Logfile Created on:Wednesday, May 04, 2005 2:29:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
CoolWebSearch(TAC index:10):96 total references
DSSAgent(TAC index:8):8 total references
PeopleOnPage(TAC index:9):1 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):51 total references
VX2(TAC index:10):16 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R38 11.04.2005
Internal build : 45
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 458867 Bytes
Total size : 1387485 Bytes
Signature data size : 1357114 Bytes
Reference data size : 29859 Bytes
Signatures total : 38669
Fingerprints total : 783
Fingerprints size : 29483 Bytes
Target categories : 15
Target families : 648
5-4-05 2:15:29 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
5-4-05 2:20:32 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:64928 kb
Available physical memory:580 kb
Total page file size:2032220 kb
Available on page file:1876184 kb
Total virtual memory:2093056 kb
Available virtual memory:2044864 kb
OS:Microsoft Windows 98 SE
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-4-05 2:29:14 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293861603
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294923379
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294925419
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294930143
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:5 [SYSHO32.EXE]
ModuleName : C:\WINDOWS\SYSHO32.EXE
Command Line : C:\WINDOWS\SYSHO32.EXE /s
ProcessID : 4294892171
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : SYSHO32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSHO32.EXE)
"C:\WINDOWS\SYSHO32.EXE"Process terminated successfully
#:6 [NETUT.EXE]
ModuleName : C:\WINDOWS\NETUT.EXE
Command Line : C:\WINDOWS\NETUT.EXE /s
ProcessID : 4294894223
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : NETUT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\NETUT.EXE)
"C:\WINDOWS\NETUT.EXE"Process terminated successfully
#:7 [NTJF.EXE]
ModuleName : C:\WINDOWS\SYSTEM\NTJF.EXE
Command Line : C:\WINDOWS\SYSTEM\NTJF.EXE /s
ProcessID : 4294896647
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : NTJF.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\NTJF.EXE)
"C:\WINDOWS\SYSTEM\NTJF.EXE"Process terminated successfully
#:8 [D3IS32.EXE]
ModuleName : C:\WINDOWS\D3IS32.EXE
Command Line : C:\WINDOWS\D3IS32.EXE /s
ProcessID : 4294899331
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : D3IS32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\D3IS32.EXE)
"C:\WINDOWS\D3IS32.EXE"Process terminated successfully
#:9 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294836443
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:10 [WINLC32.EXE]
ModuleName : C:\WINDOWS\WINLC32.EXE
Command Line : C:\WINDOWS\WINLC32.EXE /s
ProcessID : 4294838311
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : WINLC32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\WINLC32.EXE)
"C:\WINDOWS\WINLC32.EXE"Process terminated successfully
#:11 [APICL32.EXE]
ModuleName : C:\WINDOWS\APICL32.EXE
Command Line : C:\WINDOWS\APICL32.EXE /s
ProcessID : 4294841067
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : APICL32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\APICL32.EXE)
"C:\WINDOWS\APICL32.EXE"Process terminated successfully
#:12 [WINCD32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WINCD32.EXE
Command Line : C:\WINDOWS\SYSTEM\WINCD32.EXE /s
ProcessID : 4294850347
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : WINCD32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\WINCD32.EXE)
"C:\WINDOWS\SYSTEM\WINCD32.EXE"Process terminated successfully
#:13 [WINZM.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WINZM.EXE
Command Line : C:\WINDOWS\SYSTEM\WINZM.EXE /s
ProcessID : 4294862479
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : WINZM.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\WINZM.EXE)
"C:\WINDOWS\SYSTEM\WINZM.EXE"Process terminated successfully
#:14 [CRBV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CRBV.EXE
Command Line : C:\WINDOWS\SYSTEM\CRBV.EXE /s
ProcessID : 4294847395
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : CRBV.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\CRBV.EXE)
"C:\WINDOWS\SYSTEM\CRBV.EXE"Process terminated successfully
#:15 [CRUT.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CRUT.EXE
Command Line : C:\WINDOWS\SYSTEM\CRUT.EXE /s
ProcessID : 4294808259
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : CRUT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\CRUT.EXE)
"C:\WINDOWS\SYSTEM\CRUT.EXE"Process terminated successfully
#:16 [NTCR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\NTCR.EXE
Command Line : C:\WINDOWS\SYSTEM\NTCR.EXE /s
ProcessID : 4294812023
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : NTCR.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\NTCR.EXE)
"C:\WINDOWS\SYSTEM\NTCR.EXE"Process terminated successfully
#:17 [IPLU.EXE]
ModuleName : C:\WINDOWS\SYSTEM\IPLU.EXE
Command Line : C:\WINDOWS\SYSTEM\IPLU.EXE /s
ProcessID : 4294812903
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : IPLU.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\IPLU.EXE)
"C:\WINDOWS\SYSTEM\IPLU.EXE"Process terminated successfully
#:18 [SYSWW.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSWW.EXE
Command Line : C:\WINDOWS\SYSTEM\SYSWW.EXE /s
ProcessID : 4294817115
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : SYSWW.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\SYSWW.EXE)
"C:\WINDOWS\SYSTEM\SYSWW.EXE"Process terminated successfully
#:19 [MSRZ32.EXE]
ModuleName : C:\WINDOWS\MSRZ32.EXE
Command Line : C:\WINDOWS\MSRZ32.EXE /s
ProcessID : 4294818467
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : MSRZ32.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\MSRZ32.EXE)
"C:\WINDOWS\MSRZ32.EXE"Process terminated successfully
#:20 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294825543
Threads : 3
Priority : Normal
FileVersion : 4.71.1959.1
ProductVersion : 4.71.1959.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:21 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294825219
Threads : 18
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:22 [SDKHO.EXE]
ModuleName : C:\WINDOWS\SDKHO.EXE
Command Line : "C:\WINDOWS\SDKHO.EXE"
ProcessID : 4294746023
Threads : 5
Priority : Normal
#:23 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294751279
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:24 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 92
ProcessID : 4294658111
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:25 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294769611
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:26 [HH.EXE]
ModuleName : C:\WINDOWS\HH.EXE
Command Line : n/a
ProcessID : 4294595423
Threads : 6
Priority : Normal
FileVersion : 5.2.3644.0
ProductVersion : 5.2.3644.0
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.4
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe
#:27 [NTJF.EXE]
ModuleName : C:\WINDOWS\SYSTEM\NTJF.EXE
Command Line : C:\WINDOWS\SYSTEM\NTJF.EXE /s
ProcessID : 4294566139
Threads : 1
Priority : Normal
VX2 Object Recognized!
Type : Process
Data : NTJF.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\NTJF.EXE)
"C:\WINDOWS\SYSTEM\NTJF.EXE"Process terminated successfully
#:28 [JUNO.EXE]
ModuleName : C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
Command Line : "C:\Program Files\Juno\bin\juno.exe"
ProcessID : 4294583467
Threads : 18
Priority : Normal
FileVersion : 5.0.33
ProductVersion : 5.0.33
ProductName : Juno
CompanyName : Juno Online Services, Inc.
FileDescription : Juno
InternalName : juno
LegalCopyright : Copyright © 1995-2001 Juno Online Services, Inc.
OriginalFilename : juno.exe
#:29 [TAPISRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\TAPISRV.EXE
Command Line : tapisrv.exe
ProcessID : 4294488571
Threads : 8
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:30 [RNAAPP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Command Line : rnaapp.exe -l
ProcessID : 4294469167
Threads : 4
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:31 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294491067
Threads : 6
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe
#:32 [MSRZ32.EXE]
ModuleName : C:\WINDOWS\MSRZ32.EXE
Command Line : n/a
ProcessID : 4294313919
Threads : 2
Priority : Normal
#:33 [SYSHO32.EXE]
ModuleName : C:\WINDOWS\SYSHO32.EXE
Command Line : n/a
ProcessID : 4294356787
Threads : 2
Priority : Normal
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1de9ee01-df51-49db-9bdd-5990b35c1c2a}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.startbho
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.startbho
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.startbho.1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.startbho.1
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}
PeopleOnPage Object Recognized!
Type : Regkey
Data : InstID
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\pop
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : ID1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : ID2
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : ID4
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : Next
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : CLSID
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\serg\searchbar
Value : PanelNumber
DSSAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : StorageLocation
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : CobwebInterval
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : ServerURL
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : Active
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : AutolaunchRemoved
DSSAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss
Value : ContentCheckDelay
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\main
Value : HOMEOldSP
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 41
Objects found so far: 56
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-13-06 11:13:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 12-31-09 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 1-1-38 1:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:doug [email protected]/
Expires : 4-26-06 1:38:10 PM
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-28-05 12:30:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@theadvertisingnetwork[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 5-8-05 12:47:54 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@sextracker[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 5-3-05 1:24:26 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 5-2-05 6:24:26 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:doug [email protected]/
Expires : 5-1-05 6:33:18 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-20-05 6:29:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@doubleclick[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:doug [email protected]/
Expires : 5-1-08 1:28:28 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@bfast[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 4-16-25 7:07:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:38
Value : Cookie:doug [email protected]/
Expires : 4-29-06 11:29:04 PM
LastSync : Hits:38
UseCount : 0
Hits : 38
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/cgi-bin
Expires : 2-27-15 7:59:58 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@mediaplex[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 6-21-09 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@qksrv[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 4-24-10 2:12:44 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:doug [email protected]/
Expires : 4-25-05 5:46:24 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 1-1-38 1:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:71
Value : Cookie:doug [email protected]/
Expires : 5-12-24 2:07:28 PM
LastSync : Hits:71
UseCount : 0
Hits : 71
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@sexlist[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 5-2-06 9:43:56 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@bravenet[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 4-17-15 1:45:30 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 4-29-05 6:51:22 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:doug [email protected]/
Expires : 4-19-05 2:32:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:doug [email protected]/
Expires : 4-7-06 3:15:56 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:doug [email protected]/
Expires : 12-31-37 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 4-28-05 12:30:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@paycounter[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:doug [email protected]/
Expires : 12-30-30 9:00:00 PM
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-17-15 8:57:14 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:doug [email protected]/
Expires : 4-25-05 6:53:02 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@2o7[2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:doug [email protected]/
Expires : 4-23-10 6:00:14 PM
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@trafficmp[1].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:doug [email protected]/
Expires : 4-18-06 2:41:22 PM
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-25-05 8:34:46 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 4-25-05 5:46:44 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@apmebf[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:doug [email protected]/
Expires : 4-24-10 2:12:42 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-19-05 7:57:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:doug [email protected]/
Expires : 4-27-06 3:41:00 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@overture[1].txt
Category : Data Miner
Comment : Hits:70
Value : Cookie:doug [email protected]/
Expires : 4-21-15 8:42:30 AM
LastSync : Hits:70
UseCount : 0
Hits : 70
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@centrport[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 12-31-29 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-25-05 6:46:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:doug [email protected]/
Expires : 4-24-35 10:01:20 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@hitbox[2].txt
Category : Data Miner
Comment : Hits:70
Value : Cookie:doug [email protected]/
Expires : 4-29-06 11:29:04 PM
LastSync : Hits:70
UseCount : 0
Hits : 70
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@advertising[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:doug [email protected]/
Expires : 4-30-10 9:57:36 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-30-20 9:59:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:doug [email protected]/
Expires : 5-31-05 9:57:36 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@xxxcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-25-05 6:52:52 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:doug [email protected]/
Expires : 4-25-05 5:46:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 46
Objects found so far: 102
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : sprestrst.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : od-stnd807.exe
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : gpkxq.dat
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : eklkd.log
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : ytutk.dat
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : mmfsz.dat
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : chhnz.log
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : gunsw.txt
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : xkjyo.log
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : windrv.dll
Category : Malware
Comment : scagent core component
Object : c:\WINDOWS\SYSTEM32\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : scagent.exe
Category : Malware
Comment : scagent core component
Object : c:\WINDOWS\SYSTEM32\
CoolWebSearch Object Recognized!
Type : File
Data : EXPLOIT[1].CHM
Category : Malware
Comment :
Object : c:\WINDOWS\Temporary Internet Files\Content.IE5\4XUFK9YF\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : doug sweetser@sextracker[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\doug sweetser@sextracker[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry