Ad-Aware SE Build 1.05
Logfile Created on:4. maj 2005 20:34:53
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):7 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Programmer\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:63 %
Total physical memory:1047020 kb
Available physical memory:659460 kb
Total page file size:2520280 kb
Available on page file:2323480 kb
Total virtual memory:2097024 kb
Available virtual memory:2028880 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
04-05-2005 20:34:53 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 444
ThreadCreationTime : 04-05-2005 18:23:58
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 504
ThreadCreationTime : 04-05-2005 18:24:01
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 04-05-2005 18:24:02
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 580
ThreadCreationTime : 04-05-2005 18:24:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Tjenester og controllerprogrammer
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 592
ThreadCreationTime : 04-05-2005 18:24:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : C:\WINDOWS\system32\Ati2evxx.exe
ProcessID : 740
ThreadCreationTime : 04-05-2005 18:24:03
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 752
ThreadCreationTime : 04-05-2005 18:24:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 820
ThreadCreationTime : 04-05-2005 18:24:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 888
ThreadCreationTime : 04-05-2005 18:24:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 932
ThreadCreationTime : 04-05-2005 18:24:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1056
ThreadCreationTime : 04-05-2005 18:24:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1268
ThreadCreationTime : 04-05-2005 18:24:06
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1328
ThreadCreationTime : 04-05-2005 18:24:06
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows Stifinder
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : EXPLORER.EXE
#:14 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1356
ThreadCreationTime : 04-05-2005 18:24:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [jusched.exe]
ModuleName : C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
Command Line : "C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe"
ProcessID : 1480
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
#:16 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 1492
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager
#:17 [alcwzrd.exe]
ModuleName : C:\WINDOWS\ALCWZRD.EXE
Command Line : "C:\WINDOWS\ALCWZRD.EXE"
ProcessID : 1512
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 1.1.0.15
ProductVersion : 1.1.0.15
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE
#:18 [winampa.exe]
ModuleName : C:\Programmer\Winamp\winampa.exe
Command Line : "C:\Programmer\Winamp\winampa.exe"
ProcessID : 1528
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
#:19 [hpztsb05.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
ProcessID : 1536
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 2,128,0,0
ProductVersion : 2,128,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002
#:20 [hphmon04.exe]
ModuleName : C:\WINDOWS\system32\hphmon04.exe
Command Line : "C:\WINDOWS\system32\hphmon04.exe"
ProcessID : 1544
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 4,1,14
ProductVersion : 4,1,14
ProductName : hp photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon04
InternalName : HPHmon04
LegalCopyright : Copyright © 2001
OriginalFilename : HPHmon04.exe
#:21 [hpgs2wnd.exe]
ModuleName : C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 1572
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:22 [point32.exe]
ModuleName : C:\Programmer\Microsoft Hardware\Mouse\point32.exe
Command Line : "C:\Programmer\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 1584
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
#:23 [seeve.exe]
ModuleName : C:\WINDOWS\seeve.exe
Command Line : "C:\WINDOWS\seeve.exe"
ProcessID : 1684
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 6.04
ProductVersion : 6.04
ProductName : pop64
CompanyName : Network1
InternalName : seeve
OriginalFilename : seeve.exe
#:24 [msnmsgr.exe]
ModuleName : C:\Programmer\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 1708
ThreadCreationTime : 04-05-2005 18:24:07
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:25 [ldljaog.exe]
ModuleName : c:\windows\system32\ldljaog.exe
Command Line : "c:\windows\system32\ldljaog.exe" jxyzvda
ProcessID : 1740
ThreadCreationTime : 04-05-2005 18:24:08
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:26 [hpgs2wnf.exe]
ModuleName : C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 1896
ThreadCreationTime : 04-05-2005 18:24:08
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:27 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 400
ThreadCreationTime : 04-05-2005 18:24:13
BasePriority : Normal
#:28 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 628
ThreadCreationTime : 04-05-2005 18:24:16
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:29 [hphipm11.exe]
ModuleName : C:\WINDOWS\system32\HPHipm11.exe
Command Line : C:\WINDOWS\system32\HPHipm11.exe
ProcessID : 1552
ThreadCreationTime : 04-05-2005 18:24:17
BasePriority : Normal
FileVersion : 4, 5, 0, 770
ProductVersion : 4, 5, 0, 770
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:30 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 1596
ThreadCreationTime : 04-05-2005 18:24:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:31 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2108
ThreadCreationTime : 04-05-2005 18:24:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:32 [ad-aware.exe]
ModuleName : C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2544
ThreadCreationTime : 04-05-2005 18:24:24
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:33 [iexplore.exe]
ModuleName : C:\Programmer\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Programmer\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3044
ThreadCreationTime : 04-05-2005 18:25:24
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : IEXPLORE.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-448539723-1336601894-725345543-1005\software\lq
Value : AC
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : media-motor.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : media-motor.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : media-motor.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
Value : *
Trusted zone presumably compromised : popuppers.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : popuppers.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : popuppers.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com
Value : *
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 6
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jens asbjø[email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jens asbjø[email protected]/
Expires : 05-05-2005 20:34:20
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 13
20:38:41 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:48.62
Objects scanned:106427
Objects identified:13
Objects ignored:0
New critical objects:13