal


#:19 [svchst.exe]
ModuleName : C:\WINDOWS\svchst.exe
Command Line : "C:\WINDOWS\svchst.exe" /i
ProcessID : 1084
ThreadCreationTime : 4-30-2005 10:25:39 AM
BasePriority : Normal


#:20 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
ProcessID : 3652
ThreadCreationTime : 5-1-2005 10:25:49 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:21 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : c:\windows\explorer.exe
ProcessID : 1308
ThreadCreationTime : 5-1-2005 2:56:00 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 5708
ThreadCreationTime : 5-1-2005 3:21:40 PM
BasePriority : Normal


#:23 [mpxgnramex.exe]
ModuleName : C:\WINDOWS\mPXGnramex.exe
Command Line : "C:\WINDOWS\mPXGnramex.exe"
ProcessID : 1844
ThreadCreationTime : 5-1-2005 3:32:53 PM
BasePriority : Normal


#:24 [rzpima.exe]
ModuleName : C:\WINDOWS\System32\rzpima.exe
Command Line : "C:\WINDOWS\System32\rzpima.exe"
ProcessID : 4648
ThreadCreationTime : 5-1-2005 3:36:07 PM
BasePriority : Normal


#:25 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\istsvc.exe
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 4248
ThreadCreationTime : 5-1-2005 3:45:40 PM
BasePriority : Normal


#:26 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "c:\program files\internet explorer\iexplore.exe" -embedding
ProcessID : 5876
ThreadCreationTime : 5-1-2005 6:02:19 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:27 [aim.exe]
ModuleName : C:\Program Files\AIM95\aim.exe
Command Line : "C:\Program Files\AIM95\aim.exe"
ProcessID : 5628
ThreadCreationTime : 5-1-2005 6:48:16 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Bruce's clean-up tools\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Bruce's clean-up tools\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3420
ThreadCreationTime : 5-1-2005 6:57:39 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1079118523-1774555873-248915221-1007\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1079118523-1774555873-248915221-1007\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1079118523-1774555873-248915221-1007\software\lq
Value : AC

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:rebecca [email protected]/
Expires : 4-30-2010 2:47:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:rebecca [email protected]/
Expires : 4-29-2015 11:11:50 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:rebecca [email protected]/
Expires : 5-31-2005 2:47:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:rebecca [email protected]/cgi-bin
Expires : 4-29-2015 11:30:28 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][2].txt
Category : Data Miner
Comment : Hits:29
Value : Cookie:rebecca [email protected]/
Expires : 6-10-2022 1:05:42 AM
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : rebecca [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:rebecca [email protected]/
Expires : 5-1-2006 11:06:06 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 36



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36

Disk Scan Result for C:\DOCUME~1\REBECC~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 36


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
76 entries scanned.
New critical objects:0
Objects found so far: 36



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Business Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Business Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Dental Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Dental Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Diet pills.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Diet+pills
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Hair loss.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Hair+loss
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Health Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Health Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Home Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Life Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Life+Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Nutrition.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Nutrition
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : [bleep] enlargement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=[bleep]+enlargement
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Phentermine.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Phentermine
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Prozac.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Prozac
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Quit smoking.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=quit+smoking
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Term Life Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Term Life Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Travel Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Travel Insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Valtrex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Valtrex
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Viagra.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=viagra
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Weight loss.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Weight+loss
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xenical.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Xenical
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Health & Insurance\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adventure travel.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Adventure+travel
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Air Conditioning.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Air Conditioning
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Air Purifiers.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Air Purifiers
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Air travel.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Air+travel
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Blinds.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Blinds
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Celebrity cruises.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Celebrity+cruises
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cheap hotels.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Cheap+hotels
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Hawaii travel.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Hawaii+travel
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Equity Loans.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Home Equity Loans
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Mortgages.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Home Mortgages
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : International travel.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=International+travel
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Las Vegas hotels.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Las+Vegas+hotels
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Lighting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Lighting
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Mattress.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Mattress
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Moving.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Moving
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Refinance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Refinance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Relocation.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Relocation
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Travel Agents.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Travel+Agents
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Travel insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Travel+insurance
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Travel.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle...ch.php?acc=goto Repeat&qq=Travel
Object : C:\Documents and Settings\Rebecca Silver\Favorites\Homelife & Travel\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : File
Data : istactivex.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 85

3:02:11 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:16.563
Objects scanned:69782
Objects identified:85
Objects ignored:0
New critical objects:85
  • 0

Advertisements


#2
[email protected];<'S

[email protected];<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
#:25 [istsvc.exe]
This process monitors your browsing habits and distributes the data back to the author's servers for analyses I recommend that you go to the Add/Remove programs and remove it. (that is ofcause if you not want it)
if you do not know what these are then I also recommed that you remove (or try to) these to:
#:23 [mpxgnramex.exe]
#:24 [rzpima.exe]
Please can you try at least one if not more of these On-line scans
Panda
Symantec
McAfee
TrendMicro
Bit Defender
RAV
Kaspersky
CommandonDemand
Computer Associates
CyberTechHelp
PC Pitstop
Stinger

a2
or download and try
TrojanHunter (Note Trojan Scanner 30 day Trial)
Then once you have done please rescan with Ad-aware doing a "Full Scan" and post your logfile here by using the "Add-reply" feature
If needed here's how to post your Ad-aware Logfile ;)

Here’s how to copy your Ad-aware log
click my computer
click local C Drive
then Click Program Files
then Click Lavasoft
then click Ad-aware SE
and then Logs,
find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

[email protected];<'S :tazz:
  • 0

#3
KETADASETA

KETADASETA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
If anyone could please help my girlfriend, I would greatly appreciate it.

All I know is:

In order to stay online, I have to keep killing (manually) the undesirable processes that keep popping up. If they beat me, her computer logs off and I'm screwed.

My girlfriend has deleted many files from her computer (attempting to rid herself of these issues). After I caught her deleting files, I decided to assist her. After searching for "known" bad files, I ran out of energy. I got tired of playing around. I need someones help.

She has the following icons on her desktop (unwarranted):

sex
Evidence Eraser
Spyware Avenger
PopUp Blocker Stops PopUps
Virus Hunter Security
WeatherBug (might have came with Hijackthis or Adaware)




Thanks!

-Bruce
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

If you need help, post Ad-aware scanlog from "Full system scan".

Note; perform Webupdate- feature always before scanning your system, that way you are always up-to-date. At the moment SE1R42 28.04.2005 - definition file is the latest one.

Ad-Aware comes preconfigured with default options, so we need you to make one change. Deselect "Search for negligible risk entries"- setting, because mru-list's aren't considered as a threat. You can change this setting when selecting your scan type. Also, delete all tracking cookies just before scanning, they aren't a threat and just take space in your posts.

Select "Perform full system scan" and click next. When the scan has finished, click "Show logfile".

Then, copy & paste the complete scanlog here using Add Reply- feature. Don't quarantine or remove anything at this time, just post a complete logfile. This may take 2-3 posts to get it all here. You'll know when you are at the end when you see "Summary of this scan" information has posted.

When you have posted complete logfile from "Full system scan", we will tell you what to do.

Good day!

- Rawe :tazz:
  • 0

#5
KETADASETA

KETADASETA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Welcome!

If you need help, post Ad-aware scanlog from "Full system scan".

Note; perform Webupdate- feature always before scanning your system, that way you are always up-to-date. At the moment SE1R42 28.04.2005 - definition file is the latest one.

Ad-Aware comes preconfigured with default options, so we need you to make one change. Deselect "Search for negligible risk entries"- setting, because mru-list's aren't considered as a threat. You can change this setting when selecting your scan type. Also, delete all tracking cookies just before scanning, they aren't a threat and just take space in your posts.

Select "Perform full system scan" and click next. When the scan has finished, click "Show logfile".

Then, copy & paste the complete scanlog here using Add Reply- feature. Don't quarantine or remove anything at this time, just post a complete logfile. This may take 2-3 posts to get it all here. You'll know when you are at the end when you see "Summary of this scan" information has posted.

When you have posted complete logfile from "Full system scan", we will tell you what to do.

Good day!

- Rawe  :tazz:

View Post


I appologize to all:

I had to run the scan on MULTIPLE occasions in order to get the [bleep] thing complete. Every time my process halted (mid-scan), I would have to go in and redo all of the settings to the specifications requested on the --(thread for new people)--.

ATTENTION TO DETAIL goes out the window when PURE FRUSTERATION takes over!

I'm going to delete this post all together (if possible) and start from scratch. I'll make this happen when I go back over her house.

MY THANKS GOES OUT TO ALL PROMPT RESPONSES!


-B
  • 0

#6
[email protected];<'S

[email protected];<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
KETADASETA,
Please can you do two or more of the online scans that I posted above .
Then after you have done that.
As you said that

I had to run the scan on MULTIPLE occasions in order to get the [bleep] thing complete

If you are still having problems getting your Ad-aware se program to do a complete scan please can you clear out your cache folder ie: temporary internet folder (There are some free programs that you can use that will do that for you if needed like ;)
CCleaner)
then can you do a
"Full Scan" but stop it just before where it would stop on you then mark and remove any items found then Reboot (ie: Re-start your PC)
then rescan again doing a full scan this scan should make it further than the other do the same again remembering to Reboot (ie: Re-start your PC) after you remove any thing
and you should be able to get a full scan finished but it may just take time and a few scans but once it scans a complete full scan it will continue to do so.

[email protected];<'S :tazz:
  • 0

#7
KETADASETA

KETADASETA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

KETADASETA,
Please can you do two or more of the online scans that I posted above .
Then after you have done that.
As you said that 

If you are still having problems getting your Ad-aware se program to do a complete scan please can you clear out your cache folder ie: temporary internet folder (There are some free programs that you can use that will do that for you if needed like :)
CCleaner)
then can you do a
"Full Scan" but stop it just before where it would stop on you then  mark and remove any items found then Reboot (ie: Re-start your PC)
then rescan again doing a full scan this scan should make it further than the other do the same again remembering to  Reboot (ie: Re-start your PC) after you remove any thing
and you should be able to get a full scan finished but it may just take time and a few scans but once it scans a complete full scan it will continue to do so.

[email protected];<'S  :tazz:

View Post



RIGHT ON-
I'll hit up that cache next time...

When I clean out the temporary internet folder, what will that resolve?
Am I doing this to save scanning time or is this (cached data) actually coming out in my output, Adaware, file?

Always ;) inquisitive ;) ,
-B
  • 0

#8
[email protected];<'S

[email protected];<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
KETADASETA,

When I clean out the temporary internet folder, what will that resolve

On cleaning your cache folder ie: temporary internet folder you can & will remove items that can hide there. ie: Tracking cookies, possible Trojans History of site that you visit etc.
Have you done as we asked if so please can you post a new log file ;)
[email protected];<'S :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP