Using Ad-Aware does not get rid of them, they come back.
Here is my Ad-Aware log with the lastest definition.
Thanks for you help in advance.
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, June 02, 2005 1:27:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
Fingerprints total : 902
Fingerprints size : 31096 Bytes
Target categories : 15
Target families : 692
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:38 %
Total physical memory:522464 kb
Available physical memory:198248 kb
Total page file size:886112 kb
Available on page file:572236 kb
Total virtual memory:2097024 kb
Available virtual memory:2048296 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
6-2-2005 1:27:06 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 448
ThreadCreationTime : 5-31-2005 1:17:14 PM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 528
ThreadCreationTime : 5-31-2005 1:17:16 PM
BasePriority : High
VX2 Object Recognized!
Type : Process
Data : j60s0gd7e60.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
Warning! VX2 Object found in memory(C:\WINDOWS\system32\j60s0gd7e60.dll)
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 572
ThreadCreationTime : 5-31-2005 1:17:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 584
ThreadCreationTime : 5-31-2005 1:17:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 752
ThreadCreationTime : 5-31-2005 1:17:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 800
ThreadCreationTime : 5-31-2005 1:17:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1080
ThreadCreationTime : 5-31-2005 1:17:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [clisvcl.exe]
ModuleName : C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
Command Line : C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
ProcessID : 1228
ThreadCreationTime : 5-31-2005 1:17:19 PM
BasePriority : Normal
FileVersion : 2.00.1493.4000
ProductVersion : 2.00.1493.4000
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Client Service
InternalName : CLISVCL
LegalCopyright : Copyright © Microsoft Corporation 1994-2000
OriginalFilename : CLISVCL.EXE
#:9 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : n/a
ProcessID : 1272
ThreadCreationTime : 5-31-2005 1:17:19 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:10 [mcshield.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\mcshield.exe
Command Line : n/a
ProcessID : 1312
ThreadCreationTime : 5-31-2005 1:17:19 PM
BasePriority : High
#:11 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
Command Line : n/a
ProcessID : 1364
ThreadCreationTime : 5-31-2005 1:17:20 PM
BasePriority : Normal
#:12 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 1396
ThreadCreationTime : 5-31-2005 1:17:20 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:13 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1484
ThreadCreationTime : 5-31-2005 1:17:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [wuser32.exe]
ModuleName : C:\WINDOWS\TIREMOTE\wuser32.exe
Command Line : n/a
ProcessID : 1504
ThreadCreationTime : 5-31-2005 1:17:20 PM
BasePriority : Normal
FileVersion : 5.0.0.2
ProductVersion : 6.0
ProductName : Intuit Track-It! Remote
CompanyName : Intuit Track-It!
FileDescription : Remote Control Agent
InternalName : wuser32
LegalCopyright : Copyright © 2003
OriginalFilename : wuser32.exe
#:15 [wuser32.exe]
ModuleName : C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
Command Line : n/a
ProcessID : 1600
ThreadCreationTime : 5-31-2005 1:17:21 PM
BasePriority : Normal
FileVersion : 2.00.1493.4007
ProductVersion : 2.00.1493.4007
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : WUSER32
LegalCopyright : Copyright © Microsoft Corporation 1994-2000
OriginalFilename : WUSER32.EXE
#:16 [smsapm32.exe]
ModuleName : C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
Command Line : C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
ProcessID : 3092
ThreadCreationTime : 6-2-2005 11:16:39 AM
BasePriority : Normal
FileVersion : 2.00.1493.4012
ProductVersion : 2.00.1493.4012
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Manager (Win32)
InternalName : SMSAPM32
LegalCopyright : Copyright © Microsoft Corporation 1994-2000
OriginalFilename : SMSAPM32.EXE
#:17 [ssonsvr.exe]
ModuleName : C:\Program Files\Citrix\PNAgent\ssonsvr.exe
Command Line : n/a
ProcessID : 2952
ThreadCreationTime : 6-2-2005 1:31:17 PM
BasePriority : Normal
#:18 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1112
ThreadCreationTime : 6-2-2005 1:31:19 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
VX2 Object Recognized!
Type : Process
Data : guard.tmp
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
Warning! VX2 Object found in memory(C:\WINDOWS\system32\guard.tmp)
#:19 [shstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
Command Line : "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
ProcessID : 1648
ThreadCreationTime : 6-2-2005 1:31:21 PM
BasePriority : Normal
#:20 [updaterui.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
ProcessID : 2924
ThreadCreationTime : 6-2-2005 1:31:21 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:21 [launch32.exe]
ModuleName : C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
Command Line : "C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE"
ProcessID : 2864
ThreadCreationTime : 6-2-2005 1:31:21 PM
BasePriority : Normal
FileVersion : 2.00.1493.4000
ProductVersion : 2.00.1493.4000
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : LAUNCH32
LegalCopyright : Copyright © Microsoft Corporation 1994-2000
OriginalFilename : LAUNCH32.EXE
#:22 [ctmix32.exe]
ModuleName : C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
Command Line : "C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE" /t
ProcessID : 1772
ThreadCreationTime : 6-2-2005 1:31:22 PM
BasePriority : Normal
FileVersion : 6.01.1
ProductVersion : 6.01.1
ProductName : Creative Mixer Loader
CompanyName : Creative Technology Ltd.
FileDescription : Creative Mixer Loader
InternalName : Creative Mixer Loader
LegalCopyright : Copyright © Creative Technology Ltd 1991-1999.
OriginalFilename : CTMXLD32.EXE
#:23 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 2448
ThreadCreationTime : 6-2-2005 1:31:22 PM
BasePriority : Normal
#:24 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3408
ThreadCreationTime : 6-2-2005 1:31:22 PM
BasePriority : Normal
FileVersion : 5.0.0468
ProductVersion : Version 5.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:25 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 376
ThreadCreationTime : 6-2-2005 1:31:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [smsmon32.exe]
ModuleName : C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
Command Line : C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe -startup
ProcessID : 1196
ThreadCreationTime : 6-2-2005 1:31:24 PM
BasePriority : Normal
FileVersion : 2.00.1493.4000
ProductVersion : 2.00.1493.4000
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Monitor (Win32)
InternalName : SMSMON32
LegalCopyright : Copyright © Microsoft Corporation 1994-2000
OriginalFilename : SMSMON32.EXE
#:27 [osa.exe]
ModuleName : C:\Program Files\Microsoft Office\Office\OSA.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 3612
ThreadCreationTime : 6-2-2005 1:31:24 PM
BasePriority : Normal
#:28 [pnagent.exe]
ModuleName : C:\Program Files\Citrix\PNAgent\pnagent.exe
Command Line : "C:\Program Files\Citrix\PNAgent\pnagent.exe"
ProcessID : 2620
ThreadCreationTime : 6-2-2005 1:31:24 PM
BasePriority : Normal
FileVersion : 8.100.29670
ProductVersion : 8.100
ProductName : Citrix ICA Client
CompanyName : Citrix Systems, Inc.
FileDescription : Citrix ICA Client PNAgent (Win32)
InternalName : PNAGENT
LegalCopyright : Copyright © 1990-2003 Citrix Systems, Inc.
OriginalFilename : PNAGENT.EXE
#:29 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 2616
ThreadCreationTime : 6-2-2005 1:31:25 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:30 [extra.exe]
ModuleName : C:\Program Files\Attachmate\E!E2K\EXTRA.EXE
Command Line : "C:\Program Files\Attachmate\E!E2K\EXTRA.EXE" C:\PROGRA~1\ATTACH~1\E!E2K\Sessions\PRODCI~1.EDP
ProcessID : 2312
ThreadCreationTime : 6-2-2005 1:47:52 PM
BasePriority : Normal
#:31 [extra.exe]
ModuleName : C:\Program Files\Attachmate\E!E2K\EXTRA.EXE
Command Line : "C:\Program Files\Attachmate\E!E2K\EXTRA.EXE" C:\PROGRAM FILES\ATTACHMATE\E!E2K\SESSIONS\PROD TSO1.EDP
ProcessID : 484
ThreadCreationTime : 6-2-2005 1:48:23 PM
BasePriority : Normal
#:32 [extra.exe]
ModuleName : C:\Program Files\Attachmate\E!E2K\EXTRA.EXE
Command Line : "C:\Program Files\Attachmate\E!E2K\EXTRA.EXE" C:\PROGRAM FILES\ATTACHMATE\E!E2K\SESSIONS\TEST TSO.EDP
ProcessID : 4056
ThreadCreationTime : 6-2-2005 1:48:42 PM
BasePriority : Normal
#:33 [extra.exe]
ModuleName : C:\Program Files\Attachmate\E!E2K\EXTRA.EXE
Command Line : "C:\Program Files\Attachmate\E!E2K\EXTRA.EXE" C:\PROGRAM FILES\ATTACHMATE\E!E2K\SESSIONS\PROD TSO2.EDP
ProcessID : 320
ThreadCreationTime : 6-2-2005 1:49:08 PM
BasePriority : Normal
#:34 [extra.exe]
ModuleName : C:\Program Files\Attachmate\E!E2K\EXTRA.EXE
Command Line : "C:\Program Files\Attachmate\E!E2K\EXTRA.EXE" C:\PROGRAM FILES\ATTACHMATE\E!E2K\SESSIONS\SMS TSO.EDP
ProcessID : 2232
ThreadCreationTime : 6-2-2005 1:49:27 PM
BasePriority : Normal
#:35 [outlook.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /recycle
ProcessID : 3828
ThreadCreationTime : 6-2-2005 1:50:15 PM
BasePriority : Normal
#:36 [newregistry.exe]
ModuleName : C:\Program Files\Registry\NewRegistry.exe
Command Line : "C:\Program Files\Registry\NewRegistry.exe"
ProcessID : 1540
ThreadCreationTime : 6-2-2005 1:51:30 PM
BasePriority : Normal
FileVersion : 1.03.0002
ProductVersion : 1.03.0002
ProductName : Registry
CompanyName : Cox Health Systems
InternalName : NewRegistry
OriginalFilename : NewRegistry.exe
#:37 [acrord32.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
Command Line : "C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe" /o
ProcessID : 2416
ThreadCreationTime : 6-2-2005 4:23:06 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051900
ProductVersion : 6.0.0.2003051900
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe
#:38 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\wisptis.exe
Command Line : "C:\WINDOWS\System32\wisptis.exe" -Embedding
ProcessID : 3480
ThreadCreationTime : 6-2-2005 4:23:09 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE
#:39 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 2600
ThreadCreationTime : 6-2-2005 4:32:41 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 396
ThreadCreationTime : 6-2-2005 6:23:28 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:36
Value : Cookie:[email protected]/
Expires : 6-9-2005 11:48:12 AM
LastSync : Hits:36
UseCount : 0
Hits : 36
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@bfast[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-26-2025 8:55:30 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@atdmt[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-24-2010 7:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@advertising[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-26-2010 3:47:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@adrevolver[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/adrevolver/
Expires : 2-6-2008 10:49:48 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-26-2020 3:36:20 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@fastclick[1].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:[email protected]/
Expires : 6-2-2007 12:17:50 PM
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@2o7[1].txt
Category : Data Miner
Comment : Hits:90
Value : Cookie:[email protected]/
Expires : 6-1-2010 1:03:38 PM
LastSync : Hits:90
UseCount : 0
Hits : 90
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-25-2009 9:15:10 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@zedo[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-26-2006 9:15:08 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@mediaplex[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@bluestreak[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-25-2015 11:49:32 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 6-26-2005 3:47:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:92
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:92
UseCount : 0
Hits : 92
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@apmebf[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-31-2010 3:21:30 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@valueclick[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-21-2030 3:47:02 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 6-1-2005 3:44:06 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 6-2-2006 1:03:22 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@revenue[2].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:[email protected]/
Expires : 6-10-2022 12:05:42 AM
LastSync : Hits:40
UseCount : 0
Hits : 40
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@doubleclick[1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 5-25-2008 2:54:02 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 9-6-2014 6:50:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-29-2015 8:17:46 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : akloehn@qksrv[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-31-2010 3:21:30 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 27
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClientMan Object Recognized!
Type : File
Data : msnkmi.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\akloehn\Local Settings\Temp\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 28
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : leck
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.8
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX2.9
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.0
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.1
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.2
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : RX3.3
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.4
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.5
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : FU3.6
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : LU3.7
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 51
1:32:58 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:52.775
Objects scanned:56287
Objects identified:50
Objects ignored:0
New critical objects:50