Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannot remove three files

Started by tsuretie57 , May 21 2005 03:37 AM

  • This topic is locked This topic is locked

#16
Guest_Andy_veal_*
Posted 24 May 2005 - 03:01 PM

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R47 24.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

Advertisements

#17
tsuretie57
Posted 25 May 2005 - 10:26 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok Andy

yes, i must had two versions, so we can restart the game now, i suppose?



Ad-Aware SE Build 1.05
Logfile Created on:woensdag 25 mei 2005 18:16:39
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search(TAC index:3):19 total references
Instafinder(TAC index:4):4 total references
iSearch Toolbar(TAC index:3):45 total references
istbar(TAC index:7):35 total references
Other(TAC index:5):4 total references
Win32.Trojan.Agent.bi(TAC index:6):63 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-5-2005 18:16:39 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 336
ThreadCreationTime : 25-5-2005 16:07:10
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 384
ThreadCreationTime : 25-5-2005 16:07:11
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 408
ThreadCreationTime : 25-5-2005 16:07:11
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 25-5-2005 16:07:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 25-5-2005 16:07:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 25-5-2005 16:07:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 660
ThreadCreationTime : 25-5-2005 16:07:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 776
ThreadCreationTime : 25-5-2005 16:07:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 25-5-2005 16:07:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 960
ThreadCreationTime : 25-5-2005 16:07:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 25-5-2005 16:07:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 25-5-2005 16:07:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\


"C:\WINDOWS\System32\RunDll32.exe"Process terminated successfully

#:13 [desktop.exe]
FilePath : C:\WINDOWS\isrvs\
ProcessID : 1184
ThreadCreationTime : 25-5-2005 16:07:14
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\desktop.exe)

iSearch Toolbar Object Recognized!
Type : Process
Data : desktop.exe
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search

"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully
"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully

#:14 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1200
ThreadCreationTime : 25-5-2005 16:07:14
BasePriority : Normal


#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1428
ThreadCreationTime : 25-5-2005 16:07:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1444
ThreadCreationTime : 25-5-2005 16:07:20
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 280
ThreadCreationTime : 25-5-2005 16:10:09
BasePriority : Normal

Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\


"C:\Program Files\Mozilla Firefox\firefox.exe"Process terminated successfully

#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 848
ThreadCreationTime : 25-5-2005 16:15:43
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}
Value :

iSearch Toolbar Object Recognized!
Type : File
Data : mfiltis.dll
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Desktop Search"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Desktop Search

iSearch Toolbar Object Recognized!
Type : File
Data : desktop.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search


iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ffis"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ffis

iSearch Toolbar Object Recognized!
Type : File
Data : ffisearch.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value :

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value : CLSID

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0002417.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP14\



begin2search Object Recognized!
Type : File
Data : A0011117.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0011132.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012477.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012478.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012480.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012482.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012487.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012490.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012498.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012500.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012501.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012504.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012509.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012515.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012518.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012525.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012527.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012532.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012546.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012547.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012552.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012554.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012555.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012558.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012560.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012562.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012564.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012577.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012581.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012582.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012587.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012601.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013025.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013029.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013033.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013073.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013074.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013078.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013098.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013099.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013102.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013103.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013107.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013108.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013111.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013112.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013114.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013115.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013117.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013118.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013119.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013120.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013124.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013127.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013129.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013130.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013131.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013135.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013136.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013137.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013138.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013139.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013140.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013154.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013155.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013159.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013215.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013216.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013220.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0014698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0014709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0015699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0015700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0015703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0016699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0016701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0016704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0018699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0018706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0019699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0019700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021755.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021756.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021908.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0022910.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0022916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0022917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0023911.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0023913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0024913.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0024916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0025910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0027342.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027343.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027349.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027580.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0028259.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0028260.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029237.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029238.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0030924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0030925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0031928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0031929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0032991.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032992.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032996.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0034060.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034061.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034065.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0036522.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036523.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0037585.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0037586.exe
Category : Malware
  • 0

#18
Guest_Andy_veal_*
Posted 25 May 2005 - 11:02 AM

Guest_Andy_veal_*
  • Guest
Hello there

Please could you complete your current logfile

Please could you find the rest of your logfile and complete posting it here.
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#19
tsuretie57
Posted 25 May 2005 - 11:37 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ad-Aware SE Build 1.05
Logfile Created on:woensdag 25 mei 2005 19:10:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search(TAC index:3):20 total references
Instafinder(TAC index:4):4 total references
iSearch Toolbar(TAC index:3):44 total references
istbar(TAC index:7):35 total references
Other(TAC index:5):4 total references
Win32.Trojan.Agent.bi(TAC index:6):63 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-5-2005 19:10:05 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 25-5-2005 16:32:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 956
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:14 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\


"C:\WINDOWS\System32\RunDll32.exe"Process terminated successfully

#:15 [desktop.exe]
FilePath : C:\WINDOWS\isrvs\
ProcessID : 1440
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\desktop.exe)

iSearch Toolbar Object Recognized!
Type : Process
Data : desktop.exe
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search

"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully
"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully

#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1456
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal


#:17 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1976
ThreadCreationTime : 25-5-2005 17:09:29
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}
Value :

iSearch Toolbar Object Recognized!
Type : File
Data : mfiltis.dll
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Desktop Search"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Desktop Search

iSearch Toolbar Object Recognized!
Type : File
Data : desktop.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search


iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ffis"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ffis

iSearch Toolbar Object Recognized!
Type : File
Data : ffisearch.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value :

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value : CLSID

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0002417.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP14\



begin2search Object Recognized!
Type : File
Data : A0011117.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0011132.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012477.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012478.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012480.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012482.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012487.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012490.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012498.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012500.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012501.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012504.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012509.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012515.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012518.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012525.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012527.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012532.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012546.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012547.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012552.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012554.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012555.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012558.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012560.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012562.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012564.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012577.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012581.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012582.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012587.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012601.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013025.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013029.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013033.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013073.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013074.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013078.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013098.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013099.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013102.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013103.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013107.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013108.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013111.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013112.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013114.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013115.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013117.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013118.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013119.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013120.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013124.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013127.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013129.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013130.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013131.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013135.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013136.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013137.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013138.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013139.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013140.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013154.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013155.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013159.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013215.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013216.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013220.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0014698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0014709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0015699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0015700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0015703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0016699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0016701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0016704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0018699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0018706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0019699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0019700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021755.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021756.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021908.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0022910.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0022916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0022917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0023911.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0023913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0024913.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0024916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0025910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0027342.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027343.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027349.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027580.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0028259.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0028260.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029237.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029238.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0030924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0030925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0031928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0031929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0032991.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032992.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032996.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0034060.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034061.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034065.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0036522.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036523.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0037585.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0037586.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038610.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038611.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}
  • 0

#20
tsuretie57
Posted 25 May 2005 - 11:41 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ad aware
Add-ons
select VX2 cleaner
run tool without connection to internet
gives the understanding log :


Ad-Aware SE Build 1.05
Logfile Created on:woensdag 25 mei 2005 19:10:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search(TAC index:3):20 total references
Instafinder(TAC index:4):4 total references
iSearch Toolbar(TAC index:3):44 total references
istbar(TAC index:7):35 total references
Other(TAC index:5):4 total references
Win32.Trojan.Agent.bi(TAC index:6):63 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-5-2005 19:10:05 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 25-5-2005 16:32:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 956
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:14 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\


"C:\WINDOWS\System32\RunDll32.exe"Process terminated successfully

#:15 [desktop.exe]
FilePath : C:\WINDOWS\isrvs\
ProcessID : 1440
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\desktop.exe)

iSearch Toolbar Object Recognized!
Type : Process
Data : desktop.exe
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search

"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully
"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully

#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1456
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal


#:17 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1976
ThreadCreationTime : 25-5-2005 17:09:29
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}
Value :

iSearch Toolbar Object Recognized!
Type : File
Data : mfiltis.dll
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Desktop Search"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Desktop Search

iSearch Toolbar Object Recognized!
Type : File
Data : desktop.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search


iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ffis"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ffis

iSearch Toolbar Object Recognized!
Type : File
Data : ffisearch.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value :

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value : CLSID

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0002417.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP14\



begin2search Object Recognized!
Type : File
Data : A0011117.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0011132.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012477.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012478.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012480.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012482.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012487.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012490.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012498.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012500.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012501.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012504.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012509.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012515.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012518.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012525.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012527.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012532.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012546.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012547.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012552.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012554.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012555.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012558.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012560.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012562.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012564.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012577.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012581.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012582.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012587.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012601.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013025.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013029.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013033.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013073.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013074.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013078.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013098.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013099.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013102.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013103.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013107.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013108.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013111.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013112.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013114.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013115.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013117.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013118.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013119.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013120.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013124.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013127.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013129.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013130.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013131.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013135.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013136.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013137.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013138.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013139.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013140.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013154.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013155.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013159.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013215.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013216.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013220.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0014698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0014709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0015699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0015700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0015703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0016699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0016701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0016704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0018699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0018706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0019699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0019700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021755.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021756.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021908.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0022910.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0022916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0022917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0023911.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0023913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0024913.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0024916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0025910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0027342.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027343.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027349.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027580.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0028259.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0028260.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029237.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029238.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0030924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0030925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0031928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0031929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0032991.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032992.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032996.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0034060.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034061.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034065.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0036522.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036523.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0037585.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0037586.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038610.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038611.exe
Category : Malware
  • 0

#21
tsuretie57
Posted 25 May 2005 - 12:48 PM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ad-Aware SE Build 1.05
Logfile Created on:woensdag 25 mei 2005 19:10:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search(TAC index:3):20 total references
Instafinder(TAC index:4):4 total references
iSearch Toolbar(TAC index:3):44 total references
istbar(TAC index:7):35 total references
Other(TAC index:5):4 total references
Win32.Trojan.Agent.bi(TAC index:6):63 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


25-5-2005 19:10:05 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 25-5-2005 16:32:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 25-5-2005 16:32:47
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 25-5-2005 16:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 956
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1044
ThreadCreationTime : 25-5-2005 16:32:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 25-5-2005 16:32:50
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:14 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\msdbhk.dll)

iSearch Toolbar Object Recognized!
Type : Process
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\


"C:\WINDOWS\System32\RunDll32.exe"Process terminated successfully

#:15 [desktop.exe]
FilePath : C:\WINDOWS\isrvs\
ProcessID : 1440
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
Warning! iSearch Toolbar Object found in memory(C:\WINDOWS\isrvs\desktop.exe)

iSearch Toolbar Object Recognized!
Type : Process
Data : desktop.exe
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search

"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully
"C:\WINDOWS\isrvs\desktop.exe"Process terminated successfully

#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1456
ThreadCreationTime : 25-5-2005 16:32:51
BasePriority : Normal


#:17 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1976
ThreadCreationTime : 25-5-2005 17:09:29
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{950238FB-C706-4791-8674-4D429F85897E}
Value :

iSearch Toolbar Object Recognized!
Type : File
Data : mfiltis.dll
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Desktop Search"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Desktop Search

iSearch Toolbar Object Recognized!
Type : File
Data : desktop.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search


iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ffis"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : ffis

iSearch Toolbar Object Recognized!
Type : File
Data : ffisearch.exe
Category : Malware
Comment :
Object : c:\windows\isrvs\



iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value :

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINDOWS\isrvs\mfiltis.dll
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html
Value : CLSID

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : File
Data : A0002417.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP14\



begin2search Object Recognized!
Type : File
Data : A0011117.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0011132.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012477.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012478.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012480.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012482.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012487.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012490.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012498.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012500.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012501.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012504.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012509.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012510.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012515.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012518.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012525.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012527.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012532.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012546.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012547.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012552.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012554.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012555.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012558.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012560.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012562.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012564.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012577.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012581.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012582.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012587.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012601.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0012708.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013025.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013029.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013033.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013073.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013074.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013078.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013098.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013099.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013102.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013103.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013107.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013108.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013111.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013112.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013114.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013115.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013117.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013118.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013119.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013120.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013124.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013127.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013129.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013130.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013131.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013135.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013136.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013137.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013138.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013139.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : A0013140.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013154.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013155.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013159.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0013215.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0013216.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0013220.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0014698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0014709.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0015699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0015700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0015703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0016699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0016701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0016704.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0018699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0018706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0019699.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0019700.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021698.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021754.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021755.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021756.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0021908.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0021909.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0021910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0022910.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0022916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0022917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0023911.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0023913.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023914.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0023920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0024913.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0024916.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0024923.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0025910.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0025917.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0027342.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027343.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027349.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0027580.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0028259.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0028260.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029237.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029238.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0029925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0029926.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0030924.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0030925.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0031928.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0031929.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0032991.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032992.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0032996.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0034060.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034061.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0034065.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0036522.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036523.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0036530.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0037585.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0037586.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038610.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : A0038611.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}
  • 0

#22
tsuretie57
Posted 25 May 2005 - 01:12 PM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
iSearch Toolbar Object Recognized!
Type : File
Data : A0038611.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0038612.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



Instafinder Object Recognized!
Type : File
Data : A0038615.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\
FileVersion : 3.0.2.1
ProductVersion : 3.2


iSearch Toolbar Object Recognized!
Type : File
Data : A0038669.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



istbar Object Recognized!
Type : File
Data : A0038670.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



begin2search Object Recognized!
Type : File
Data : A0038675.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



VX2 Object Recognized!
Type : File
Data : A0039323.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP33\



iSearch Toolbar Object Recognized!
Type : File
Data : MFEX-1.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP39\snapshot\



Win32.Trojan.Delprot.a Object Recognized!
Type : File
Data : edmond.exe
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



iSearch Toolbar Object Recognized!
Type : File
Data : msdbhk.dll
Category : Malware
Comment :
Object : C:\WINDOWS\isrvs\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 163


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 163




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Instafinder Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\INSTAFINK

Instafinder Object Recognized!
Type : File
Data : Uninstall.exe
Category : Malware
Comment :
Object : C:\Program Files\instafink\



begin2search Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

begin2search Object Recognized!
Type : File
Data : msxml3.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



begin2search Object Recognized!
Type : File
Data : msxml3r.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 8.20.8730.1
ProductVersion : 8.20.8730.1
ProductName : Microsoft Data Access Components
CompanyName : Microsoft Corporation
FileDescription : XML Resources
InternalName : MSXML3R.dll
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
OriginalFilename : MSXML3R.dll


VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 173

19:14:57 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:51.313
Objects scanned:97068
Objects identified:171
Objects ignored:0
New critical objects:171
  • 0

#23
Guest_Andy_veal_*
Posted 25 May 2005 - 05:03 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R47 24.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#24
tsuretie57
Posted 26 May 2005 - 01:05 PM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ad-Aware SE Build 1.05
Logfile Created on:donderdag 26 mei 2005 20:55:04
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
iSearch Toolbar(TAC index:3):4 total references
Win32.Trojan.Delprot.a(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26-5-2005 20:55:04 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 26-5-2005 18:54:32
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 26-5-2005 18:54:34
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 26-5-2005 18:54:34
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 26-5-2005 18:54:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 26-5-2005 18:54:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 26-5-2005 18:54:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 656
ThreadCreationTime : 26-5-2005 18:54:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 724
ThreadCreationTime : 26-5-2005 18:54:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 26-5-2005 18:54:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 948
ThreadCreationTime : 26-5-2005 18:54:36
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 26-5-2005 18:54:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1144
ThreadCreationTime : 26-5-2005 18:54:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 26-5-2005 18:54:36
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:14 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 26-5-2005 18:54:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1524
ThreadCreationTime : 26-5-2005 18:54:38
BasePriority : Normal


#:16 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1680
ThreadCreationTime : 26-5-2005 18:54:48
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

iSearch Toolbar Object Recognized!
Type : File
Data : A0049413.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP40\



iSearch Toolbar Object Recognized!
Type : File
Data : A0049414.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP40\
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search


iSearch Toolbar Object Recognized!
Type : File
Data : A0049415.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP40\



Win32.Trojan.Delprot.a Object Recognized!
Type : File
Data : A0049416.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP40\



iSearch Toolbar Object Recognized!
Type : File
Data : A0049417.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP40\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

20:59:54 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:49.891
Objects scanned:96806
Objects identified:5
Objects ignored:0
New critical objects:5
  • 0

#25
tsuretie57
Posted 27 May 2005 - 11:35 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i did another try today, but it doesn't fix much, i guess


Ad-Aware SE Build 1.05
Logfile Created on:vrijdag 27 mei 2005 19:26:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-5-2005 19:26:36 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 27-5-2005 17:25:55
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 27-5-2005 17:25:57
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 27-5-2005 17:25:57
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 768
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 27-5-2005 17:25:58
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 968
ThreadCreationTime : 27-5-2005 17:25:59
BasePriority : High
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 27-5-2005 17:25:59
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avwupsrv.exe]
FilePath : C:\Program Files\AVPersonal\
ProcessID : 1104
ThreadCreationTime : 27-5-2005 17:25:59
BasePriority : Normal


#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 27-5-2005 17:26:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1228
ThreadCreationTime : 27-5-2005 17:26:00
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1400
ThreadCreationTime : 27-5-2005 17:26:01
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC3n5tFyl

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : temp.frD65E
Category : Malware
Comment :
Object : C:\Documents and Settings\David\Local Settings\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0050713.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP43\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

19:31:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:46.63
Objects scanned:96726
Objects identified:21
Objects ignored:0
New critical objects:21
  • 0

Advertisements

#26
don77
Posted 27 May 2005 - 07:31 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
  • Please try this process please. It would be worth printing out a copy of the instructions.


  • First please go to http://www.lavasoftu...x2cleaner.shtml . Download and install the VX2 Plug-in as described there, but do not run it yet.


  • Disconnect from the Internet, some VX2 objects can re-install themselves if you are connected.


  • Close all running applications including all Internet Explorer or alternate browser sessions.


  • Run the VX2 cleaner plug-in: In Ad-Aware SE Go to “Add-Ons”, select the VX2 Cleaner plug-in and click “Run Tool”


  • If your computer isn’t infected, click “Close”. If your computer is infected, select “Clean System”


  • Shutdown/restart your computer (do NOT connect to the Internet on re-boot). If Ad-Aware SE is open please close it. Make sure all applications are closed.

    Important: check that your last scan was a "Full System Scan". If not, please select that option and start a scan, cancelling the scan after it starts. The object is to ensure that a full system scan will run in the following step.

    Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)



    "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

    Click OK.

    Note: If you used a different path to the default for installing Ad-Aware SE Pro change the path as appropriate.


  • When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.


  • Please shutdown/restart your computer after removal. Run a new full scan. Do NOT connect to the Internet until completing a new full scan.


  • After the scan is complete, reconnect to the Internet and post the logfile from this latest scan.



    If you have any questions, please don't hesitate to ask. Thank you.

  • 0

#27
tsuretie57
Posted 28 May 2005 - 01:57 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Dear Don,
I already did try this procedure several times and it doesn't solve anything.
I cannot delete C:\Windows\system 32\DrPMon.dll.
Also Aurora keeps popping up.
But i will try it ounce more.
Here is the log.
Ad-Aware SE Build 1.05
Logfile Created on:zaterdag 28 mei 2005 9:45:22
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


28-5-2005 9:45:22 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 28-5-2005 7:44:30
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 380
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 404
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 28-5-2005 7:44:32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 764
ThreadCreationTime : 28-5-2005 7:44:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 792
ThreadCreationTime : 28-5-2005 7:44:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 968
ThreadCreationTime : 28-5-2005 7:44:34
BasePriority : High
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 28-5-2005 7:44:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avwupsrv.exe]
FilePath : C:\Program Files\AVPersonal\
ProcessID : 1104
ThreadCreationTime : 28-5-2005 7:44:34
BasePriority : Normal


#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 28-5-2005 7:44:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1224
ThreadCreationTime : 28-5-2005 7:44:34
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1416
ThreadCreationTime : 28-5-2005 7:44:35
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1715567821-725345543-1003\software\aurora
Value : AUC3n5tFyl

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : temp.fr7ABF
Category : Malware
Comment :
Object : C:\Documents and Settings\David\Local Settings\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0050777.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{499864F0-49B3-46A8-9DD6-1A8B60B6EB01}\RP43\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 21




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

9:47:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:00.140
Objects scanned:77885
Objects identified:21
Objects ignored:0
New critical objects:21
  • 0

#28
don77
Posted 28 May 2005 - 06:08 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK tsuretie57

Lets take a deeper look here,

Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt. Unzip HijackThis into this folder. Launch Hijack This, then press Scan, and press Save Log
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
Most things are harmless and needed so don't make any changes.
post a log here please.
  • 0

#29
tsuretie57
Posted 28 May 2005 - 07:18 AM

tsuretie57

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
here we go :

Logfile of HijackThis v1.99.1
Scan saved at 15:16:23, on 28-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
c:\windows\system32\ebckuik.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_ATMS03.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nso58.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp5544.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O4 - HKLM\..\Run: [Zrgfacb2R] C:\WINDOWS\lhrotjd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [dmzspl] c:\windows\system32\ebckuik.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480SXU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P25 "EPSON Stylus COLOR 480SXU" /O6 "USB001" /M "Stylus COLOR 480SXU"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.addictivetechnologies.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.c4tdownload.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.overpro.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {10282903-509D-379F-6161-6EF962FE9C59} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {11FA73BC-47FE-10D2-E8CD-747236E16F10} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {140DA949-08E6-7C9C-FBF5-54406A80B23B} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c32.cab
O16 - DPF: {224E3C27-1D2E-7A10-4A3C-5E543197960A} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {363D7EEF-73F0-701E-D8B7-501554586ECB} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {429CAEF4-6DC1-4529-FDCC-5B9240B3BB80} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {75C81E9E-BB60-47DD-DB9A-603A06ACC7A4} - http://67.19.178.86/1/rdgBE1742.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
  • 0

#30
don77
Posted 28 May 2005 - 08:58 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Ok tsuretie57. This may take us a couple passes to get it,

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download smitfraud reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

I need you to copy all of the Killbox file paths below and paste them into Notepad.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nso58.dll
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp5544.tmp (file missing)
O4 - HKLM\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O4 - HKLM\..\Run: [Zrgfacb2R] C:\WINDOWS\lhrotjd.exe
O4 - HKLM\..\Run: [dmzspl] c:\windows\system32\ebckuik.exe
O4 - HKCU\..\Run: [System backup] C:\WINDOWS\System32\24ea1200.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A0323FE2-D059-4515-8A36-5D9C484C1B90} - (no file) (HKCU)
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.addictivetechnologies.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.c4tdownload.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.overpro.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {10282903-509D-379F-6161-6EF962FE9C59} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {11FA73BC-47FE-10D2-E8CD-747236E16F10} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {140DA949-08E6-7C9C-FBF5-54406A80B23B} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c32.cab
O16 - DPF: {224E3C27-1D2E-7A10-4A3C-5E543197960A} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {363D7EEF-73F0-701E-D8B7-501554586ECB} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {429CAEF4-6DC1-4529-FDCC-5B9240B3BB80} - http://67.19.178.86/1/rdgBE1742.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {75C81E9E-BB60-47DD-DB9A-603A06ACC7A4} - http://67.19.178.86/1/rdgBE1742.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe



Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP