Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

i don't understand hijack this

Started by martin1955 , May 19 2005 02:39 AM

This topic is locked

#1
martin1955

Posted 19 May 2005 - 02:39 AM

New Member

Member
9 posts

I have the trojan-spy.html.smitfraud.c blue screen, i have just renewed my mcafree virus scan but it has not removed it. I can see people are posting a log but I don't know how to get it or what it is. any help very gratefully received.

#2
Untouchable J

Posted 19 May 2005 - 04:18 AM

Member

Member
10 posts

Morning Martin,

Scan your computer with the free online AV scanners below:

Panda Activescan
Bitdefender online scanner
Trendmicro online scanner

Follow the instructions here: Before posting your Ad-aware logfile....and perform a full system scan with AA. Post your full logfile here for review.

Hijack this is a powerful, yet simple tool to help users identify and remove spyware,adware,hijackers,etc. Users are advised though not remove anything with HJT without expert assistance since removing the wrong item(s) could damage your computer. Me or another expert on here will instruct you where to download and scan with HJT when/if needed....

HTH

-J

#3
martin1955

Posted 24 May 2005 - 02:02 PM

New Member

Topic Starter
Member
9 posts

adaware log file :

Ad-Aware SE Build 1.05
Logfile Created on:24 May 2005 20:44:06
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

24-05-2005 20:30:45 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679

24-05-2005 20:31:54 Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:522240 kb
Available physical memory:281504 kb
Total page file size:1278828 kb
Available on page file:1038992 kb
Total virtual memory:2097024 kb
Available virtual memory:2048364 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects

24-05-2005 20:44:06 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 388
ThreadCreationTime : 24-05-2005 10:40:03
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 436
ThreadCreationTime : 24-05-2005 10:40:04
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 460
ThreadCreationTime : 24-05-2005 10:40:05
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 504
ThreadCreationTime : 24-05-2005 10:40:05
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 516
ThreadCreationTime : 24-05-2005 10:40:05
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 848
ThreadCreationTime : 24-05-2005 10:40:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 872
ThreadCreationTime : 24-05-2005 10:40:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1024
ThreadCreationTime : 24-05-2005 10:40:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1060
ThreadCreationTime : 24-05-2005 10:40:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1160
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1188
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1196
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1336
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1348
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal

#:15 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1384
ThreadCreationTime : 24-05-2005 10:40:07
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1796
ThreadCreationTime : 24-05-2005 10:40:09
BasePriority : High

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 240
ThreadCreationTime : 24-05-2005 10:41:27
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 424
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:19 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 416
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 480
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 616
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:22 [ditask.exe]
ModuleName : C:\Program Files\Eicon\Diva\DiTask.exe
Command Line : "C:\Program Files\Eicon\Diva\DiTask.exe"
ProcessID : 624
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 101-55
ProductVersion : 101-55
ProductName : ditask Application
CompanyName : Eicon Networks Corporation
FileDescription : ditask MFC Application
InternalName : ditask
LegalCopyright : Copyright © 1997-2001
OriginalFilename : ditask.EXE

#:23 [divamon.exe]
ModuleName : C:\Program Files\Eicon\Diva\Divamon.exe
Command Line : "C:\Program Files\Eicon\Diva\Divamon.exe"
ProcessID : 632
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal

#:24 [watch.exe]
ModuleName : C:\Program Files\Eicon\Diva\watch.exe
Command Line : "C:\Program Files\Eicon\Diva\watch.exe"
ProcessID : 640
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 1.00.101-137
ProductVersion : 1.00.101-137
CompanyName : Eicon Networks Corporation
FileDescription : Syslog Daemon
LegalCopyright : Copyright © 2001

#:25 [cgserver.exe]
ModuleName : C:\Program Files\Eicon\Diva\cgserver.exe
Command Line : "C:\Program Files\Eicon\Diva\cgserver.exe"
ProcessID : 648
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : High
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ISDN Security Daemon
CompanyName : Eicon Networks Corporation
FileDescription : ISDN Security Daemon
InternalName : CGServer
LegalCopyright : Copyright © 1997-2001, Eicon Networks Corporation
OriginalFilename : CGServer.EXE

#:26 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 656
ThreadCreationTime : 24-05-2005 10:41:29
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:27 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 668
ThreadCreationTime : 24-05-2005 10:41:30
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:28 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 680
ThreadCreationTime : 24-05-2005 10:41:30
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:29 [aq3hel~1.exe]
ModuleName : C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
Command Line : "C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE" /partner AQ3
ProcessID : 716
ThreadCreationTime : 24-05-2005 10:41:30
BasePriority : Normal
FileVersion : 1.0.0.8
ProductVersion : 1.0.0.8
ProductName : DSDHelper
CompanyName : GAIN Publishing, Inc.
FileDescription : DistSoft Helper Application
InternalName : DSDHelper.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing, Inc.
OriginalFilename : DSDHelper.exe

#:30 [diinfo.exe]
ModuleName : C:\Program Files\Eicon\Diva\diinfo.exe
Command Line : diinfo.exe
ProcessID : 720
ThreadCreationTime : 24-05-2005 10:41:30
BasePriority : Normal
FileVersion : 1.6
ProductVersion : 1.6
ProductName : Eicon Networks DiInfo
CompanyName : Eicon Networks
FileDescription : diinfo
InternalName : diinfo
LegalCopyright : Copyright © 1997-2001
OriginalFilename : diinfo.exe

#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 776
ThreadCreationTime : 24-05-2005 10:41:31
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 960
ThreadCreationTime : 24-05-2005 10:41:32
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 1112
ThreadCreationTime : 24-05-2005 10:41:32
BasePriority : Normal
FileVersion : 1, 3, 0, 1
ProductVersion : 1, 3, 0, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1116
ThreadCreationTime : 24-05-2005 10:41:32
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2264
ThreadCreationTime : 24-05-2005 10:41:42
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:36 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2312
ThreadCreationTime : 24-05-2005 10:41:42
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:37 [waol.exe]
ModuleName : C:\Program Files\AOL 9.0\waol.exe
Command Line : "C:\Program Files\AOL 9.0\waol.exe"
ProcessID : 2408
ThreadCreationTime : 24-05-2005 19:24:58
BasePriority : Normal

#:38 [shellmon.exe]
ModuleName : C:\Program Files\AOL 9.0\shellmon.exe
Command Line : "C:\Program Files\AOL 9.0\shellmon.exe"
ProcessID : 1924
ThreadCreationTime : 24-05-2005 19:25:04
BasePriority : Normal

#:39 [aoltpspd.exe]
ModuleName : C:\Program Files\Common Files\AOL\aoltpspd.exe
Command Line : -p11523 -S256 -s443 -l443 -G"C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\vph.ph" -c1 -Z -H2408
ProcessID : 2996
ThreadCreationTime : 24-05-2005 19:25:06
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : [v1.1-4] On Tue 03/16/2004 21:24:09.18
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3940
ThreadCreationTime : 24-05-2005 19:29:32
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [10a65bef.exe]
ModuleName : C:\DOCUME~1\Owner\LOCALS~1\Temp\10a65bef.exe
Command Line : C:\DOCUME~1\Owner\LOCALS~1\Temp\10a65bef.exe
ProcessID : 3984
ThreadCreationTime : 24-05-2005 19:30:21
BasePriority : Normal

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b599c57e-113a-4488-a5e9-bc552c4f1152}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{145e6fb1-1256-44ed-a336-8bba43373be6}
Value : InprocServer32

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}
Value :

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : instafink.instafink

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : instafink.instafink
Value :

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\video1\dialers

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}

Security iGuard Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services

Security iGuard Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\rex-services
Value : MGuid

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1\dialers

Wink Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\evthtm

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\evthtm
Value : UninstallString

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\evthtm
Value : DisplayName

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\evthtm
Value : DisplayIcon

Wink Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : Info

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : LastWNK

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocTime

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocTime

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 38
Objects found so far: 38

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 12-05-2024 19:07:28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:[email protected]/
Expires : 23-06-2005 20:30:26
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 22-05-2010 20:14:24
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/cgi-bin
Expires : 21-05-2015 20:23:30
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 21-05-2010 20:46:06
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 01-01-2038 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/
Expires : 19-05-2010 21:12:24
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 21-05-2010 20:46:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:38
Value : Cookie:[email protected]/
Expires : 21-05-2006 20:54:16
LastSync : Hits:38
UseCount : 0
Hits : 38

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 19-05-2010 01:00:00
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 21-05-2015 20:25:40
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:15
Value : Cookie:[email protected]/
Expires : 22-06-2009 01:00:00
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 19-05-2008 07:59:28
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@serving-sys[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 01-01-2038 06:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 52

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : File
Data : GAppMgr.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GAppMgr.dll

Claria Object Recognized!
Type : File
Data : GController.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GController.dll

Claria Object Recognized!
Type : File
Data : GIocl.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIocl.dll

Claria Object Recognized!
Type : File
Data : GMTProxy.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMTProxy.dll

Claria Object Recognized!
Type : File
Data : GObjs.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GObjs.dll

Claria Object Recognized!
Type : File
Data : GStoreServer.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStoreServer.dll

Claria Object Recognized!
Type : File
Data : Gtools.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\CMEII\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GTools.dll

Claria Object Recognized!
Type : File
Data : EGGCEngine.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\GMT\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGGCEngine dll

Claria Object Recognized!
Type : File
Data : EGIEProcess.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\GMT\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGIEProcess dll

Claria Object Recognized!
Type : File
Data : EGNSEngine.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\GMT\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGNSEngine dll

Claria Object Recognized!
Type : File
Data : GatorRes.dll
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\GMT\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing

FileDescription : GatorRes Dynamic Link Library
InternalName : GatorRes DLL
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GatorRes DLL

Instafinder Object Recognized!
Type : File
Data : InstaFinderK_inst.exe
Category : Malware
Comment :
Object : C:\Program Files\INSTAFINK\

Instafinder Object Recognized!
Type : File
Data : instafink.dll
Category : Malware
Comment :
Object : C:\Program Files\INSTAFINK\
FileVersion : 3.0.2.1
ProductVersion : 3.2

Instafinder Object Recognized!
Type : File
Data : A0093959.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP196\

AltnetBDE Object Recognized!
Type : File
Data : A0093965.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP196\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 0
ProductName : BDE asmend
CompanyName : BDE
FileDescription : asmend
InternalName : KillASM
LegalCopyright : Copyright © 2003
OriginalFilename : asmend

AltnetBDE Object Recognized!
Type : File
Data : A0093967.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP196\
FileVersion : 1, 0, 0, 114
ProductVersion : 1, 0, 0, 0
ProductName : Peer Points Manager
FileDescription : Peer Points Manager
InternalName : Peer Points Manager
LegalCopyright : Copyright Altnet Inc. © 2002,2003

AltnetBDE Object Recognized!
Type : File
Data : A0093969.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP196\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant bdedetect
CompanyName : Brilliant
FileDescription : bdedetect
InternalName : bdedetect
LegalCopyright : Copyright © 2000
OriginalFilename : bdedetect.dll

AltnetBDE Object Recognized!
Type : File
Data : A0097318.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 1, 0, 0, 114
ProductVersion : 1, 0, 0, 0
ProductName : Peer Points Manager
FileDescription : Peer Points Manager
InternalName : Peer Points Manager
LegalCopyright : Copyright Altnet Inc. © 2002,2003

AltnetBDE Object Recognized!
Type : File
Data : A0097320.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant bdedetect
CompanyName : Brilliant
FileDescription : bdedetect
InternalName : bdedetect
LegalCopyright : Copyright © 2000
OriginalFilename : bdedetect.dll

AltnetBDE Object Recognized!
Type : File
Data : A0097322.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 1, 0, 0, 55
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Sharing Manager
FileDescription : Altnet Sharing Manager
InternalName : ASM
LegalCopyright : Copyright 2003
OriginalFilename : ASM.EXE

AltnetBDE Object Recognized!
Type : File
Data : A0097327.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 1, 2, 4, 3
ProductVersion : 1, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright 2002
OriginalFilename : ADM25.dll

AltnetBDE Object Recognized!
Type : File
Data : A0097328.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 4, 0, 0, 6
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003 Altnet
OriginalFilename : ADM4.dll

AltnetBDE Object Recognized!
Type : File
Data : A0097329.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 4, 0, 0, 5
ProductVersion : 4, 0, 0, 0
ProductName : ADM
CompanyName : Altnet
FileDescription : ADM
InternalName : ADM
LegalCopyright : Copyright © 2003, 2004 Altnet
OriginalFilename : ADM.exe

AltnetBDE Object Recognized!
Type : File
Data : A0097330.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 1, 0, 1, 10
ProductVersion : 1, 0, 0, 0
ProductName : ADMData
CompanyName : Altnet
FileDescription : ADMData
InternalName : ADMData
LegalCopyright : Copyright 1999
OriginalFilename : ADMData.dll

AltnetBDE Object Recognized!
Type : File
Data : A0097331.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP198\
FileVersion : 3, 0, 39, 2
ProductVersion : 3, 0, 0, 0
ProductName : ADMDloader
CompanyName : Altnet
FileDescription : BDEDownloader
InternalName : ADMDloader
LegalCopyright : Copyright © 2001 Altnet
OriginalFilename : ADMDloader.dll

#4
martin1955

Posted 24 May 2005 - 02:06 PM

New Member

Topic Starter
Member
9 posts

#5
Guest_Andy_veal_*

Posted 24 May 2005 - 03:26 PM

Guest

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R47 24.05.2005 * definition file.

Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

#6
martin1955

Posted 02 June 2005 - 03:08 PM

New Member

Topic Starter
Member
9 posts

think i've done things correctly. tx for your help

Ad-Aware SE Build 1.05
Logfile Created on:02 June 2005 21:52:57
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:60 %
Total physical memory:522240 kb
Available physical memory:313148 kb
Total page file size:1278828 kb
Available on page file:1099892 kb
Total virtual memory:2097024 kb
Available virtual memory:2049252 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects

02-06-2005 21:52:57 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 388
ThreadCreationTime : 02-06-2005 20:51:04
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 436
ThreadCreationTime : 02-06-2005 20:51:07
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 460
ThreadCreationTime : 02-06-2005 20:51:08
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 504
ThreadCreationTime : 02-06-2005 20:51:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 516
ThreadCreationTime : 02-06-2005 20:51:08
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 696
ThreadCreationTime : 02-06-2005 20:51:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 720
ThreadCreationTime : 02-06-2005 20:51:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 836
ThreadCreationTime : 02-06-2005 20:51:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 860
ThreadCreationTime : 02-06-2005 20:51:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1152
ThreadCreationTime : 02-06-2005 20:51:09
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1176
ThreadCreationTime : 02-06-2005 20:51:09
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1184
ThreadCreationTime : 02-06-2005 20:51:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1320
ThreadCreationTime : 02-06-2005 20:51:10
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1340
ThreadCreationTime : 02-06-2005 20:51:10
BasePriority : Normal

#:15 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1372
ThreadCreationTime : 02-06-2005 20:51:10
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1808
ThreadCreationTime : 02-06-2005 20:51:11
BasePriority : High

#:17 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[2d0]SUSDSc7453ff8deff964d9cd7205a074c74be
ProcessID : 1900
ThreadCreationTime : 02-06-2005 20:51:56
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:18 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 420
ThreadCreationTime : 02-06-2005 20:52:02
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:19 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 480
ThreadCreationTime : 02-06-2005 20:52:02
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 556
ThreadCreationTime : 02-06-2005 20:52:02
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mcupdate.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe"
ProcessID : 740
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Update Engine
InternalName : mcupdate
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcupdate.exe

#:22 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 748
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:23 [ditask.exe]
ModuleName : C:\Program Files\Eicon\Diva\DiTask.exe
Command Line : "C:\Program Files\Eicon\Diva\DiTask.exe"
ProcessID : 792
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 101-55
ProductVersion : 101-55
ProductName : ditask Application
CompanyName : Eicon Networks Corporation
FileDescription : ditask MFC Application
InternalName : ditask
LegalCopyright : Copyright © 1997-2001
OriginalFilename : ditask.EXE

#:24 [divamon.exe]
ModuleName : C:\Program Files\Eicon\Diva\Divamon.exe
Command Line : "C:\Program Files\Eicon\Diva\Divamon.exe"
ProcessID : 808
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal

#:25 [watch.exe]
ModuleName : C:\Program Files\Eicon\Diva\watch.exe
Command Line : "C:\Program Files\Eicon\Diva\watch.exe"
ProcessID : 844
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 1.00.101-137
ProductVersion : 1.00.101-137
CompanyName : Eicon Networks Corporation
FileDescription : Syslog Daemon
LegalCopyright : Copyright © 2001

#:26 [cgserver.exe]
ModuleName : C:\Program Files\Eicon\Diva\cgserver.exe
Command Line : "C:\Program Files\Eicon\Diva\cgserver.exe"
ProcessID : 896
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : High
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ISDN Security Daemon
CompanyName : Eicon Networks Corporation
FileDescription : ISDN Security Daemon
InternalName : CGServer
LegalCopyright : Copyright © 1997-2001, Eicon Networks Corporation
OriginalFilename : CGServer.EXE

#:27 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 912
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:28 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 920
ThreadCreationTime : 02-06-2005 20:52:03
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:29 [aq3hel~1.exe]
ModuleName : C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
Command Line : "C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE" /partner AQ3
ProcessID : 948
ThreadCreationTime : 02-06-2005 20:52:04
BasePriority : Normal
FileVersion : 1.0.0.8
ProductVersion : 1.0.0.8
ProductName : DSDHelper
CompanyName : GAIN Publishing, Inc.
FileDescription : DistSoft Helper Application
InternalName : DSDHelper.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing, Inc.
OriginalFilename : DSDHelper.exe

#:30 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 960
ThreadCreationTime : 02-06-2005 20:52:04
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 972
ThreadCreationTime : 02-06-2005 20:52:04
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 992
ThreadCreationTime : 02-06-2005 20:52:04
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [diinfo.exe]
ModuleName : C:\Program Files\Eicon\Diva\diinfo.exe
Command Line : diinfo.exe
ProcessID : 1008
ThreadCreationTime : 02-06-2005 20:52:05
BasePriority : Normal
FileVersion : 1.6
ProductVersion : 1.6
ProductName : Eicon Networks DiInfo
CompanyName : Eicon Networks
FileDescription : diinfo
InternalName : diinfo
LegalCopyright : Copyright © 1997-2001
OriginalFilename : diinfo.exe

#:34 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 1024
ThreadCreationTime : 02-06-2005 20:52:05
BasePriority : Normal
FileVersion : 1, 3, 0, 1
ProductVersion : 1, 3, 0, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:35 [sgtray.exe]
ModuleName : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Command Line : "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
ProcessID : 1072
ThreadCreationTime : 02-06-2005 20:52:05
BasePriority : Normal
FileVersion : 1.01.32a
CompanyName : Sonic Solutions
FileDescription : Sonic Update Manager
LegalCopyright : Copyright © 2002 Sonic Solutions

#:36 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1576
ThreadCreationTime : 02-06-2005 20:52:06
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:37 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2236
ThreadCreationTime : 02-06-2005 20:52:13
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:38 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2332
ThreadCreationTime : 02-06-2005 20:52:14
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:39 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 2848
ThreadCreationTime : 02-06-2005 20:52:32
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2988
ThreadCreationTime : 02-06-2005 20:52:41
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\video1\dialers

Wink Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : Info

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : LastWNK

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocTime

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocTime

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 12-05-2024 19:07:28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:167
Value : Cookie:[email protected]/
Expires : 02-07-2005 20:59:58
LastSync : Hits:167
UseCount : 0
Hits : 167

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[2].txt
Category : Data Miner
Comment : Hits:125
Value : Cookie:[email protected]/
Expires : 01-06-2010 09:11:08
LastSync : Hits:125
UseCount : 0
Hits : 125

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:[email protected]/cgi-bin
Expires : 31-05-2015 18:50:14
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 29-05-2005 12:35:52
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:35
Value : Cookie:[email protected]/
Expires : 27-05-2006 22:32:10
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 01-03-2007 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 19-07-2006 09:50:10
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sexlist[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 29-05-2006 04:46:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 29-05-2005 13:45:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@paycounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 31-12-2030 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@qksrv[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 21-05-2010 20:46:06
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 01-01-2038 01:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
Category : Data Miner
Comment : Hits:78
Value : Cookie:[email protected]/
Expires : 27-05-2010 21:27:28
LastSync : Hits:78
UseCount : 0
Hits : 78

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 21-05-2010 20:46:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 29-05-2005 20:45:54
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 01-06-2007 20:16:20
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:[email protected]/
Expires : 21-05-2006 20:54:16
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:72
Value : Cookie:[email protected]/
Expires : 19-05-2010 01:00:00
LastSync : Hits:72
UseCount : 0
Hits : 72

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@maxserving[1].txt
Category : Data Miner
Comment : Hits:25
Value : Cookie:[email protected]/
Expires : 30-05-2015 20:20:52
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:46
Value : Cookie:[email protected]/
Expires : 31-05-2015 18:53:14
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@hitbox[1].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 28-05-2006 19:37:50
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:[email protected]/
Expires : 01-01-2010 01:00:00
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[2].txt
Category : Data Miner
Comment : Hits:52
Value : Cookie:[email protected]/
Expires : 22-06-2009 01:00:00
LastSync : Hits:52
UseCount : 0
Hits : 52

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bravenet[1].txt
Category : Data Miner
Comment : Hits:65
Value : Cookie:[email protected]/
Expires : 26-05-2015 20:14:58
LastSync : Hits:65
UseCount : 0
Hits : 65

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 28-05-2006 19:37:50
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@adviva[1].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 02-05-2010 17:50:12
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:43
Value : Cookie:[email protected]/
Expires : 19-05-2008 07:59:28
LastSync : Hits:43
UseCount : 0
Hits : 43

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@serving-sys[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 01-01-2038 06:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 38

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0110255.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\

Instafinder Object Recognized!
Type : File
Data : A0110256.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 3.0.2.1
ProductVersion : 3.2

Claria Object Recognized!
Type : File
Data : A0110260.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GAppMgr.dll

Claria Object Recognized!
Type : File
Data : A0110261.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GController.dll

Claria Object Recognized!
Type : File
Data : A0110262.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIocl.dll

Claria Object Recognized!
Type : File
Data : A0110263.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMTProxy.dll

Claria Object Recognized!
Type : File
Data : A0110264.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GObjs.dll

Claria Object Recognized!
Type : File
Data : A0110265.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStoreServer.dll

Claria Object Recognized!
Type : File
Data : A0110266.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GTools.dll

Claria Object Recognized!
Type : File
Data : A0110267.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGGCEngine dll

Claria Object Recognized!
Type : File
Data : A0110268.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGIEProcess dll

Claria Object Recognized!
Type : File
Data : A0110269.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGNSEngine dll

Claria Object Recognized!
Type : File
Data : A0110270.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GatorRes Dynamic Link Library
InternalName : GatorRes DLL
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GatorRes DLL

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 51

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
Value : IUG

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netscape\netscape navigator\viewers
Value : TYPE33

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : CfgID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : ConfigCode

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : ClientID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : BarID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : InstallTime

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : LastConfigDown

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : SetupInit

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : InstallReport

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 63

22:01:05 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:07.234
Objects scanned:144546
Objects identified:63
Objects ignored:0
New critical objects:63

#7
Guest_Andy_veal_*

Posted 02 June 2005 - 05:09 PM

Guest

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

Please go to http://www.bleepingc...g/smitfraud.reg and download that file,
Once downloaded, Please run it.
It will ask if you want it to merge with the registry.

Please accept this, You will have to reboot

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

[b]Post a new Ad-aware SE Logfile.

#8
martin1955

Posted 03 June 2005 - 01:03 PM

New Member

Topic Starter
Member
9 posts

hi how do I download killbox the link in your instructions does not work.

tx martin

#9
_Easter_

Posted 03 June 2005 - 01:22 PM

Malware Expert

Member
23 posts

hi how do I download killbox the link in your instructions does not work.

tx martin

We apologize for that inconvenience. This one should work for you.

http://www.downloads...org/KillBox.exe :tazz:

Alternative Download:
http://www.spyware91...ads/KillBox.exe

Edited by _Easter_, 03 June 2005 - 01:25 PM.

#10
Guest_Andy_veal_*

Posted 03 June 2005 - 05:41 PM

Guest

Thank you Easter for resolving this :tazz:

#11
martin1955

Posted 04 June 2005 - 03:06 PM

New Member

Topic Starter
Member
9 posts

hi, i couldn't find any files to delete in explorer and i couldn't find the box in hoster to check, but the rest was ok. tx martin

Ad-Aware SE Build 1.05
Logfile Created on:04 June 2005 21:50:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:62 %
Total physical memory:522240 kb
Available physical memory:322184 kb
Total page file size:1278828 kb
Available on page file:1091508 kb
Total virtual memory:2097024 kb
Available virtual memory:2049316 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects

04-06-2005 21:50:40 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 372
ThreadCreationTime : 04-06-2005 20:10:35
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 436
ThreadCreationTime : 04-06-2005 20:10:37
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 460
ThreadCreationTime : 04-06-2005 20:10:38
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 504
ThreadCreationTime : 04-06-2005 20:10:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 516
ThreadCreationTime : 04-06-2005 20:10:38
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 696
ThreadCreationTime : 04-06-2005 20:10:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 720
ThreadCreationTime : 04-06-2005 20:10:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 832
ThreadCreationTime : 04-06-2005 20:10:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 860
ThreadCreationTime : 04-06-2005 20:10:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1152
ThreadCreationTime : 04-06-2005 20:10:40
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1176
ThreadCreationTime : 04-06-2005 20:10:40
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1184
ThreadCreationTime : 04-06-2005 20:10:40
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1328
ThreadCreationTime : 04-06-2005 20:10:41
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1340
ThreadCreationTime : 04-06-2005 20:10:41
BasePriority : Normal

#:15 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1376
ThreadCreationTime : 04-06-2005 20:10:41
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1800
ThreadCreationTime : 04-06-2005 20:10:41
BasePriority : High

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 168
ThreadCreationTime : 04-06-2005 20:10:45
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 308
ThreadCreationTime : 04-06-2005 20:10:46
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:19 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 316
ThreadCreationTime : 04-06-2005 20:10:46
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 396
ThreadCreationTime : 04-06-2005 20:10:47
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 440
ThreadCreationTime : 04-06-2005 20:10:47
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:22 [ditask.exe]
ModuleName : C:\Program Files\Eicon\Diva\DiTask.exe
Command Line : "C:\Program Files\Eicon\Diva\DiTask.exe"
ProcessID : 332
ThreadCreationTime : 04-06-2005 20:10:47
BasePriority : Normal
FileVersion : 101-55
ProductVersion : 101-55
ProductName : ditask Application
CompanyName : Eicon Networks Corporation
FileDescription : ditask MFC Application
InternalName : ditask
LegalCopyright : Copyright © 1997-2001
OriginalFilename : ditask.EXE

#:23 [divamon.exe]
ModuleName : C:\Program Files\Eicon\Diva\Divamon.exe
Command Line : "C:\Program Files\Eicon\Diva\Divamon.exe"
ProcessID : 624
ThreadCreationTime : 04-06-2005 20:10:47
BasePriority : Normal

#:24 [watch.exe]
ModuleName : C:\Program Files\Eicon\Diva\watch.exe
Command Line : "C:\Program Files\Eicon\Diva\watch.exe"
ProcessID : 740
ThreadCreationTime : 04-06-2005 20:10:47
BasePriority : Normal
FileVersion : 1.00.101-137
ProductVersion : 1.00.101-137
CompanyName : Eicon Networks Corporation
FileDescription : Syslog Daemon
LegalCopyright : Copyright © 2001

#:25 [cgserver.exe]
ModuleName : C:\Program Files\Eicon\Diva\cgserver.exe
Command Line : "C:\Program Files\Eicon\Diva\cgserver.exe"
ProcessID : 824
ThreadCreationTime : 04-06-2005 20:10:48
BasePriority : High
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ISDN Security Daemon
CompanyName : Eicon Networks Corporation
FileDescription : ISDN Security Daemon
InternalName : CGServer
LegalCopyright : Copyright © 1997-2001, Eicon Networks Corporation
OriginalFilename : CGServer.EXE

#:26 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 820
ThreadCreationTime : 04-06-2005 20:10:48
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:27 [diinfo.exe]
ModuleName : C:\Program Files\Eicon\Diva\diinfo.exe
Command Line : diinfo.exe
ProcessID : 900
ThreadCreationTime : 04-06-2005 20:10:48
BasePriority : Normal
FileVersion : 1.6
ProductVersion : 1.6
ProductName : Eicon Networks DiInfo
CompanyName : Eicon Networks
FileDescription : diinfo
InternalName : diinfo
LegalCopyright : Copyright © 1997-2001
OriginalFilename : diinfo.exe

#:28 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 928
ThreadCreationTime : 04-06-2005 20:10:48
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:29 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 980
ThreadCreationTime : 04-06-2005 20:10:49
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:30 [aq3hel~1.exe]
ModuleName : C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
Command Line : "C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE" /partner AQ3
ProcessID : 1008
ThreadCreationTime : 04-06-2005 20:10:49
BasePriority : Normal
FileVersion : 1.0.0.8
ProductVersion : 1.0.0.8
ProductName : DSDHelper
CompanyName : GAIN Publishing, Inc.
FileDescription : DistSoft Helper Application
InternalName : DSDHelper.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing, Inc.
OriginalFilename : DSDHelper.exe

#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1012
ThreadCreationTime : 04-06-2005 20:10:49
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1028
ThreadCreationTime : 04-06-2005 20:10:49
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 1056
ThreadCreationTime : 04-06-2005 20:10:49
BasePriority : Normal
FileVersion : 1, 3, 0, 1
ProductVersion : 1, 3, 0, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1212
ThreadCreationTime : 04-06-2005 20:10:50
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2224
ThreadCreationTime : 04-06-2005 20:10:57
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:36 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3140
ThreadCreationTime : 04-06-2005 20:11:44
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 892
ThreadCreationTime : 04-06-2005 20:50:28
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\video1\dialers

Wink Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : Info

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : LastWNK

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DaytimeDocTime

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocID

Wink Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\vinfo\evthtm
Value : DocTime

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0110255.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\

Instafinder Object Recognized!
Type : File
Data : A0110256.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 3.0.2.1
ProductVersion : 3.2

Claria Object Recognized!
Type : File
Data : A0110260.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GAppMgr.dll

Claria Object Recognized!
Type : File
Data : A0110261.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GController.dll

Claria Object Recognized!
Type : File
Data : A0110262.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIocl.dll

Claria Object Recognized!
Type : File
Data : A0110263.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMTProxy.dll

Claria Object Recognized!
Type : File
Data : A0110264.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GObjs.dll

Claria Object Recognized!
Type : File
Data : A0110265.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStoreServer.dll

Claria Object Recognized!
Type : File
Data : A0110266.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GTools.dll

Claria Object Recognized!
Type : File
Data : A0110267.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGGCEngine dll

Claria Object Recognized!
Type : File
Data : A0110268.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGIEProcess dll

Claria Object Recognized!
Type : File
Data : A0110269.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGNSEngine Dynamic Link Library
InternalName : EGNSEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGNSEngine dll

Claria Object Recognized!
Type : File
Data : A0110270.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP231\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GatorRes Dynamic Link Library
InternalName : GatorRes DLL
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GatorRes DLL

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 22

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
Value : IUG

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netscape\netscape navigator\viewers
Value : TYPE33

Instafinder Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : CfgID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : ConfigCode

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : ClientID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : BarID

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : InstallTime

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : LastConfigDown

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : SetupInit

Instafinder Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\instafink
Value : InstallReport

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 34

21:58:33 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:53.781
Objects scanned:139291
Objects identified:34
Objects ignored:0
New critical objects:34

#12
Guest_Andy_veal_*

Posted 04 June 2005 - 05:31 PM

Guest

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.

Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

#13
martin1955

Posted 10 June 2005 - 06:37 PM

New Member

Topic Starter
Member
9 posts

Ad-Aware SE Build 1.05
Logfile Created on:10 June 2005 23:51:22
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:56 %
Total physical memory:522240 kb
Available physical memory:289564 kb
Total page file size:1278828 kb
Available on page file:1076228 kb
Total virtual memory:2097024 kb
Available virtual memory:2049324 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects

10-06-2005 23:51:22 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 380
ThreadCreationTime : 10-06-2005 22:49:59
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 440
ThreadCreationTime : 10-06-2005 22:50:01
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 464
ThreadCreationTime : 10-06-2005 22:50:02
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 508
ThreadCreationTime : 10-06-2005 22:50:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 520
ThreadCreationTime : 10-06-2005 22:50:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 700
ThreadCreationTime : 10-06-2005 22:50:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 724
ThreadCreationTime : 10-06-2005 22:50:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 820
ThreadCreationTime : 10-06-2005 22:50:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 864
ThreadCreationTime : 10-06-2005 22:50:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1156
ThreadCreationTime : 10-06-2005 22:50:03
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1180
ThreadCreationTime : 10-06-2005 22:50:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1188
ThreadCreationTime : 10-06-2005 22:50:03
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1328
ThreadCreationTime : 10-06-2005 22:50:04
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [aolacsd.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
ProcessID : 1340
ThreadCreationTime : 10-06-2005 22:50:04
BasePriority : Normal

#:15 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1372
ThreadCreationTime : 10-06-2005 22:50:04
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1796
ThreadCreationTime : 10-06-2005 22:50:05
BasePriority : High

#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 156
ThreadCreationTime : 10-06-2005 22:50:34
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 300
ThreadCreationTime : 10-06-2005 22:50:37
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:19 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 308
ThreadCreationTime : 10-06-2005 22:50:37
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 324
ThreadCreationTime : 10-06-2005 22:50:37
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [mcupdate.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe"
ProcessID : 364
ThreadCreationTime : 10-06-2005 22:50:37
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Update Engine
InternalName : mcupdate
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcupdate.exe

#:22 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 400
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:23 [ditask.exe]
ModuleName : C:\Program Files\Eicon\Diva\DiTask.exe
Command Line : "C:\Program Files\Eicon\Diva\DiTask.exe"
ProcessID : 444
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 101-55
ProductVersion : 101-55
ProductName : ditask Application
CompanyName : Eicon Networks Corporation
FileDescription : ditask MFC Application
InternalName : ditask
LegalCopyright : Copyright © 1997-2001
OriginalFilename : ditask.EXE

#:24 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 560
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:25 [divamon.exe]
ModuleName : C:\Program Files\Eicon\Diva\Divamon.exe
Command Line : "C:\Program Files\Eicon\Diva\Divamon.exe"
ProcessID : 744
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal

#:26 [watch.exe]
ModuleName : C:\Program Files\Eicon\Diva\watch.exe
Command Line : "C:\Program Files\Eicon\Diva\watch.exe"
ProcessID : 784
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 1.00.101-137
ProductVersion : 1.00.101-137
CompanyName : Eicon Networks Corporation
FileDescription : Syslog Daemon
LegalCopyright : Copyright © 2001

#:27 [cgserver.exe]
ModuleName : C:\Program Files\Eicon\Diva\cgserver.exe
Command Line : "C:\Program Files\Eicon\Diva\cgserver.exe"
ProcessID : 840
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : High
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ISDN Security Daemon
CompanyName : Eicon Networks Corporation
FileDescription : ISDN Security Daemon
InternalName : CGServer
LegalCopyright : Copyright © 1997-2001, Eicon Networks Corporation
OriginalFilename : CGServer.EXE

#:28 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 836
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 2.6.6.3.UK.53
ProductVersion : 2.6.6.3.UK.53
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:29 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 900
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:30 [aq3hel~1.exe]
ModuleName : C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
Command Line : "C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE" /partner AQ3
ProcessID : 908
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 1.0.0.8
ProductVersion : 1.0.0.8
ProductName : DSDHelper
CompanyName : GAIN Publishing, Inc.
FileDescription : DistSoft Helper Application
InternalName : DSDHelper.exe
LegalCopyright : Copyright © 1999-2004 GAIN Publishing, Inc.
OriginalFilename : DSDHelper.exe

#:31 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 916
ThreadCreationTime : 10-06-2005 22:50:38
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 948
ThreadCreationTime : 10-06-2005 22:50:39
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 956
ThreadCreationTime : 10-06-2005 22:50:39
BasePriority : Normal
FileVersion : 1, 3, 0, 1
ProductVersion : 1, 3, 0, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:34 [sgtray.exe]
ModuleName : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Command Line : "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
ProcessID : 984
ThreadCreationTime : 10-06-2005 22:50:39
BasePriority : Normal
FileVersion : 1.01.32a
CompanyName : Sonic Solutions
FileDescription : Sonic Update Manager
LegalCopyright : Copyright © 2002 Sonic Solutions

#:35 [wtoolsa.exe]
ModuleName : C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
Command Line : "C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"
ProcessID : 1024
ThreadCreationTime : 10-06-2005 22:50:39
BasePriority : Normal

IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\COMMON~1\WinTools\

Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe)

"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully

#:36 [steam.exe]
ModuleName : C:\Program Files\Valve\Steam\Steam.exe
Command Line : "C:\Program Files\Valve\Steam\Steam.exe" -silent
ProcessID : 1084
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:37 [diinfo.exe]
ModuleName : C:\Program Files\Eicon\Diva\diinfo.exe
Command Line : diinfo.exe
ProcessID : 1116
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 1.6
ProductVersion : 1.6
ProductName : Eicon Networks DiInfo
CompanyName : Eicon Networks
FileDescription : diinfo
InternalName : diinfo
LegalCopyright : Copyright © 1997-2001
OriginalFilename : diinfo.exe

#:38 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1448
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:39 [wsup.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WSup.exe
Command Line : "C:\Program Files\Common Files\WinTools\WSup.exe"
ProcessID : 2176
ThreadCreationTime : 10-06-2005 22:50:49
BasePriority : Normal

IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\

Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)

"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully

#:40 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[2d4]SUSDS0b7693b7b3221a4e9f79f7e62d6a52fa
ProcessID : 2260
ThreadCreationTime : 10-06-2005 22:50:50
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2412
ThreadCreationTime : 10-06-2005 22:50:53
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2476
ThreadCreationTime : 10-06-2005 22:50:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:43 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2720
ThreadCreationTime : 10-06-2005 22:51:01
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:44 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2920
ThreadCreationTime : 10-06-2005 22:51:12
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : ICheck

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrjy3ralsr4xz

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkjhn2j

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkbd4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkixw4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : libkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s2jr2bjy4x

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25swrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62lalk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62labd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62laiar2

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3t

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7i

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7iru

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzijyd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlcy4nhm5y

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmin2ym5hx3

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminml3r

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmina4czhijrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : wrxcyir

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlkbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rrihri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5yt

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5y1

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62larbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zrirua

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zriinya

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lk4mh4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkralk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrabd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrari

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrahri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkraja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrl4nyhmin

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrbdlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : n4hk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3rk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzzrwrz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : k25s4ak

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 24irxi

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydmklnr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2lki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2bd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2xhr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zxhr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 28g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2z8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2li

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrmli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrm8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 90
Objects found so far: 92

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-343818398-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Barwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50245"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.websearch...px?tb_id=50245"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 93

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 93

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : File
Data : A0119671.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4D999657-D635-4435-911E-1F4C6D00BBA0}\RP246\

180Solutions Object Recognized!
Type : File
Data : A0119680.exe
Category : Data Miner
Comment

#14
Guest_Andy_veal_*

Posted 12 June 2005 - 02:55 AM

Guest

Hello there

Please could you complete your current logfile

Please could you find the rest of your logfile and complete posting it here.
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems.

Good luck

Andy

#15
martin1955

Posted 14 June 2005 - 03:40 PM

New Member

Topic Starter
Member
9 posts

IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\COMMON~1\WinTools\

Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe)

"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully
"C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe"Process terminated successfully

#:36 [steam.exe]
ModuleName : C:\Program Files\Valve\Steam\Steam.exe
Command Line : "C:\Program Files\Valve\Steam\Steam.exe" -silent
ProcessID : 1084
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:37 [diinfo.exe]
ModuleName : C:\Program Files\Eicon\Diva\diinfo.exe
Command Line : diinfo.exe
ProcessID : 1116
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 1.6
ProductVersion : 1.6
ProductName : Eicon Networks DiInfo
CompanyName : Eicon Networks
FileDescription : diinfo
InternalName : diinfo
LegalCopyright : Copyright © 1997-2001
OriginalFilename : diinfo.exe

#:38 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1448
ThreadCreationTime : 10-06-2005 22:50:40
BasePriority : Normal
FileVersion : 4.5.0.31
ProductVersion : 4.5.0.31
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:39 [wsup.exe]
ModuleName : C:\Program Files\Common Files\WinTools\WSup.exe
Command Line : "C:\Program Files\Common Files\WinTools\WSup.exe"
ProcessID : 2176
ThreadCreationTime : 10-06-2005 22:50:49
BasePriority : Normal

IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\

Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)

"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully

#:40 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[2d4]SUSDS0b7693b7b3221a4e9f79f7e62d6a52fa
ProcessID : 2260
ThreadCreationTime : 10-06-2005 22:50:50
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:41 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2412
ThreadCreationTime : 10-06-2005 22:50:53
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2476
ThreadCreationTime : 10-06-2005 22:50:54
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:43 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 2720
ThreadCreationTime : 10-06-2005 22:51:01
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:44 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2920
ThreadCreationTime : 10-06-2005 22:51:12
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : ICheck

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1960408961-682003330-1003\software\wintools
Value : hrjy3ralsr4xz

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkjhn2j

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkbd4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkixw4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : libkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s2jr2bjy4x

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25swrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62lalk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62labd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62laiar2

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3t

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7i

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7iru

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzijyd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlcy4nhm5y

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmin2ym5hx3

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminml3r

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmina4czhijrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : wrxcyir

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlkbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rrihri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5yt

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5y1

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62larbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zrirua

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zriinya

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lk4mh4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkralk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrabd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrari

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrahri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkraja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrl4nyhmin

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrbdlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : n4hk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3rk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzzrwrz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : k25s4ak

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 24irxi

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydmklnr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2lki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2bd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2xhr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zxhr

IBIS Toolbar Object Recognized!
Type : RegValue