Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

crazy pop-ups with aurora..

Started by berm140 , May 22 2005 08:13 AM

  • This topic is locked This topic is locked

#16
berm140
Posted 22 May 2005 - 04:58 PM

berm140

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Jobs Online.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...rk&sstring=job
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Career-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Learn Computers.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...tring=education
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Career-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Relocate.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=employment
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Career-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Resume Help.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=resume
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Career-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : 11 CD's free.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=cd club
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Burn CD's.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...tring=cd burner
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Buy CD's.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...mark&sstring=cd
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Concert Tickets.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=concert
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : MP3 - Get them now!.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=mp3
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Music Downloads.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...=music download
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Music for Free.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=free music
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Free Music-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Buy Movies.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=buy movies
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Video Equipment.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=home video
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movie Downloads.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...=download movie
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movie posters.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=posters
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movie Showtimes.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...movie showtimes
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movies for Rent.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ing=rent movies
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movies on DVD.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=dvd
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Movies Reviews.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=movies
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : VHS.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=vhs
Object : C:\Documents and Settings\Ali\Favorites\-Popular Sites-\-Movies-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Buy it at auction.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=auction
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Computers.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...tring=computers
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Digital Camera.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...digital cameras
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Fine Jewerly.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=jewerly
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Flowers.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=flowers
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Gourmet Foods.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=gourmet
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Holiday & Special Occasion.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=holiday
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Housewares.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=housewares
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Personal Electronics.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ing=electronics
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Specialty Items.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...g=special gifts
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Stereos.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=stereo
Object : C:\Documents and Settings\Ali\Favorites\-Shopping-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : College sports.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...=college sports
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Fantasy Sports.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=betting
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Major League Baseball.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...string=baseball
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Nascar.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=nascar
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : NBA.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=nba
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : NFL.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=nfl
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : NHL.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ark&sstring=nhl
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Bets (18 over +).url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=betting
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Soccer.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=soccer
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sports Merchandise.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...rts merchandise
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : TV Game Schedules.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...string=tv guide
Object : C:\Documents and Settings\Ali\Favorites\-Sports-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Buy Luggage.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=luggage
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cheap travel.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ng=cheap travel
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cruises.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=cruises
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Las Vegas.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...tring=las vegas
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Plan a trip.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...k&sstring=trips
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Save on Car rentals.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...ring=car rental
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Save on Hotels.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...&sstring=hotels
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Save on Plane tickets.url
Category : Misc
Comment : Problematic URL discovered: http://search.search...sstring=tickets
Object : C:\Documents and Settings\Ali\Favorites\-Travel-\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\window restrictions
Value : iexplore.exe

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\DrTemp

VX2 Object Recognized!
Type : File
Data : twaintec.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : twaintec.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : farmmext.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Updater

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Updater2

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

midADdle Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Show_StatusBar
Data : no

midADdle Object Recognized!
Type : Folder
Category : Malware
Comment : Warning!
Object : C:\Program Files\common files\midaddle

midADdle Object Recognized!
Type : File
Data : License_Agreement.txt
Category : Malware
Comment : Warning!
Object : C:\Program Files\common files\midaddle\



midADdle Object Recognized!
Type : File
Data : midaddle.dll
Category : Malware
Comment : Warning!
Object : C:\Program Files\common files\midaddle\
FileVersion : 1.0.0.16
ProductVersion : 1.0.0.16
InternalName : clicks.dll
LegalCopyright : All rights reserved.
OriginalFilename : clicks.dll


midADdle Object Recognized!
Type : File
Data : WildWinTracker.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



DyFuCA Object Recognized!
Type : File
Data : cln3ae.tmp
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



istbar Object Recognized!
Type : File
Data : feghyef.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



istbar Object Recognized!
Type : File
Data : fndwv0b.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



BroadCastPC Object Recognized!
Type : File
Data : i36a.tmp
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



BlazeFind Object Recognized!
Type : File
Data : installer2.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\
FileVersion : 1.0.0.34
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


istbar Object Recognized!
Type : File
Data : istsv_.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



Lycos Sidesearch Object Recognized!
Type : File
Data : lycos_ss.exe
Category : Misc
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



midADdle Object Recognized!
Type : File
Data : midaddle.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



DyFuCA Object Recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



VX2 Object Recognized!
Type : File
Data : polmx.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : poltt.exe
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


Lycos Sidesearch Object Recognized!
Type : File
Data : sepinst.exe
Category : Misc
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



StatBlaster Object Recognized!
Type : File
Data : update_1.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



TopMoxie Object Recognized!
Type : File
Data : webrebates_auto_installsilent.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



WhenU Object Recognized!
Type : File
Data : whenu.exe
Category : Misc
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
ProductName : DownloadApp
CompanyName : WhenU.com, Inc.
FileDescription : DownloadApp
InternalName : DownloadApp
LegalCopyright : Copyright 2000
OriginalFilename : dnldapp.exe


StatBlaster Object Recognized!
Type : File
Data : winwildapp.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\



ClickSpring Object Recognized!
Type : File
Data : wintsvcc.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



ClickSpring Object Recognized!
Type : File
Data : crash.txt
Category : Malware
Comment :
Object : c:\



Rads01.Quadrogram Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr
Data : no

AdRotator Object Recognized!
Type : File
Data : hiwinnager.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\besttoolbars

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\WINDOWS\Downloaded Program Files\ZangoInstaller.dll

Zango Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Zango

Zango Object Recognized!
Type : File
Data : zango.log
Category : Data Miner
Comment :
Object : C:\Program Files\zango\



Zango Object Recognized!
Type : File
Data : zangoau.dat
Category : Data Miner
Comment :
Object : C:\Program Files\zango\



Zango Object Recognized!
Type : File
Data : zango_kyf.dat
Category : Data Miner
Comment :
Object : C:\Program Files\zango\



Zango Object Recognized!
Type : File
Data : Zango.lnk
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Ali\Start Menu\Programs\



Zango Object Recognized!
Type : File
Data : ZangoInstaller.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 5,12,13,0
ProductVersion : 5, 12, 13, 0
ProductName : ZangoInstaller Module
CompanyName : Zango
FileDescription : ZangoInstaller Module
InternalName : ZangoInstaller
LegalCopyright : Copyright© Zango. 2002-2003
OriginalFilename : ZangoInstaller.DLL


Zango Object Recognized!
Type : File
Data : ZangoInstaller.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



Zango Object Recognized!
Type : File
Data : ZangoLib.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



PromulGate Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\pcs

PromulGate Object Recognized!
Type : File
Data : delfinAD.ebd
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\..\application data\pcsvc\



PromulGate Object Recognized!
Type : File
Data : preference.dat
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\..\application data\pcsvc\



PromulGate Object Recognized!
Type : File
Data : init.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\pcs\



WhenU Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\Save

WhenU Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Documents and Settings\Ali\Start Menu\Programs\WhenU

WhenU Object Recognized!
Type : File
Data : Learn More About Save!.url
Category : Misc
Comment :
Object : C:\Documents and Settings\Ali\Start Menu\Programs\whenu\



WhenU Object Recognized!
Type : File
Data : Learn More About SaveNow.url
Category : Misc
Comment :
Object : C:\Documents and Settings\Ali\Start Menu\Programs\whenu\



WhenU Object Recognized!
Type : File
Data : WhenU.com Website.url
Category : Misc
Comment :
Object : C:\Documents and Settings\Ali\Start Menu\Programs\whenu\



Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteToolBar

Elitum.ElitebarBHO Object Recognized!
Type : File
Data : EliteToolBar version 60.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\elitetoolbar\
FileVersion : 1, 0, 0, 60
ProductVersion : 1, 0, 0, 60
ProductName : EliteToolBar Dynamic Link Library
FileDescription : EliteToolBar DLL
InternalName : EliteToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : EliteToolBar.DLL


TVMedia Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\TV Media

TVMedia Object Recognized!
Type : File
Data : Tvm.exe
Category : Malware
Comment :
Object : C:\Program Files\tv media\



TVMedia Object Recognized!
Type : File
Data : TvmBho.dll
Category : Malware
Comment :
Object : C:\Program Files\tv media\



TVMedia Object Recognized!
Type : File
Data : TvmCore.dll
Category : Malware
Comment :
Object : C:\Program Files\tv media\



WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx
Value : inst

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Power Scan

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : DisplayName

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : UninstallString

BlazeFind Object Recognized!
Type : File
Data : UnstSA3.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


Lycos Sidesearch Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\lycos\SideSearch

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\media
Value : data

StatBlaster Object Recognized!
Type : File
Data : TempWM_FUINS.bat
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Ali\local settings\



TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\ins
Value : 1150

TopMoxie Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Web_Rebates

TopMoxie Object Recognized!
Type : File
Data : disp1150.exe
Category : Data Miner
Comment :
Object : C:\Program Files\web_rebates\



TopMoxie Object Recognized!
Type : File
Data : README.txt
Category : Data Miner
Comment :
Object : C:\Program Files\web_rebates\



TopMoxie Object Recognized!
Type : File
Data : WebRebates0.exe
Category : Data Miner
Comment :
Object : C:\Program Files\web_rebates\



TopMoxie Object Recognized!
Type : File
Data : WebRebates1.exe
Category : Data Miner
Comment :
Object : C:\Program Files\web_rebates\



IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\northcode inc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : CustomizeSearch

Ebates MoneyMaker Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Ebates_MoeMoneyMaker

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\eZula

eUniverse Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\IncrediFind

eUniverse Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\incredifind\BHO

ClearSearch Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\ClearSearch

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : File
Data : didduid.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\



SecondThought Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\\temporary

SecondThought Object Recognized!
Type : File
Data : install113.exe
Category : Malware
Comment :
Object : c:\temporary\



AltnetBDE Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Altnet

AltnetBDE Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\Altnet

AltnetBDE Object Recognized!
Type : File
Data : dmfiles.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : dminstall3.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\



AltnetBDE Object Recognized!
Type : File
Data : msvcirt.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\temp\altnet\
FileVersion : 6.00.8168.0
ProductVersion : 6.00.8168.0
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® C++ Runtime Library
InternalName : MSVCIRT.DLL
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : MSVCIRT.DLL


AltnetBDE Object Recognized!
Type : File
Data : mysearch.cab
Category : Data Miner
Comment :
Object
  • 0

Advertisements

#17
Guest_Andy_veal_*
Posted 22 May 2005 - 05:09 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R46 17.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please remove all except CWS

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#18
berm140
Posted 22 May 2005 - 06:03 PM

berm140

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
After I did what you said, restarted my computer, and ran adaware, this is the logfile:

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 22, 2005 7:33:41 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):1 total references
BookedSpace(TAC index:10):1 total references
BroadCastPC(TAC index:7):1 total references
ClickSpring(TAC index:6):1 total references
DyFuCA(TAC index:3):2 total references
eUniverse(TAC index:10):2 total references
EzuLa(TAC index:6):1 total references
ImIServer IEPlugin(TAC index:5):55 total references
midADdle(TAC index:8):2 total references
MyDailyHoroscope(TAC index:5):1 total references
Roings(TAC index:8):1 total references
WhenU(TAC index:3):1 total references
Windows(TAC index:3):1 total references
WinFavorites(TAC index:6):1 total references
VX2(TAC index:10):39 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-22-2005 7:33:41 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 5-22-2005 11:31:17 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 5-22-2005 11:31:24 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 668
ThreadCreationTime : 5-22-2005 11:31:25 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 5-22-2005 11:31:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 5-22-2005 11:31:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 5-22-2005 11:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-22-2005 11:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 5-22-2005 11:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 5-22-2005 11:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1216
ThreadCreationTime : 5-22-2005 11:31:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1412
ThreadCreationTime : 5-22-2005 11:31:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1940
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:13 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1952
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:14 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:15 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 2020
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:16 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2036
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:17 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 164
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 444
ThreadCreationTime : 5-22-2005 11:31:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 648
ThreadCreationTime : 5-22-2005 11:31:40 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:20 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1052
ThreadCreationTime : 5-22-2005 11:31:40 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1528
ThreadCreationTime : 5-22-2005 11:31:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 5-22-2005 11:32:25 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:23 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1336
ThreadCreationTime : 5-22-2005 11:32:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1308
ThreadCreationTime : 5-22-2005 11:32:48 PM
BasePriority : High
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2044
ThreadCreationTime : 5-22-2005 11:32:53 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [fvbrhng.exe]
FilePath : c:\windows\system32\
ProcessID : 1564
ThreadCreationTime : 5-22-2005 11:33:01 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUS3t5atusOfSInst

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 74
Objects found so far: 74


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 74


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 74



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : temp.frCD69
Category : Malware
Comment :
Object : C:\Documents and Settings\Ali\Local Settings\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : DrPMon[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Ali\Local Settings\Temporary Internet Files\Content.IE5\QCJZRRN2\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0158678.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


midADdle Object Recognized!
Type : File
Data : A0158682.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1.0.0.16
ProductVersion : 1.0.0.16
InternalName : clicks.dll
LegalCopyright : All rights reserved.
OriginalFilename : clicks.dll


eUniverse Object Recognized!
Type : File
Data : A0158693.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL


ClickSpring Object Recognized!
Type : File
Data : A0158695.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



EzuLa Object Recognized!
Type : File
Data : A0158696.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : EARNStatBlaster10
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


eUniverse Object Recognized!
Type : File
Data : A0158697.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



WhenU Object Recognized!
Type : File
Data : A0158698.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 2, 5, 4, 1
ProductVersion : 2, 5, 4, 1
ProductName : Save! Setup
CompanyName : WhenU.com, Inc.
FileDescription : Save! Setup
InternalName : SaveInstCsSm
LegalCopyright : Copyright 2000
OriginalFilename : SaveInstCsSm.exe


MyDailyHoroscope Object Recognized!
Type : File
Data : A0158699.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



BroadCastPC Object Recognized!
Type : File
Data : A0158700.EXE
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



WinFavorites Object Recognized!
Type : File
Data : A0158701.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



VX2 Object Recognized!
Type : File
Data : A0158702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : A0158703.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



ImIServer IEPlugin Object Recognized!
Type : File
Data : A0158704.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


BookedSpace Object Recognized!
Type : File
Data : A0158705.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\



BlazeFind Object Recognized!
Type : File
Data : A0158706.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


DyFuCA Object Recognized!
Type : File
Data : A0158707.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


DyFuCA Object Recognized!
Type : File
Data : A0158708.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


VX2 Object Recognized!
Type : File
Data : A0158718.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0158724.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP803\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 96


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
5 entries scanned.
New critical objects:0
Objects found so far: 96




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : IID

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\



ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

VX2 Object Recognized!
Type : File
Data : temp.frcd69
Category : Malware
Comment :
Object : C:\DOCUME~1\Ali\LOCALS~1\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 110

7:59:05 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:25:24.125
Objects scanned:212872
Objects identified:110
Objects ignored:0
New critical objects:110

Edited by berm140, 22 May 2005 - 06:04 PM.

  • 0

#19
Guest_Andy_veal_*
Posted 23 May 2005 - 10:18 AM

Guest_Andy_veal_*
  • Guest
Please try this process please. It would be worth printing out a copy of the instructions.

1) First please go to http://www.lavasoftu...x2cleaner.shtml . Download and install the VX2 Plug-in as described there, but do not run it yet.

2) Disconnect from the Internet, some VX2 objects can re-install themselves if you are connected.

3) Close all running applications including all Internet Explorer or alternate browser sessions.

4) Run the VX2 cleaner plug-in: In Ad-Aware SE Go to “Plug-ins”, select the VX2 Cleaner plug-in and click “Run Tool”

5) If your computer isn’t infected, click “Close”. If your computer is infected, select “Clean System”

6) Shutdown/restart your computer (do NOT connect to the Internet on re-boot). If Ad-Aware SE is open please close it. Make sure all applications are closed.

Important: check that your last scan was a "Full System Scan". If not, please select that option and start a scan, cancelling the scan after it starts. The object is to ensure that a full system scan will run in the following step.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.

Note: If you used a different path to the default for installing Ad-Aware SE Pro change the path as appropriate.

7) When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

8) Please shutdown/restart your computer after removal. Run a new full scan. Do NOT connect to the Internet until completing a new full scan.

9) After the scan is complete, reconnect to the Internet and post the logfile from this latest scan.

If you have any questions, please don't hesitate to ask. Thank you.
  • 0

#20
berm140
Posted 24 May 2005 - 02:35 PM

berm140

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 24, 2005 4:12:53 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin(TAC index:5):2 total references
VX2(TAC index:10):27 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-24-2005 4:12:53 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 592
ThreadCreationTime : 5-24-2005 8:10:41 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 5-24-2005 8:10:43 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 664
ThreadCreationTime : 5-24-2005 8:10:43 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 5-24-2005 8:10:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 5-24-2005 8:10:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 5-24-2005 8:10:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-24-2005 8:10:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1028
ThreadCreationTime : 5-24-2005 8:10:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 5-24-2005 8:10:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1232
ThreadCreationTime : 5-24-2005 8:10:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 5-24-2005 8:10:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1928
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:13 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1940
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:14 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1976
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:15 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2012
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 2024
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:17 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 196
ThreadCreationTime : 5-24-2005 8:10:55 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 432
ThreadCreationTime : 5-24-2005 8:10:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 724
ThreadCreationTime : 5-24-2005 8:10:59 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:20 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1068
ThreadCreationTime : 5-24-2005 8:10:59 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:21 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 5-24-2005 8:10:59 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1532
ThreadCreationTime : 5-24-2005 8:11:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 1508
ThreadCreationTime : 5-24-2005 8:11:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1216
ThreadCreationTime : 5-24-2005 8:12:19 PM
BasePriority : High
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 560
ThreadCreationTime : 5-24-2005 8:12:24 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2798144161-3796940194-3563552628-1006\software\aurora
Value : AUI3g5noreS

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 26
Objects found so far: 26


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

ImIServer IEPlugin Object Recognized!
Type : File
Data : A0158945.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP804\
FileVersion : 1, 0, 8, 1
ProductVersion : 1, 0, 8, 1
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


VX2 Object Recognized!
Type : File
Data : A0158946.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP804\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


ImIServer IEPlugin Object Recognized!
Type : File
Data : A0158947.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP804\
FileVersion : 5.0.2001.10043
ProductVersion : 2001, 0, 0, 0
ProductName : MimarSinan Emissary, MimarSinan Charm Family
CompanyName : Mimar Sinan International
FileDescription : Emissary
InternalName : autonomy
LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved.
OriginalFilename : autonomy.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
5 entries scanned.
New critical objects:0
Objects found so far: 29




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29

4:29:41 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:48.172
Objects scanned:206406
Objects identified:29
Objects ignored:0
New critical objects:29
  • 0

#21
Guest_Andy_veal_*
Posted 24 May 2005 - 02:50 PM

Guest_Andy_veal_*
  • Guest
Please could you try may advice previous above, but only select VX2 for removal.

Please make sure you update your definition file to SE1R47 24.05.2005

Edited by Andy_veal, 24 May 2005 - 02:52 PM.

  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP