Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help with aurora etc

Started by cookiebug , May 16 2005 11:13 PM

  • This topic is locked This topic is locked

#1
cookiebug
Posted 16 May 2005 - 11:13 PM

cookiebug

    New Member

  • Member
  • Pip
  • 7 posts
This comp is driving me crazy. Popups, crap auto DL to my comp etc etc. I just installed adaware and OMG what have I done?!!! To be honest I am really computer illiterate when it comes to all the technical stuff, but I would appreciate some help in fixing it please. adaware found 817 critical objects on my laptop, and I dont even know where to start to get rid of them.
here is my log file from 5 minutes ago. TIA


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 17, 2005 12:56:17 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:18 %
Total physical memory:261104 kb
Available physical memory:45316 kb
Total page file size:641836 kb
Available on page file:403788 kb
Total virtual memory:2097024 kb
Available virtual memory:2047636 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-17-2005 12:56:17 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 5-17-2005 4:54:20 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 820
ThreadCreationTime : 5-17-2005 4:54:23 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 5-17-2005 4:54:24 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 5-17-2005 4:54:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 5-17-2005 4:54:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 1060
ThreadCreationTime : 5-17-2005 4:54:27 AM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1092
ThreadCreationTime : 5-17-2005 4:54:27 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1288
ThreadCreationTime : 5-17-2005 4:54:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1532
ThreadCreationTime : 5-17-2005 4:54:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1604
ThreadCreationTime : 5-17-2005 4:54:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1864
ThreadCreationTime : 5-17-2005 4:54:32 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 2040
ThreadCreationTime : 5-17-2005 4:54:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:13 [tp4mon.exe]
ModuleName : C:\WINDOWS\System32\tp4mon.exe
Command Line : "C:\WINDOWS\System32\tp4mon.exe"
ProcessID : 488
ThreadCreationTime : 5-17-2005 4:54:37 AM
BasePriority : Normal
FileVersion : 6.03 (XPClient.010817-1148)
ProductVersion : 6.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Application
InternalName : tp4mon.exe
LegalCopyright : Copyright © IBM Corporation 1996-2000
OriginalFilename : tp4mon.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\System32\tp4mon.exe"Process terminated successfully

#:14 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 516
ThreadCreationTime : 5-17-2005 4:54:37 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"Process terminated successfully

#:15 [mmdiag.exe]
ModuleName : C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 524
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

"C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe"Process terminated successfully

#:16 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 552
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe
Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


#:17 [optimize.exe]
ModuleName : C:\Program Files\Internet Optimizer\optimize.exe
Command Line : "C:\Program Files\Internet Optimizer\optimize.exe"
ProcessID : 608
ThreadCreationTime : 5-17-2005 4:54:38 AM
BasePriority : Normal


DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\Internet Optimizer\


Warning! DyFuCA Object found in memory(C:\Program Files\Internet Optimizer\optimize.exe)

"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully

#:18 [bargains.exe]
ModuleName : C:\Program Files\BullsEye Network\bin\bargains.exe
Command Line : "C:\Program Files\BullsEye Network\bin\bargains.exe"
ProcessID : 664
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\BullsEye Network\bin\bargains.exe"Process terminated successfully

#:19 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 680
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:20 [wtoolsa.exe]
ModuleName : C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Command Line : "C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"
ProcessID : 760
ThreadCreationTime : 5-17-2005 4:54:39 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\COMMON~1\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe)

"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully

#:21 [ap9h4qmo.exe]
ModuleName : C:\WINDOWS\System32\ap9h4qmo.exe
Command Line : "C:\WINDOWS\System32\ap9h4qmo.exe"
ProcessID : 788
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\ap9h4qmo.exe)

SahAgent Object Recognized!
Type : Process
Data : ap9h4qmo.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4

"C:\WINDOWS\System32\ap9h4qmo.exe"Process terminated successfully
"C:\WINDOWS\System32\ap9h4qmo.exe"Process terminated successfully

#:22 [tbps.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPS.exe
Command Line : "C:\PROGRA~1\Toolbar\TBPS.exe"
ProcessID : 980
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:23 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.exe
Command Line : "C:\WINDOWS\System32\RUNDLL32.exe" AUNPS2.DLL,_Run@16
ProcessID : 1188
ThreadCreationTime : 5-17-2005 4:54:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\System32\RUNDLL32.exe"Process terminated successfully

#:24 [ikvrpn.exe]
ModuleName : C:\WINDOWS\System32\ikvrpn.exe
Command Line : "C:\WINDOWS\System32\ikvrpn.exe"
ProcessID : 1204
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal

Warning! VX2 Object found in memory(C:\WINDOWS\System32\ikvrpn.exe)

VX2 Object Recognized!
Type : Process
Data : ikvrpn.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\System32\ikvrpn.exe"Process terminated successfully
"C:\WINDOWS\System32\ikvrpn.exe"Process terminated successfully

#:25 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1248
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal


#:26 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 960
ThreadCreationTime : 5-17-2005 4:54:41 AM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:27 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 1404
ThreadCreationTime : 5-17-2005 4:54:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:28 [tbpssvc.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPSSvc.exe
Command Line : C:\PROGRA~1\Toolbar\TBPSSvc.exe
ProcessID : 956
ThreadCreationTime : 5-17-2005 4:54:43 AM
BasePriority : Normal


#:29 [grevenc.exe]
ModuleName : C:\WINDOWS\GREVENC.EXE
Command Line : "C:\WINDOWS\GREVENC.EXE"
ProcessID : 1568
ThreadCreationTime : 5-17-2005 4:54:44 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe

#:30 [lutlgew.exe]
ModuleName : C:\WINDOWS\system\lutlgew.exe
Command Line : "C:\WINDOWS\system\lutlgew.exe"
ProcessID : 1676
ThreadCreationTime : 5-17-2005 4:54:46 AM
BasePriority : Normal

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\WINDOWS\system\lutlgew.exe"Process terminated successfully

#:31 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\MSMSGS.EXE
Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background
ProcessID : 1724
ThreadCreationTime : 5-17-2005 4:54:47 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\Program Files\Messenger\MSMSGS.EXE"Process terminated successfully

#:32 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 1924
ThreadCreationTime : 5-17-2005 4:54:50 AM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:33 [hhg8xkvz.exe]
ModuleName : C:\WINDOWS\TEMP\hHg8XKvz.exe
Command Line : C:\WINDOWS\TEMP\hHg8XKvz.exe protect
ProcessID : 644
ThreadCreationTime : 5-17-2005 4:54:57 AM
BasePriority : Normal


#:34 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 700
ThreadCreationTime : 5-17-2005 4:54:59 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:35 [pib.exe]
ModuleName : C:\PROGRA~1\Toolbar\PIB.exe
Command Line : C:\PROGRA~1\Toolbar\PIB.exe
ProcessID : 1444
ThreadCreationTime : 5-17-2005 4:55:03 AM
BasePriority : Realtime

Warning! SahAgent Object found in memory(C:\WINDOWS\System32\qh4mkbv9.dll)

SahAgent Object Recognized!
Type : Process
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2

Warning! VX2 Object found in memory(C:\WINDOWS\System32\srtpige.dll)

VX2 Object Recognized!
Type : Process
Data : srtpige.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\


"C:\PROGRA~1\Toolbar\PIB.exe"Process terminated successfully

#:36 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2192
ThreadCreationTime : 5-17-2005 4:55:08 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:37 [wsup.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WSup.exe
Command Line : "C:\Program Files\Common Files\WinTools\WSup.exe"
ProcessID : 3040
ThreadCreationTime : 5-17-2005 4:55:35 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)

"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully

#:38 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[508]SUSDS62b252d3005f6648944122ee073b9fa8
ProcessID : 3672
ThreadCreationTime : 5-17-2005 4:56:01 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 28


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

AdRotator Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}

AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :

EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}

EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2342db04-08ce-4cf6-976d-bd9efa960efb}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2342db04-08ce-4cf6-976d-bd9efa960efb}
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9056a11f-5ea6-4a67-bde9-8d3c7c453dac}
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsdockwindow

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsdockwindow
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsfwbar

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : fizzlebar.clsfwbar
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3116ed38-8599-4261-8f81-f43266ffaaff}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3116ed38-8599-4261-8f81-f43266ffaaff}
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}

FizzleBar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}
Value :

FizzleBar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{549ad254-492d-42b5-8909-34f14348d4bc}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT

Edited by cookiebug, 17 May 2005 - 06:43 AM.

  • 0

Advertisements

#2
prab
Posted 22 May 2005 - 09:38 AM

prab

    Member

  • Member
  • PipPip
  • 61 posts
Sorry for the delayed response. Please finish posting your log file. Some of it was cut off. It make take 3 to 4 posts to fit the whole log. :tazz:

~Prab~
  • 0

#3
cookiebug
Posted 23 May 2005 - 08:40 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is a new log file I just did. as you can see quite a few of the critical objects are now gone. Where they have gone is beyond me though.

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 23, 2005 10:30:47 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:32 %
Total physical memory:261104 kb
Available physical memory:81640 kb
Total page file size:641836 kb
Available on page file:451908 kb
Total virtual memory:2097024 kb
Available virtual memory:2049220 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-23-2005 10:30:47 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 748
ThreadCreationTime : 5-23-2005 2:28:53 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 828
ThreadCreationTime : 5-23-2005 2:28:55 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 5-23-2005 2:28:55 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 5-23-2005 2:28:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 5-23-2005 2:28:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 1056
ThreadCreationTime : 5-23-2005 2:28:56 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1088
ThreadCreationTime : 5-23-2005 2:28:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1236
ThreadCreationTime : 5-23-2005 2:28:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1432
ThreadCreationTime : 5-23-2005 2:28:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1452
ThreadCreationTime : 5-23-2005 2:28:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1884
ThreadCreationTime : 5-23-2005 2:29:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 216
ThreadCreationTime : 5-23-2005 2:29:00 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 264
ThreadCreationTime : 5-23-2005 2:29:01 PM
BasePriority : Normal


#:14 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 284
ThreadCreationTime : 5-23-2005 2:29:01 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 544
ThreadCreationTime : 5-23-2005 2:29:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 660
ThreadCreationTime : 5-23-2005 2:29:01 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [tp4mon.exe]
ModuleName : C:\WINDOWS\System32\tp4mon.exe
Command Line : "C:\WINDOWS\System32\tp4mon.exe"
ProcessID : 712
ThreadCreationTime : 5-23-2005 2:29:07 PM
BasePriority : Normal
FileVersion : 6.03 (XPClient.010817-1148)
ProductVersion : 6.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Application
InternalName : tp4mon.exe
LegalCopyright : Copyright © IBM Corporation 1996-2000
OriginalFilename : tp4mon.exe

#:18 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 740
ThreadCreationTime : 5-23-2005 2:29:07 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 772
ThreadCreationTime : 5-23-2005 2:29:07 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [mmdiag.exe]
ModuleName : C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 800
ThreadCreationTime : 5-23-2005 2:29:08 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:21 [grevenc.exe]
ModuleName : C:\WINDOWS\GREVENC.EXE
Command Line : "C:\WINDOWS\GREVENC.EXE"
ProcessID : 528
ThreadCreationTime : 5-23-2005 2:29:08 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe

#:22 [lutlgew.exe]
ModuleName : C:\WINDOWS\system\lutlgew.exe
Command Line : "C:\WINDOWS\system\lutlgew.exe"
ProcessID : 1172
ThreadCreationTime : 5-23-2005 2:29:08 PM
BasePriority : Normal


#:23 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\MSMSGS.EXE
Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background
ProcessID : 568
ThreadCreationTime : 5-23-2005 2:29:08 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 1340
ThreadCreationTime : 5-23-2005 2:29:08 PM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:25 [rmxrny.exe]
ModuleName : c:\windows\system32\rmxrny.exe
Command Line : "c:\windows\system32\rmxrny.exe" mnxijcf
ProcessID : 1380
ThreadCreationTime : 5-23-2005 2:29:09 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! VX2 Object found in memory(c:\windows\system32\rmxrny.exe)

VX2 Object Recognized!
Type : Process
Data : rmxrny.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

"c:\windows\system32\rmxrny.exe"Process terminated successfully
"c:\windows\system32\rmxrny.exe"Process terminated successfully

#:26 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 2208
ThreadCreationTime : 5-23-2005 2:29:13 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:27 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2828
ThreadCreationTime : 5-23-2005 2:29:41 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:28 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[4d4]SUSDS55f2ec8c78c75c4ca0d82faeab5f296a
ProcessID : 3556
ThreadCreationTime : 5-23-2005 2:29:49 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : explorer.exe
ProcessID : 3992
ThreadCreationTime : 5-23-2005 2:29:55 PM
BasePriority : Realtime
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 3880
ThreadCreationTime : 5-23-2005 2:30:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
Value :

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
Value :

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
Value :

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute
Value :

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1
Value :

AdDestroyer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\addestroyer

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\avenue media

EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\effective-i

EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}

EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : ICheck

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrjy3ralsr4xz

Prutect Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Vendor

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Parameter

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : nextCheck

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Id

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : lastCheck

VirtualBouncer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\vbouncer

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3d5OfSInst

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : DisplayName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : UninstallString

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstallLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundlePackage

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsServer

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsXML

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CookieUserAgent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BrowserType

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleProgress

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : GUID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : ReadyToInstall

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleInstall

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : LSPInstallNeed

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UnInstallRequest

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UnInstallExecute

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 111
Objects found so far: 113


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagesearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchmiracle.com/sp.php"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50162"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.websearch...px?tb_id=50162"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchmiracle.com/sp.php"
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchURLsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "http://searchmiracle.com/sp.php"

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "tpptxad"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : tpptxad

VX2 Object Recognized!
Type : File
Data : rmxrny.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 119


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@atdmt[
  • 0

#4
cookiebug
Posted 23 May 2005 - 08:44 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-16-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 12-31-2099 8:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@revenue[2].txt
Category : Data Miner
Comment : Hits:37
Value : Cookie:[email protected]/
Expires : 6-10-2022 1:05:42 AM
LastSync : Hits:37
UseCount : 0
Hits : 37

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-14-2015 11:35:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-17-2006 9:42:06 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-15-2010 11:32:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@tickle[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-18-2007 10:46:52 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-20-2010 4:52:32 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@adrevolver[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/adrevolver/
Expires : 1-23-2008 6:29:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@targetnet[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-17-2033 11:33:20 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@apmebf[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-20-2010 4:52:10 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@trafficmp[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 5-16-2006 11:43:06 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@zedo[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 5-14-2015 11:34:18 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@casalemedia[1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 5-7-2006 9:12:34 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 5-18-2005 1:01:06 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-17-2006 12:43:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@linksynergy[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-12-2025 12:43:56 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-15-2015 1:01:10 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-16-2008 9:42:42 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@versiontracker[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-17-2007 12:17:24 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 8-28-2008 11:39:50 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@0[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/HTM/412/0
Expires : 5-17-2006 12:24:50 AM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@fastclick[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-17-2007 10:01:10 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 143



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : lsp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


VX2 Object Recognized!
Type : File
Data : ptuthw.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


ImIServer IEPlugin Object Recognized!
Type : File
Data : tdtb.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe

Object "lsp_.dll" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "lsp_.dll" found in this archive.
Object : C:\WINDOWS\Downloaded Program Files\


Object "SAHAgent_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SAHAgent_.exe" found in this archive.
Object : C:\WINDOWS\Downloaded Program Files\


Object "SAHUninstall_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SAHUninstall_.exe" found in this archive.
Object : C:\WINDOWS\Downloaded Program Files\


Object "SahHtml_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SahHtml_.exe" found in this archive.
Object : C:\WINDOWS\Downloaded Program Files\



SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


SahAgent Object Recognized!
Type : File
Data : SAHUninstall_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll

Object "lsp_.dll" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "lsp_.dll" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temp\


Object "SAHAgent_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SAHAgent_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temp\


Object "SAHUninstall_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SAHUninstall_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temp\


Object "SahHtml_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup.cab
Category : Data Miner
Comment : Object "SahHtml_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temp\


Object "lsp_.dll" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup[1].cab
Category : Data Miner
Comment : Object "lsp_.dll" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\H3BB9PCA\


Object "SAHAgent_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup[1].cab
Category : Data Miner
Comment : Object "SAHAgent_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\H3BB9PCA\


Object "SAHUninstall_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup[1].cab
Category : Data Miner
Comment : Object "SAHUninstall_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\H3BB9PCA\


Object "SahHtml_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : bunSetup[1].cab
Category : Data Miner
Comment : Object "SahHtml_.exe" found in this archive.
Object : C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\H3BB9PCA\



Win32.TrojanDowloader.Agent.jq Object Recognized!
Type : File
Data : A0012297.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP58\



VX2 Object Recognized!
Type : File
Data : A0012332.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP58\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 163


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 163




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\Amy\LOCALS~1\Temp\DrTemp

BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



SahAgent Object Recognized!
Type : File
Data : v.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



SahAgent Object Recognized!
Type : File
Data : vg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



SahAgent Object Recognized!
Type : File
Data : bundletracking.asp
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Amy\LOCALS~1\Temp\



SahAgent Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



SahAgent Object Recognized!
Type : File
Data : WEBInstaller.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 1, 1, 34
ProductVersion : 1, 1, 1, 34
ProductName : WEBInstaller Module
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
LegalCopyright : Copyright 2002
OriginalFilename : WEBInstaller.DLL


SahAgent Object Recognized!
Type : File
Data : xmlparse_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



SahAgent Object Recognized!
Type : File
Data : xmltok_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



SahAgent Object Recognized!
Type : File
Data : SahAgent.log
Category : Data Miner
Comment :
Object : c:\



AdDestroyer Object Recognized!
Type : File
Data : PopOops.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 1, 0, 3
ProductVersion : 2, 1, 0, 3
ProductName : PopOops
CompanyName : Shahin Gasanov
FileDescription : PopOops
InternalName : PopOops
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops.dll
Comments : Freeware


AdDestroyer Object Recognized!
Type : File
Data : PopOops2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
ProductName : PopOops2
CompanyName : Shahin Gasanov
FileDescription : PopOops2
InternalName : PopOops2
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops2.dll
Comments : PopOops2


AdDestroyer Object Recognized!
Type : File
Data : SWLAD1.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : PopOops2
CompanyName : Globes
InternalName : SWLAD1
OriginalFilename : SWLAD1.dll


AdDestroyer Object Recognized!
Type : File
Data : SWLAD2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



EffectiveBrandToolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Amy\Start Menu\programs\UCmore - The Search Accelerator

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ACSize

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Roings Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : IID

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\



ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\



ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 62
Objects found so far: 225

10:36:14 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:26.951
Objects scanned:55895
Objects identified:226
Objects ignored:0
New critical objects:226
  • 0

#5
Guest_Andy_veal_*
Posted 23 May 2005 - 09:49 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please only remove Sahagent

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#6
cookiebug
Posted 23 May 2005 - 10:35 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i Have done the above, and here is my new log file. thanks again for the help.

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 23, 2005 12:26:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:36 %
Total physical memory:261104 kb
Available physical memory:93560 kb
Total page file size:641836 kb
Available on page file:481252 kb
Total virtual memory:2097024 kb
Available virtual memory:2049344 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5/23/2005 12:26:13 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 5/23/2005 4:25:25 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 640
ThreadCreationTime : 5/23/2005 4:25:28 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 860
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 892
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 936
ThreadCreationTime : 5/23/2005 4:25:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1112
ThreadCreationTime : 5/23/2005 4:25:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1140
ThreadCreationTime : 5/23/2005 4:25:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 5/23/2005 4:25:33 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1472
ThreadCreationTime : 5/23/2005 4:25:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:13 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1596
ThreadCreationTime : 5/23/2005 4:25:33 PM
BasePriority : Normal


#:14 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1608
ThreadCreationTime : 5/23/2005 4:25:33 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 1648
ThreadCreationTime : 5/23/2005 4:25:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1792
ThreadCreationTime : 5/23/2005 4:25:34 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [tp4mon.exe]
ModuleName : C:\WINDOWS\System32\tp4mon.exe
Command Line : "C:\WINDOWS\System32\tp4mon.exe"
ProcessID : 408
ThreadCreationTime : 5/23/2005 4:25:38 PM
BasePriority : Normal
FileVersion : 6.03 (XPClient.010817-1148)
ProductVersion : 6.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Application
InternalName : tp4mon.exe
LegalCopyright : Copyright © IBM Corporation 1996-2000
OriginalFilename : tp4mon.exe

#:18 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 424
ThreadCreationTime : 5/23/2005 4:25:38 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 444
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [grevenc.exe]
ModuleName : C:\WINDOWS\GREVENC.EXE
Command Line : "C:\WINDOWS\GREVENC.EXE"
ProcessID : 464
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe

#:21 [wupdt.exe]
ModuleName : C:\WINDOWS\wupdt.exe
Command Line : "C:\WINDOWS\wupdt.exe"
ProcessID : 488
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal


#:22 [lutlgew.exe]
ModuleName : C:\WINDOWS\system\lutlgew.exe
Command Line : "C:\WINDOWS\system\lutlgew.exe"
ProcessID : 504
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal


#:23 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\MSMSGS.EXE
Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background
ProcessID : 516
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [mmdiag.exe]
ModuleName : C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 528
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:25 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 536
ThreadCreationTime : 5/23/2005 4:25:39 PM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:26 [moivgmg.exe]
ModuleName : c:\windows\system32\moivgmg.exe
Command Line : "c:\windows\system32\moivgmg.exe" uxckou
ProcessID : 372
ThreadCreationTime : 5/23/2005 4:25:40 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:27 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 1292
ThreadCreationTime : 5/23/2005 4:25:44 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2724
ThreadCreationTime : 5/23/2005 4:25:59 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

AdDestroyer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\addestroyer

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\avenue media

EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\effective-i

EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}

EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : ICheck

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\wintools
Value : hrjy3ralsr4xz

Prutect Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Vendor

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Parameter

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : nextCheck

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : Id

Prutect Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ptech
Value : lastCheck

VirtualBouncer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\vbouncer

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky4S
  • 0

#7
Guest_Andy_veal_*
Posted 23 May 2005 - 10:38 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#8
cookiebug
Posted 23 May 2005 - 10:38 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3d5OfSInst

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 75
Objects found so far: 76


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagesearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchmiracle.com/sp.php"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50162"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.websearch...px?tb_id=50162"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchmiracle.com/sp.php"
Possible Browser Hijack attempt : Software\Microsoft\Internet ExplorerSearchURLsearchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmiracle.com/sp.php"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "http://searchmiracle.com/sp.php"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 80


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5/21/2010 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:[email protected]/
Expires : 12/31/2099 8:00:00 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@revenue[2].txt
Category : Data Miner
Comment : Hits:37
Value : Cookie:[email protected]/
Expires : 6/10/2022 1:05:42 AM
LastSync : Hits:37
UseCount : 0
Hits : 37

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5/14/2015 11:35:02 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5/17/2006 9:42:06 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5/15/2010 11:32:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@tickle[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/18/2007 10:46:52 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6/21/2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5/20/2010 4:52:32 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@adrevolver[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/adrevolver/
Expires : 1/23/2008 6:29:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@targetnet[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/17/2033 11:33:20 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@apmebf[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5/20/2010 4:52:10 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@trafficmp[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5/23/2006 12:14:42 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@zedo[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 5/14/2015 11:34:18 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@casalemedia[1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 5/7/2006 9:12:34 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 5/18/2005 1:01:06 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5/17/2006 12:43:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@linksynergy[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/12/2025 12:43:56 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5/15/2015 1:01:10 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/16/2008 9:42:42 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@versiontracker[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/17/2007 12:17:24 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 8/28/2008 11:39:50 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@0[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/HTM/412/0
Expires : 5/17/2006 12:24:50 AM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amy@fastclick[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5/17/2007 10:01:10 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 104



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


ImIServer IEPlugin Object Recognized!
Type : File
Data : tdtb.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


begin2search Object Recognized!
Type : File
Data : A0008251.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP50\



Win32.TrojanDowloader.Agent.jq Object Recognized!
Type : File
Data : A0012297.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP58\



VX2 Object Recognized!
Type : File
Data : A0012310.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP58\
FileVersion : 1.0.2.4
ProductVersion : 1.0.2.4
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Buddy
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue


VX2 Object Recognized!
Type : File
Data : A0012332.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP58\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0012349.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0012351.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0012354.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


SahAgent Object Recognized!
Type : File
Data : A0012365.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


VX2 Object Recognized!
Type : File
Data : A0012373.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 115


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 115




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\Amy\LOCALS~1\Temp\DrTemp

BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



AdDestroyer Object Recognized!
Type : File
Data : PopOops.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 1, 0, 3
ProductVersion : 2, 1, 0, 3
ProductName : PopOops
CompanyName : Shahin Gasanov
FileDescription : PopOops
InternalName : PopOops
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops.dll
Comments : Freeware


AdDestroyer Object Recognized!
Type : File
Data : PopOops2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
ProductName : PopOops2
CompanyName : Shahin Gasanov
FileDescription : PopOops2
InternalName : PopOops2
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops2.dll
Comments : PopOops2


AdDestroyer Object Recognized!
Type : File
Data : SWLAD1.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : PopOops2
CompanyName : Globes
InternalName : SWLAD1
OriginalFilename : SWLAD1.dll


AdDestroyer Object Recognized!
Type : File
Data : SWLAD2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



EffectiveBrandToolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Amy\Start Menu\programs\UCmore - The Search Accelerator

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ACSize

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7

Roings Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : IID

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\



ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\



ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



begin2search Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\cache32drelkge789AEF5

begin2search Object Recognized!
Type : File
Data : msxml3.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



begin2search Object Recognized!
Type : File
Data : msxml3a.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 8.20.9307.0
ProductVersion : 8.20.9307.0
ProductName : Microsoft XML Core Services
CompanyName : Microsoft Corporation
FileDescription : XML Resources
InternalName : MSXML3A.dll
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
OriginalFilename : MSXML3A.dll


begin2search Object Recognized!
Type : File
Data : msxml3r.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 8.20.8730.1
ProductVersion : 8.20.8730.1
ProductName : Microsoft Data Access Components
CompanyName : Microsoft Corporation
FileDescription : XML Resources
InternalName : MSXML3R.dll
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
OriginalFilename : MSXML3R.dll


begin2search Object Recognized!
Type : File
Data : ISSM0064.DAT
Category : Data Miner
Comment :
Object : C:\WINDOWS\



begin2search Object Recognized!
Type : File
Data : msg.bin
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\cache32drelkge789aef5\



SahAgent Object Recognized!
Type : File
Data : bundletracking.asp
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Amy\LOCALS~1\Temp\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 61
Objects found so far: 176

12:30:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:39.232
Objects scanned:55763
Objects identified:177
Objects ignored:0
New critical objects:177
  • 0

#9
cookiebug
Posted 23 May 2005 - 11:04 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.
Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here.  Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

View Post

ok did all that, and I deleted everything in the summary. rebooted and ran it again, and here is the current log as of now.


Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 23, 2005 12:55:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:40 %
Total physical memory:261104 kb
Available physical memory:102364 kb
Total page file size:641836 kb
Available on page file:472496 kb
Total virtual memory:2097024 kb
Available virtual memory:2049336 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-23-2005 12:55:27 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 5-23-2005 4:54:06 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 640
ThreadCreationTime : 5-23-2005 4:54:09 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 5-23-2005 4:54:09 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 5-23-2005 4:54:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 5-23-2005 4:54:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
ModuleName : C:\WINDOWS\System32\ibmpmsvc.exe
Command Line : C:\WINDOWS\System32\ibmpmsvc.exe
ProcessID : 860
ThreadCreationTime : 5-23-2005 4:54:10 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 892
ThreadCreationTime : 5-23-2005 4:54:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 936
ThreadCreationTime : 5-23-2005 4:54:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1064
ThreadCreationTime : 5-23-2005 4:54:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1092
ThreadCreationTime : 5-23-2005 4:54:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1400
ThreadCreationTime : 5-23-2005 4:54:14 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1456
ThreadCreationTime : 5-23-2005 4:54:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1584
ThreadCreationTime : 5-23-2005 4:54:14 PM
BasePriority : Normal


#:14 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1624
ThreadCreationTime : 5-23-2005 4:54:14 PM
BasePriority : High
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [inetinfo.exe]
ModuleName : C:\WINDOWS\System32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\System32\inetsrv\inetinfo.exe
ProcessID : 1668
ThreadCreationTime : 5-23-2005 4:54:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1808
ThreadCreationTime : 5-23-2005 4:54:15 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [tp4mon.exe]
ModuleName : C:\WINDOWS\System32\tp4mon.exe
Command Line : "C:\WINDOWS\System32\tp4mon.exe"
ProcessID : 192
ThreadCreationTime : 5-23-2005 4:54:18 PM
BasePriority : Normal
FileVersion : 6.03 (XPClient.010817-1148)
ProductVersion : 6.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Application
InternalName : tp4mon.exe
LegalCopyright : Copyright © IBM Corporation 1996-2000
OriginalFilename : tp4mon.exe

#:18 [mm_tray.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
ProcessID : 156
ThreadCreationTime : 5-23-2005 4:54:18 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:19 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 252
ThreadCreationTime : 5-23-2005 4:54:19 PM
BasePriority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:20 [mmdiag.exe]
ModuleName : C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 264
ThreadCreationTime : 5-23-2005 4:54:19 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:21 [grevenc.exe]
ModuleName : C:\WINDOWS\GREVENC.EXE
Command Line : "C:\WINDOWS\GREVENC.EXE"
ProcessID : 332
ThreadCreationTime : 5-23-2005 4:54:19 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe

#:22 [lutlgew.exe]
ModuleName : C:\WINDOWS\system\lutlgew.exe
Command Line : "C:\WINDOWS\system\lutlgew.exe"
ProcessID : 360
ThreadCreationTime : 5-23-2005 4:54:20 PM
BasePriority : Normal


#:23 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\MSMSGS.EXE
Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background
ProcessID : 416
ThreadCreationTime : 5-23-2005 4:54:20 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [reader_sl.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
ProcessID : 456
ThreadCreationTime : 5-23-2005 4:54:20 PM
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:25 [mim.exe]
ModuleName : C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
Command Line : "C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe" -Embedding
ProcessID : 544
ThreadCreationTime : 5-23-2005 4:54:22 PM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:26 [ashwebsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
ProcessID : 1280
ThreadCreationTime : 5-23-2005 4:54:25 PM
BasePriority : Normal


#:27 [ashmaisv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
ProcessID : 1216
ThreadCreationTime : 5-23-2005 4:54:26 PM
BasePriority : Normal


#:28 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[3a8]SUSDS34dbb423cb3c8e4296876af58af510ba
ProcessID : 2944
ThreadCreationTime : 5-23-2005 4:55:02 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3104
ThreadCreationTime : 5-23-2005 4:55:11 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:30 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3244
ThreadCreationTime : 5-23-2005 4:55:19 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
  • 0

#10
cookiebug
Posted 23 May 2005 - 11:05 AM

cookiebug

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aurora
Value : AUC3n5tFyl

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 34
Objects found so far: 34


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0012458.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0012459.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0012460.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0012461.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{BF31C2B4-64FB-4FFA-8C5C-636D2FFA12A0}\RP59\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 38




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38

1:00:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:25.778
Objects scanned:51404
Objects identified:38
Objects ignored:0
New critical objects:38
  • 0

#11
prab
Posted 23 May 2005 - 02:13 PM

prab

    Member

  • Member
  • PipPip
  • 61 posts
Hello, crlyn3 Welcome to the forum try this please!!!

Please follow the steps listed below.

Make sure you are using the latest update for your definitions file.

A. It is suggested that you clean the following directory contents (but not the directory folder). You may use CCleaner to assist with this process. Please download it from here. It should clean these location, but please check them yourself.

Please disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers.

1. C:\Windows\Temp\
2. C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=this will delete all your cached internet content including cookies.
3. C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
4. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
5. C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
6. Empty your " Recycle Bin ".

B. Boot into Safe mode (tap F8 while booting). This is very important. Click here for more information

C. Please run Ad-Aware SE just a bit differently, using the command line below that corresponds to your version of Ad-Aware SE:
Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.
Note: The path above (between the quotes) is the default location of Ad-Aware SE, if this has been changed,
Please adjust it to the location that you have installed it to.

1. Click on the gear to access the Configuration Menu. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion" > Proceed.
2. Perform a “Full system scan.”
3. When the scan has completed, select Next.
4. In the Scanning Results window, select the "Scan Summary" tab.
5. Check the box next to each "target family" you wish to remove.
6. Click next, Click OK.

Please shutdown/restart, reconnect to the internet, and post a new full system logfile as a reply.
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP