Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad-aware troubles at last step [CLOSED]


  • This topic is locked This topic is locked

#1
JuliesPOS

JuliesPOS

    Member

  • Member
  • PipPip
  • 14 posts
Hi,
I've got piles of malicious stuff on my computer (XP, supposedly with Norton's Anti-virus software), and I'm following the steps outlined on the "malware forum," but I can't seem to delete the "critical items" identified by Ad-aware. I've run four scans, and had to restart four times because the program routinely finishes the scan then freezes after I've selected all the items and try to press "Next."

I click on the "Next" button, then the hand-grabber changes into an arrow, but then the program freezes. I can still move the window across my desktop, but I usually have to force quit.

I've found the logs, and the logs are saved and complete, but I don't know how to get rid of the programs identified by Ad-aware

Suggestions, please.
Thank you!

ps
I'm attaching the most recent Ad-aware log

Attached Files


  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Edited by thatman

Edited by thatman, 26 May 2005 - 08:16 AM.

  • 0

#3
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

There are a number of options we can use in this situation. Firstly, please make sure you have the latest definition file: SE1R46 17.05.2005

We highly suggest doing a Disk Defragmentation and follow it with a thorough Check or Scan Disk, depending upon your version of Windows.

You could try scanning in: Safe mode

Another option is to try a command line:
1. Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

2. When the scan has completed, select Next.
3. In the Scanning Results window, select the "Scan Summary" tab.
4. Check the box next to each "target family" you wish to remove.
5. Click next, Click OK.

If you still have a problem, cancel BEFORE the scan reaches the point of stalling -- say after 20 objects are detected. Then click cancel and click on the logfile. Remove any objects you choose and rescan. Again stop the scan before it reaches the point of stalling and remove any additional objects. Then try a full scan without stopping it.

Please let us know how you make out and which option worked.

All the best

Andy
  • 0

#4
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi!
Thanks for your detailed responses.

Unfortunately, the direct running of the program through the Run command didn't work. But I tried a couple of Andy_Veal's suggestions, and the best one was definitely running Ad-Aware on Safe Mode.

Finishing up my Ewido Scan--will post with HJT scan soon.

Thank you!
Julie
  • 0

#5
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi again!

Okay, I've completed all the previous steps from the previous steps from the Malware page, and I installed MS Sp1a because I'm still having malware problems.

I'm running Ewido currently, but I the main problems I have:

1) How very slow my computer is running--programs are taking 30 sec-2 min to open.

2) Takes 5-8 minutes to boot up after restart.

3) There is some sort of program running that is hiding my desktop, I can see my desktop as my taskbar appears at reboot and then as my icons appear on the screen, the desktop goes MS blue and then a strange white box covers up everything behind my icons--I right-clicked and am attaching the .txt of its source code. I cannot access my normal desktop.

Thanks for all your help!
Julie

ps
please find attached:
Ewido Scans (3)
Hijack This (1)
Source txt for weird desktop problem (1)

Attached Files


  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Julie and welcome,

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please download Download CCleaner and install. Close out the program when it has completed set up (Don't run it yet we will use it later on)

Open Ad-aware click on the Check for updates now
Please make sure that you are using the * SE1R47 24.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > Uncheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Please then boot into Safe Mode,

Please see here if you need help on it Safe Mode


To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.


Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here
  • 0

#7
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello again! Okay, followed all previous directions--here is the post-restart scan:

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 26, 2005 1:45:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):257 total references
ImIServer IEPlugin(TAC index:5):2 total references
MicroGaming(TAC index:4):1 total references
MRU List(TAC index:0):34 total references
Possible Browser Hijack attempt(TAC index:3):21 total references
Roings(TAC index:8):6 total references
Tracking Cookie(TAC index:3):1 total references
Win32.Trojan.Agent.bi(TAC index:6):7 total references
VX2(TAC index:10):31 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:24 %
Total physical memory:130548 kb
Available physical memory:30728 kb
Total page file size:314720 kb
Available on page file:128656 kb
Total virtual memory:2097024 kb
Available virtual memory:2048044 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-26-2005 1:45:50 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-26-2005 5:20:50 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 500
ThreadCreationTime : 5-26-2005 5:20:58 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 524
ThreadCreationTime : 5-26-2005 5:20:59 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 568
ThreadCreationTime : 5-26-2005 5:20:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 580
ThreadCreationTime : 5-26-2005 5:20:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 724
ThreadCreationTime : 5-26-2005 5:21:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 772
ThreadCreationTime : 5-26-2005 5:21:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 808
ThreadCreationTime : 5-26-2005 5:21:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 860
ThreadCreationTime : 5-26-2005 5:21:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 928
ThreadCreationTime : 5-26-2005 5:21:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1140
ThreadCreationTime : 5-26-2005 5:21:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1420
ThreadCreationTime : 5-26-2005 5:21:05 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1536
ThreadCreationTime : 5-26-2005 5:21:09 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:14 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1560
ThreadCreationTime : 5-26-2005 5:21:10 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1580
ThreadCreationTime : 5-26-2005 5:21:12 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:16 [pds.exe]
ModuleName : C:\WINDOWS\system32\cba\pds.exe
Command Line : C:\WINDOWS\system32\cba\pds.exe
ProcessID : 1624
ThreadCreationTime : 5-26-2005 5:21:19 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : PDS.EXE

#:17 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1688
ThreadCreationTime : 5-26-2005 5:21:24 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:18 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1836
ThreadCreationTime : 5-26-2005 5:21:32 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:19 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1852
ThreadCreationTime : 5-26-2005 5:21:33 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:20 [ipclient.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
ProcessID : 1860
ThreadCreationTime : 5-26-2005 5:21:34 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe

#:21 [ipmon32.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
ProcessID : 1872
ThreadCreationTime : 5-26-2005 5:21:34 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe

#:22 [netscp.exe]
ModuleName : C:\Program Files\Netscape\Netscape\Netscp.exe
Command Line : "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
ProcessID : 1880
ThreadCreationTime : 5-26-2005 5:21:35 PM
BasePriority : Normal


#:23 [mnyexpr.exe]
ModuleName : C:\Program Files\Microsoft Money\System\mnyexpr.exe
Command Line : "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ProcessID : 1888
ThreadCreationTime : 5-26-2005 5:21:37 PM
BasePriority : Normal
FileVersion : 11.00.0716
ProductVersion : 11.00.0716
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : mnyexpr
LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
OriginalFilename : mnyexpr.exe

#:24 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
ProcessID : 1932
ThreadCreationTime : 5-26-2005 5:21:40 PM
BasePriority : Normal
FileVersion : 2003, 7, 14, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:25 [xfr.exe]
ModuleName : C:\WINDOWS\system32\cba\xfr.exe
Command Line : C:\WINDOWS\system32\cba\xfr.exe
ProcessID : 2040
ThreadCreationTime : 5-26-2005 5:21:43 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : XFR.EXE

#:26 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 252
ThreadCreationTime : 5-26-2005 5:21:52 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:27 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 340
ThreadCreationTime : 5-26-2005 5:21:53 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2160
ThreadCreationTime : 5-26-2005 5:23:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2236
ThreadCreationTime : 5-26-2005 6:45:08 PM
BasePriority : Idle
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3a5stSSChckin

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microgaming

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\intexp
Value : Date

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 31


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : 05p.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
Value : *
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : 05p.com
Trusted zone presumably compromised : clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
Value : *

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 49

MRU List Object Recognized!
Location: : C:\Documents and Settings\Julie Mumford\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit\favorites
Description : registry editor favorites


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : julie mumford@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:julie mumford@cs.sexcounter.com/
Expires : 5-12-2024 1:07:28 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 84



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : A0062693.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062694.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062695.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062696.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062697.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062698.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062699.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062707.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062710.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062711.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062712.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062713.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062714.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062715.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062716.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062717.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062718.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062719.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062720.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062721.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062722.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
  • 0

#8
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Part II:




ImIServer IEPlugin Object Recognized!
Type : File
Data : A0062814.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


CoolWebSearch Object Recognized!
Type : File
Data : A0062815.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062816.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062817.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062818.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062819.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062820.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062821.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062822.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062823.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062824.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062825.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062826.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062827.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062828.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062829.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062830.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062831.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062832.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062833.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062834.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062835.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062836.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062837.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062838.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062839.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062840.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062841.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062842.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062843.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062844.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062845.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062846.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062847.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062848.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062849.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062850.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062851.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062852.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062853.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062854.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062855.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062856.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062857.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062858.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062859.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062860.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062861.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062862.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062863.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062864.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062865.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062866.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062867.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062868.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062869.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062870.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062871.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062872.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062873.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062874.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062875.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062876.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062877.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062878.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062879.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062880.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062881.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062882.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062883.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062884.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062885.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062886.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062887.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062888.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062889.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062890.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062891.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062892.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062893.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062894.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062895.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062896.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062897.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062898.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062899.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062900.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062901.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062902.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062903.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062904.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062905.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062906.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062907.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062908.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062912.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062915.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062918.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062919.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062921.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062922.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062927.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062930.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062931.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062932.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062933.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062934.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062935.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062936.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062937.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062938.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062939.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062940.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062941.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062942.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062943.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



ImIServer IEPlugin Object Recognized!
Type : File
Data : A0062944.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062945.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062946.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062947.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062948.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062949.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062950.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062951.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 343

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\Julie Mumford\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\Julie Mumford\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Julie Mumford\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\DrTemp

Roings Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : IID

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_zesoft

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 360

2:11:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:22.299
Objects scanned:121024
Objects identified:326
Objects ignored:0
New critical objects:326


---Me again, thanks for all your input!
Julie
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
  • Please try this process please. It would be worth printing out a copy of the instructions.


  • First please go to http://www.lavasoftu...x2cleaner.shtml . Download and install the VX2 Plug-in as described there, but do not run it yet.


  • Disconnect from the Internet, some VX2 objects can re-install themselves if you are connected.


  • Close all running applications including all Internet Explorer or alternate browser sessions.


  • Run the VX2 cleaner plug-in: In Ad-Aware SE Go to “Add-Ons”, select the VX2 Cleaner plug-in and click “Run Tool”


  • If your computer isn’t infected, click “Close”. If your computer is infected, select “Clean System”


  • Shutdown/restart your computer (do NOT connect to the Internet on re-boot). If Ad-Aware SE is open please close it. Make sure all applications are closed.

    Important: check that your last scan was a "Full System Scan". If not, please select that option and start a scan, cancelling the scan after it starts. The object is to ensure that a full system scan will run in the following step.

    Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)



    "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

    Click OK.

    Note: If you used a different path to the default for installing Ad-Aware SE Pro change the path as appropriate.


  • When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.


  • Please shutdown/restart your computer after removal. Run a new full scan. Do NOT connect to the Internet until completing a new full scan.


  • After the scan is complete, reconnect to the Internet and post the logfile from this latest scan.



    If you have any questions, please don't hesitate to ask. Thank you.

  • 0

#10
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
And I'm back!

Okay, here's the lastest Ad-Aware Scan:


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 26, 2005 5:00:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):257 total references
ImIServer IEPlugin(TAC index:5):2 total references
MicroGaming(TAC index:4):1 total references
MRU List(TAC index:0):35 total references
Possible Browser Hijack attempt(TAC index:3):21 total references
Roings(TAC index:8):6 total references
Tracking Cookie(TAC index:3):1 total references
Win32.Trojan.Agent.bi(TAC index:6):7 total references
VX2(TAC index:10):31 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:19 %
Total physical memory:130548 kb
Available physical memory:24740 kb
Total page file size:314720 kb
Available on page file:126292 kb
Total virtual memory:2097024 kb
Available virtual memory:2047364 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-26-2005 5:00:22 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Julie Mumford\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit\favorites
Description : registry editor favorites


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 444
ThreadCreationTime : 5-26-2005 9:54:40 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 500
ThreadCreationTime : 5-26-2005 9:54:42 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 524
ThreadCreationTime : 5-26-2005 9:54:43 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 568
ThreadCreationTime : 5-26-2005 9:54:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 580
ThreadCreationTime : 5-26-2005 9:54:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 728
ThreadCreationTime : 5-26-2005 9:54:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-26-2005 9:54:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 844
ThreadCreationTime : 5-26-2005 9:54:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 896
ThreadCreationTime : 5-26-2005 9:54:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1016
ThreadCreationTime : 5-26-2005 9:54:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1296
ThreadCreationTime : 5-26-2005 9:54:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1356
ThreadCreationTime : 5-26-2005 9:54:56 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1536
ThreadCreationTime : 5-26-2005 9:55:02 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:14 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1564
ThreadCreationTime : 5-26-2005 9:55:03 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1580
ThreadCreationTime : 5-26-2005 9:55:05 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:16 [pds.exe]
ModuleName : C:\WINDOWS\system32\cba\pds.exe
Command Line : C:\WINDOWS\system32\cba\pds.exe
ProcessID : 1656
ThreadCreationTime : 5-26-2005 9:55:13 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : PDS.EXE

#:17 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1720
ThreadCreationTime : 5-26-2005 9:55:17 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1724
ThreadCreationTime : 5-26-2005 9:55:17 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:19 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1748
ThreadCreationTime : 5-26-2005 9:55:18 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:20 [ipclient.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
ProcessID : 1780
ThreadCreationTime : 5-26-2005 9:55:19 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe

#:21 [ipmon32.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
ProcessID : 1788
ThreadCreationTime : 5-26-2005 9:55:19 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe

#:22 [netscp.exe]
ModuleName : C:\Program Files\Netscape\Netscape\Netscp.exe
Command Line : "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
ProcessID : 1800
ThreadCreationTime : 5-26-2005 9:55:20 PM
BasePriority : Normal


#:23 [mnyexpr.exe]
ModuleName : C:\Program Files\Microsoft Money\System\mnyexpr.exe
Command Line : "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ProcessID : 1808
ThreadCreationTime : 5-26-2005 9:55:21 PM
BasePriority : Normal
FileVersion : 11.00.0716
ProductVersion : 11.00.0716
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : mnyexpr
LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
OriginalFilename : mnyexpr.exe

#:24 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
ProcessID : 1868
ThreadCreationTime : 5-26-2005 9:55:24 PM
BasePriority : Normal
FileVersion : 2003, 7, 14, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:25 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 168
ThreadCreationTime : 5-26-2005 9:55:36 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:26 [xfr.exe]
ModuleName : C:\WINDOWS\system32\cba\xfr.exe
Command Line : C:\WINDOWS\system32\cba\xfr.exe
ProcessID : 268
ThreadCreationTime : 5-26-2005 9:55:44 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : XFR.EXE

#:27 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 404
ThreadCreationTime : 5-26-2005 9:55:53 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2280
ThreadCreationTime : 5-26-2005 9:58:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +pronuke
ProcessID : 2516
ThreadCreationTime : 5-26-2005 9:59:28 PM
BasePriority : Idle
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUL3a5stSSChckin

MicroGaming Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microgaming

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\intexp
Value : Date

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 66


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : 05p.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : 05p.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
Value : *
Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : 05p.com
Trusted zone presumably compromised : clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : scoobidoo.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
Value : *

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 84


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : julie mumford@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:julie mumford@cs.sexcounter.com/
Expires : 5-12-2024 1:07:28 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 85



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : A0062693.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062694.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062695.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062696.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062697.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062698.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062699.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062707.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062710.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062711.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062712.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062713.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062714.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062715.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062716.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062717.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062718.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062719.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062720.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062721.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062722.exe
Category
  • 0

Advertisements


#11
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
CoolWebSearch Object Recognized!
Type : File
Data : A0062722.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062723.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062724.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062725.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062726.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062727.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062728.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062729.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062730.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062731.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062732.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062733.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062734.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062735.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062736.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062737.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062738.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062739.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062740.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062741.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062742.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062743.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062744.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062745.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062746.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062747.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062748.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062749.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062750.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062751.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062752.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062753.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062754.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062755.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062756.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062757.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062758.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062759.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062760.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062761.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062762.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062763.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062764.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062765.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062766.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062767.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062768.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062769.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062770.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062771.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062772.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062773.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062774.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062775.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062776.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062777.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062778.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062779.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062780.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062781.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062782.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062783.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062784.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062785.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062786.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062787.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062788.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062789.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062790.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062791.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062792.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062793.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062794.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062795.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062796.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062797.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062798.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062799.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062800.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062801.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062802.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062803.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062804.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062805.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062806.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062807.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062808.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062809.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062810.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062811.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062812.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062813.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



ImIServer IEPlugin Object Recognized!
Type : File
Data : A0062814.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


CoolWebSearch Object Recognized!
Type : File
Data : A0062815.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062816.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062817.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062818.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062819.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062820.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062821.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062822.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062823.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062824.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062825.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062826.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062827.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062828.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062829.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062830.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062831.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062832.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062833.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062834.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062835.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062836.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062837.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062838.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062839.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062840.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062841.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062842.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062843.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062844.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062845.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062846.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062847.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062848.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062849.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062850.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062851.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062852.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062853.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062854.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062855.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062856.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062857.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062858.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062859.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062860.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062861.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062862.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062863.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062864.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062865.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062866.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062867.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062868.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062869.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062870.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062871.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062872.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062873.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062874.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062875.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062876.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062877.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062878.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062879.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062880.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062881.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062882.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062883.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062884.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062885.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062886.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062887.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062888.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062889.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062890.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062891.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062892.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062893.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062894.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062895.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062896.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062897.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062898.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062899.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062900.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062901.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062902.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062903.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062904.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062905.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062906.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062907.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062908.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062912.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data
  • 0

#12
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
CoolWebSearch Object Recognized!
Type : File
Data : A0062912.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062915.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062918.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062919.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062921.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062922.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062927.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062930.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062931.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062932.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062933.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062934.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062935.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062936.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062937.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062938.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062939.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062940.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062941.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062942.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062943.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



ImIServer IEPlugin Object Recognized!
Type : File
Data : A0062944.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062945.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062946.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062947.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062948.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062949.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



CoolWebSearch Object Recognized!
Type : File
Data : A0062950.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0062951.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP400\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 344


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 344

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\Julie Mumford\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\Julie Mumford\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Julie Mumford\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\DrTemp

Roings Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : IID

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_zesoft

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : SingleProvider

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 361

5:28:57 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:28:35.396
Objects scanned:113096
Objects identified:326
Objects ignored:0
New critical objects:326

--Thanks!
Julie
  • 0

#13
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello Julie

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please download Download CCleaner and install. Close out the program when it has completed set up (Don't run it yet we will use it later on)

Open Ad-aware click on the Check for updates now
Please make sure that you are using the * SE1R47 24.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > Uncheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Please then boot into Safe Mode,

Please see here if you need help on it Safe Mode


To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)

Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.


Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here
  • 0

#14
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Good morning!

I tried the previous directions last night, but perhaps I am doing something wrong--when I run CCleaner thru Ad-Aware's Add-ons I don't see the option for:

--To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
(Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".--

I am able to deselect the Older than 48 hrs option, but I don't see the option to clean the above directories. Should I be manually cleaning them out myself by deleting their contents? Or should I expect Ad-Aware to assist?

Thanks for your continued help!
Julie
  • 0

#15
JuliesPOS

JuliesPOS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay--I think I've had better luck this time--here's my newest Ad-Aware Scan.

Big thanks!
Julie

Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 27, 2005 10:47:08 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:24 %
Total physical memory:130548 kb
Available physical memory:30912 kb
Total page file size:314720 kb
Available on page file:119320 kb
Total virtual memory:2097024 kb
Available virtual memory:2047256 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-27-2005 10:47:08 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 444
ThreadCreationTime : 5-27-2005 3:38:56 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 500
ThreadCreationTime : 5-27-2005 3:38:59 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 524
ThreadCreationTime : 5-27-2005 3:39:00 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 568
ThreadCreationTime : 5-27-2005 3:39:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 580
ThreadCreationTime : 5-27-2005 3:39:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 728
ThreadCreationTime : 5-27-2005 3:39:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 808
ThreadCreationTime : 5-27-2005 3:39:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 860
ThreadCreationTime : 5-27-2005 3:39:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 932
ThreadCreationTime : 5-27-2005 3:39:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1036
ThreadCreationTime : 5-27-2005 3:39:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1256
ThreadCreationTime : 5-27-2005 3:39:10 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1316
ThreadCreationTime : 5-27-2005 3:39:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1532
ThreadCreationTime : 5-27-2005 3:39:20 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:14 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1556
ThreadCreationTime : 5-27-2005 3:39:21 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1580
ThreadCreationTime : 5-27-2005 3:39:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:16 [pds.exe]
ModuleName : C:\WINDOWS\system32\cba\pds.exe
Command Line : C:\WINDOWS\system32\cba\pds.exe
ProcessID : 1704
ThreadCreationTime : 5-27-2005 3:39:33 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Ping Discovery Service
InternalName : PDS
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : PDS.EXE

#:17 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1736
ThreadCreationTime : 5-27-2005 3:39:35 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1744
ThreadCreationTime : 5-27-2005 3:39:35 PM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:19 [ipclient.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
ProcessID : 1752
ThreadCreationTime : 5-27-2005 3:39:36 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe

#:20 [ipmon32.exe]
ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
ProcessID : 1760
ThreadCreationTime : 5-27-2005 3:39:36 PM
BasePriority : Normal
FileVersion : 5.8.0.13
ProductVersion : 5.8.0.13
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe

#:21 [netscp.exe]
ModuleName : C:\Program Files\Netscape\Netscape\Netscp.exe
Command Line : "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
ProcessID : 1772
ThreadCreationTime : 5-27-2005 3:39:37 PM
BasePriority : Normal


#:22 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1832
ThreadCreationTime : 5-27-2005 3:39:39 PM
BasePriority : Normal
FileVersion : 7.61.00.945
ProductVersion : 7.61.00.945
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:23 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
ProcessID : 1852
ThreadCreationTime : 5-27-2005 3:39:40 PM
BasePriority : Normal
FileVersion : 2003, 7, 14, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:24 [mnyexpr.exe]
ModuleName : C:\Program Files\Microsoft Money\System\mnyexpr.exe
Command Line : "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ProcessID : 1996
ThreadCreationTime : 5-27-2005 3:39:49 PM
BasePriority : Normal
FileVersion : 11.00.0716
ProductVersion : 11.00.0716
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : mnyexpr
LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
OriginalFilename : mnyexpr.exe

#:25 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 172
ThreadCreationTime : 5-27-2005 3:39:58 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:26 [xfr.exe]
ModuleName : C:\WINDOWS\system32\cba\xfr.exe
Command Line : C:\WINDOWS\system32\cba\xfr.exe
ProcessID : 332
ThreadCreationTime : 5-27-2005 3:40:04 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA - Message Resource
InternalName : xfrrc
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : XFR.EXE

#:27 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 504
ThreadCreationTime : 5-27-2005 3:40:22 PM
BasePriority : Normal
FileVersion : 6.12.0.105 E
ProductVersion : 6.12.0.105
ProductName : Intel Common Base Agent
CompanyName : Intel® Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997-2001 Intel® Corporation
LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2180
ThreadCreationTime : 5-27-2005 3:42:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2600
ThreadCreationTime : 5-27-2005 3:46:18 PM
BasePriority : Idle
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora
Value : AUC3n5tFyl

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

11:09:18 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:09.922
Objects scanned:112260
Objects identified:19
Objects ignored:0
New critical objects:19
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP