Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ABI Network [CLOSED]

Started by natman , Jun 13 2005 11:26 AM

  • This topic is locked This topic is locked

#16
natman
Posted 14 June 2005 - 01:32 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
adware found this :


Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, June 14, 2005 2:56:32 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):12 total references
AdDestroyer(TAC index:5):1 total references
Adintelligence.AproposToolbar(TAC index:5):6 total references
AdRotator(TAC index:6):37 total references
Alexa(TAC index:5):1 total references
BargainBuddy(TAC index:8):12 total references
BlazeFind(TAC index:5):3 total references
BonziBuddy(TAC index:7):1 total references
BookedSpace(TAC index:10):4 total references
BroadCastPC(TAC index:7):1 total references
Claria(TAC index:7):59 total references
ClearSearch(TAC index:7):79 total references
CoolWebSearch(TAC index:10):31 total references
Coulomb Dialer(TAC index:5):1 total references
DealHelper(TAC index:7):8 total references
DSSAgent(TAC index:8):7 total references
DyFuCA(TAC index:3):35 total references
Ebates MoneyMaker(TAC index:4):3 total references
eUniverse(TAC index:10):21 total references
EzuLa(TAC index:6):161 total references
ImIServer IEPlugin(TAC index:5):34 total references
istbar(TAC index:7):39 total references
MediaMotor(TAC index:8):4 total references
MRU List(TAC index:0):18 total references
MyDailyHoroscope(TAC index:5):23 total references
NetPal(TAC index:9):2 total references
PeopleOnPage(TAC index:9):16 total references
Possible Browser Hijack attempt(TAC index:3):15 total references
Powerscan(TAC index:5):10 total references
PromulGate(TAC index:5):1 total references
Roings(TAC index:8):1 total references
SahAgent(TAC index:9):4 total references
SecondThought(TAC index:4):19 total references
StatBlaster(TAC index:8):3 total references
TopMoxie(TAC index:3):9 total references
Tracking Cookie(TAC index:3):809 total references
TVMedia(TAC index:5):8 total references
WhenU(TAC index:3):77 total references
Win32.Adverts.TrojanDownloader(TAC index:6):1 total references
Win32.Turown.h(TAC index:6):1 total references
WinFavorites(TAC index:6):15 total references
Winpup32(TAC index:6):2 total references
VirtualBouncer(TAC index:5):3 total references
VX2(TAC index:10):200 total references
YourSiteBar(TAC index:6):18 total references
Zango(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-14-05 2:56:32 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279173221
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294924237
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294926309
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921653
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294850405
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
FilePath : c:\windows\SYSTEM\KB891711\
ProcessID : 4294845077
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294846421
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294866453
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

TVMedia Object Recognized!
Type : Process
Data : TVMBHO.DLL
TAC Rating : 5
Category : Malware
Comment : (CSI MATCH)
Object : C:\TV MEDIA\


Warning! TVMedia Object found in memory(C:\TV MEDIA\TVMBHO.DLL)


#:9 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294885153
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294878533
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:11 [ATICWD32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294878225
Threads : 2
Priority : Normal
FileVersion : 4.11.2559
ProductVersion : 4.11.2559
ProductName : ATI Technologies Inc.
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATICWD32
LegalCopyright : Copyright © ATI Technologies Inc., 1998
OriginalFilename : ATICWD32.EXE

#:12 [ATITASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294892393
Threads : 1
Priority : Normal
FileVersion : 4.11.2315
ProductVersion : 4.11.2315
ProductName : ATI Technologies, Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Application
InternalName : AtiTask
LegalCopyright : Copyright © ATI Technologies Inc. 1998
OriginalFilename : AtiTask

#:13 [PRINTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294779445
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Lexmark PrinTray
CompanyName : Lexmark
FileDescription : PrinTray
InternalName : PrinTray
LegalCopyright : Copyright © 1999
OriginalFilename : PrinTray.exe

#:14 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294781361
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:15 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294778793
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:16 [TVM.EXE]
FilePath : C:\TV MEDIA\
ProcessID : 4294899937
Threads : 1
Priority : Normal


#:17 [LOADER.EXE]
FilePath : C:\PROGRAM FILES\CLEARSEARCH\
ProcessID : 4294789253
Threads : 1
Priority : Normal
FileVersion : 1, 5, 0, 1
ProductVersion : 1, 5, 0, 1
ProductName : Loader
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : Loader.exe

#:18 [AUTOMOVE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294812285
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ADAutomove Application
FileDescription : ADAutomove MFC Application
InternalName : ADAutomove
LegalCopyright : Copyright © 2004
OriginalFilename : ADAutomove.EXE

#:19 [XLGMJB.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294789741
Threads : 2
Priority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

VX2 Object Recognized!
Type : Process
Data : XLGMJB.EXE
TAC Rating : 10
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\XLGMJB.EXE)

"C:\WINDOWS\SYSTEM\XLGMJB.EXE"Process terminated successfully

#:20 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294717269
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:21 [NBJUQBH.EXE]
FilePath : C:\
ProcessID : 4294705653
Threads : 1
Priority : Normal


istbar Object Recognized!
Type : Process
Data : NBJUQBH.EXE
TAC Rating : 7
Category : Malware
Comment : (CSI MATCH)
Object : C:\


Warning! istbar Object found in memory(C:\NBJUQBH.EXE)

"C:\NBJUQBH.EXE"Process terminated successfully

#:22 [RNLELA.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294731333
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE

#:23 [QIEBBC.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294722177
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright © 2003
OriginalFilename : Redirect.EXE

#:24 [AUTOUPDATE.EXE]
FilePath : C:\PROGRAM FILES\AUTOUPDATE\
ProcessID : 4294828605
Threads : 1
Priority : Normal


PeopleOnPage Object Recognized!
Type : Process
Data : AUTOUPDATE.EXE
TAC Rating : 9
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\AUTOUPDATE\


Warning! PeopleOnPage Object found in memory(C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE)

"C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE"Process terminated successfully

#:25 [GAMEDRVR.EXE]
FilePath : C:\PROGRAM FILES\WILDTANGENT\APPS\CDA\
ProcessID : 4294767845
Threads : 2
Priority : Normal
FileVersion : 5.0.0.190
ProductVersion : 5.0.0.190
ProductName : WildTangent Game Loader
CompanyName : WildTangent, Inc.
FileDescription : WildTangent Automatic Update Manager
LegalCopyright : All Rights Reserved © 2003-2004 WildTangent, Inc.

#:26 [$SYS$DRMSERVER.EXE]
FilePath : C:\WINDOWS\SYSTEM\$SYS$FILESYSTEM\
ProcessID : 4294763481
Threads : 3
Priority : Normal


#:27 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294762313
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:28 [LNKZAR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294754813
Threads : 1
Priority : Normal


#:29 [SYNEST.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294661981
Threads : 1
Priority : Normal


#:30 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294719785
Threads : 2
Priority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [STIWIZC.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294797089
Threads : 1
Priority : Normal


#:32 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294574761
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:33 [WZQKPICK.EXE]
FilePath : C:\MY DOCUMENTS\PAIN2XTREME4YA2004\WINZIP\
ProcessID : 4294636037
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:34 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294568361
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:35 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294717717
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:36 [PACKAGER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278675993
Threads : 1
Priority : Realtime
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Packager application file
InternalName : PACKAGER
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : PACKAGER.EXE

#:37 [YMSGR_TRAY.EXE]
FilePath : C:\PROGRAM FILES\YAHOO!\MESSENGER\
ProcessID : 4278622349
Threads : 1
Priority : Normal


#:38 [ISTSVC.EXE]
FilePath : C:\PROGRAM FILES\ISTSVC\
ProcessID : 4294594013
Threads : 1
Priority : Normal


#:39 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278586725
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 22


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6eb5b540-1e74-4d91-a7f0-5b758d333702}

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncaseinstaller.ncaseinstaller

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ncaseinstaller.ncaseinstaller.1

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{18dd1792-64fb-42db-acbe-435c598045f4}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adrotator.application

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{34ef5b1c-52cb-400b-8b7c-f787018b3826}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3e7145b1-ea07-42ce-9299-11df39ff54bd}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{965a592f-8efa-4250-8630-7960230792f1}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defaultsearch.seekseek

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defaultsearch.seekseek.1

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{39341eb6-c340-4f68-ab9d-ee4917309828}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{96b3b1b9-a510-4603-bd66-2bb2c9f21542}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e9d8697e-bea9-4170-84f3-509ad2a11951}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3cd9d85e-1ff2-4bf7-a113-6669b8d1e676}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{69db5061-ff0a-418b-ada6-68ac77d69e44}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{eac42c32-1fe3-4fd0-9f27-e7f9ccf5fcd9}

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : urllauncher.urllaunchercontrol

AdRotator Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : urllauncher.urllaunchercontrol.1

Claria Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK

Claria Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt

ClearSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000002230}

ClearSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csbb.csbbcore

ClearSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csbb.csbbcore.1

ClearSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{15bf1d7c-9e2c-489c-aca0-ede133a06df5}

ClearSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{abbf650c-e69a-4c95-ba45-0f2c7c2a13a4}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a9a674bf-771f-42e5-a440-d20dda85a862}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0d721150-aef3-457b-b03a-5097b623ce45}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : plugin6.dnserrobj

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : plugin6.dnserrobj.1

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{444a5674-ff85-45d4-9ae2-4199d8d70c85}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\ezulabootexe.exe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\ezulamain.exe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{8a044397-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{c0335198-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{19dfb2cb-9b27-11d4-b192-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2079884b-6ef3-11d4-8a74-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{55910916-8b4e-4c1e-9253-cce296ea71eb}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{58359010-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b1dd8a69-1b96-11d4-b175-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b1dd8a69-1b96-11d4-b175-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ieobject

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ieobject.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulacode

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulacode.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulahash

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulahash.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulasearch

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulasearch.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.popupdisplay

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.popupdisplay.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.resulthelper

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.resulthelper.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.searchhelper

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.searchhelper.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.trayiconm

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.trayiconm.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58359011-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8a044396-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comm
  • 0

Advertisements

#17
tampabelle
Posted 14 June 2005 - 02:18 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Natman,

Please let me know if you have already installed - Spybot S&D, Spyware Blaster, Spyware Guard, Avast or AVG Anti-virus program and Kerio Firewall??

If you havent all of these, please do so !!!!!!!! It is a waste of time to clean your PC as it will get infected again without these programs installed. The links to download thes eprograms is at the bottom of this message. Once you have installed these programs, make sure that the definitions file are updated.

Have you visited the sites of Panda and Trendmicro for free online scans ??

Please do so and get your PC scanned. Let the programs fix anything they find on your PC.

Please post the scan logs of Panda and Trendmicro along with the HJT log here after you have completed all the steps.

Edited by tampabelle, 14 June 2005 - 02:19 PM.

  • 0

#18
natman
Posted 14 June 2005 - 02:20 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
all of the adware findings are being removed now
  • 0

#19
natman
Posted 14 June 2005 - 02:30 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
im tryin 2 do a trend micro scan, but its runnin slow, it did the update thing and i clicked the scan button and now its not doing anything, i try clickin on the page to go 2 it, but it wont pull up
  • 0

#20
tampabelle
Posted 14 June 2005 - 03:03 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,

if you are having problems with Trendmicro then do the scan with Panda.

It is preferable to use Internet Explore while doing the scan instead of Firefox or aany other browser.

But have atleast one scan report along with Hijack This log in your next post
  • 0

#21
natman
Posted 14 June 2005 - 03:50 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
the kerio file is still downloading and so is ava, the others are set up
  • 0

#22
tampabelle
Posted 14 June 2005 - 03:52 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,

Take your time. Please install everything, run the online scana dn then post back with the scan log and the fresh HJT log
  • 0

#23
natman
Posted 15 June 2005 - 10:10 AM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
im tryin the panda and i found something while uninstallin some unessesary junk, i found that the ABI Network was installed to me using another program, and to uninstall it told me to this website: www.mypctuneup.com, but i didnt do it, *scanning is being done now on my pc*

Edited by natman, 15 June 2005 - 10:18 AM.

  • 0

#24
tampabelle
Posted 15 June 2005 - 10:55 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,

That was very smart of you !!!!!!!!!

The infection Aurora was created by ABI Networks and uses its own uninstaller tool at its own site - mypctuneup - to gather a lot of information about the user when you visit that website.
  • 0

#25
natman
Posted 15 June 2005 - 08:33 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Incident Status Location

Spyware:Spyware/TVMedia No disinfected C:\TV MEDIA\TVMBHO.DLL
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\QIEBBC.EXE
Adware:Adware/Apropos No disinfected C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\AUTOMOVE.EXE
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\SYSSTA~1.EXE
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\RNLELA.EXE
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\QIEBBC.EXE
Adware:Adware/Apropos No disinfected c:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
Spyware:Spyware/TVMedia No disinfected C:\TVMEDI~1\TVM.EXE
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\SYSSTA~1.EXE
Adware:Adware/SaveNow No disinfected C:\Program Files\Save
Adware:Adware/Gator No disinfected C:\WINDOWS\gator*.log
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Spyware:Spyware/Dyfuca No disinfected C:\windows\TEMP\optimize.exe
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\CSBB
Adware:Adware/BrowserAid No disinfected C:\WINDOWS\mwsvm.dat
Adware:Adware/PortalScan No disinfected C:\Program Files\Common Files\slmss
Adware:Adware/PowerScan No disinfected C:\windows\TEMP\PowerScan.exe
Adware:Adware/StatBlaster No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\AutoUpdate
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\SWRT??.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\swrt01.dll
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/SideSearch No disinfected C:\WINDOWS\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.in?
Adware:Adware/QuickSearch No disinfected C:\Program Files\QuickSearch
Adware:Adware/ILookup No disinfected C:\WINDOWS\ILookup
Adware:Adware/BlazeFind No disinfected C:\windows\TEMP\Installer?.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\DealHelper
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\adupdmanager.xml
Adware:Adware/TopRebates No disinfected C:\windows\TEMP\jkill.exe
Adware:Adware/WildTangent No disinfected C:\Program Files\WILDTANGENT
Adware:Adware/ClockSync No disinfected C:\Program Files\ClockSync
Adware:Adware/MyWebSearch No disinfected Windows Registry
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar
Adware:Adware/Turown No disinfected C:\WINDOWS\SYSTEM\IEHost.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\sys???.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\dun.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\2ndsrch.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\SWin32.dll
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\retpdat32.xml
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\sp32.xml
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\automove.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\trans.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\SWRT01.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\gbuma3wx2lkr.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\sysstartup.exe
Virus:Trj/Idly.A Disinfected C:\WINDOWS\SYSTEM\IdleUI.dll
Virus:Trj/Downloader.OE Disinfected C:\WINDOWS\SYSTEM\dp-him.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM\IEHost.EXE
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\adupdmanager.xml
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Rnlela.exe
Adware:Adware/DealHelper No disinfected C:\WINDOWS\SYSTEM\Qiebbc.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\ALCHEM.INF
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM32\tt_reco.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM32\randreco.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\SYSMON.EXE
Adware:Adware/WinTools No disinfected C:\WINDOWS\TEMP\Installer2.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\yQbjhW.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\TEMP\Tvm.upd
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\TEMP\mxTarget.cab[mxTarget.dll]
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\TEMP\mxTarget.cab[preInsMt.exe]
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\TEMP\mxTarget.dll
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\TEMP\preInsMt.exe
Virus:Trj/Downloader.GK Disinfected C:\WINDOWS\TEMP\polmx3.cab
Adware:Adware/Transponder No disinfected C:\WINDOWS\TEMP\polmx3.exe
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\TEMP\tWm.exe
Adware:Adware/QoolAid No disinfected C:\WINDOWS\TEMP\wtmp.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\TEMP\tvmupdater.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\TEMP\jkill.exe
Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\TEMP\wtmp718537.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\TEMP\thin-118-1-x-x.exe
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\multimpp.cab[multimpp.inf]
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\multimpp.cab[multimpp.dll]
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\multimpp.cab[preInMPP.exe]
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\multimpp.inf
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\multimpp.dll
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\TEMP\preInMPP.exe
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\TEMP\optimize.exe
Adware:Adware/PowerScan No disinfected C:\WINDOWS\TEMP\powerscan.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\Ktq90g.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\M66ldf.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\qygGBS.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\kSq1B5.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Application Data\tvmknwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Application Data\tvmcwrd.dll
Adware:Adware/MyWay No disinfected C:\WINDOWS\Downloaded Program Files\myinitialsetup1.0.0.7.inf
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\Start Menu\Programs\Disabled Startup Items\utka.exe
Virus:Trj/Downloader.IA Disinfected C:\WINDOWS\iNetPal\m3tsp8.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\iLookup\TTIL.exe
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorPatch.log
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\ngixbpx.dll
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\o
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\o.bat
Adware:Adware/PortalScan No disinfected C:\WINDOWS\install2.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\infamous_downloader.exe
Virus:Trj/Multidropper.AM Disinfected C:\WINDOWS\0021-bdl94126.EXE
Adware:Adware/UnderSearch No disinfected C:\WINDOWS\pup.exe
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\CS4P028.exe
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\silent.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\infamous.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\mwsvm.ocx
Adware:Adware/WinTools No disinfected C:\WINDOWS\Key2.txt
Adware:Adware/PortalScan No disinfected C:\WINDOWS\mwsvm.bin
Adware:Adware/BrowserAid No disinfected C:\WINDOWS\mwsvm.dat
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\UnstSA2.exe
Adware:Adware/WinTools No disinfected C:\WINDOWS\fash.exe
Virus:Trj/Downloader.IP Disinfected C:\WINDOWS\ty43f0pmb0.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\gvauy.dat
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-vmk1.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\bundles\Tvm_b5_269.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\trafficvenue1.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\xbmpsq.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\xbmpsq.dll.tmp
Adware:Adware/QoolAid No disinfected C:\WINDOWS\adolib32.dll
Adware:Adware/QoolAid No disinfected C:\WINDOWS\cvss.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\tkiauy.exe
Adware:Adware/QoolAid No disinfected C:\WINDOWS\saoruq.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\lnkzar.exe
Virus:Trj/Krico.A Disinfected C:\WINDOWS\ipwuzg.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\sdkmq.dll
Virus:Trj/Qoologic.E Disinfected C:\WINDOWS\xonaqca.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\Common Files\Slmss\slmss.exe
Adware:Adware/QuickSearch No disinfected C:\Program Files\FileSubmit\aass0.zip\TBEZA127Q.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\FileSubmit\aass0.zip\NNEZTA388.exe
Adware:Adware/QuickSearch No disinfected C:\Program Files\FileSubmit\roseaaliyah.exe\TBEZA127Q.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\FileSubmit\roseaaliyah.exe\NNEZTA388.exe
Adware:Adware/nCase No disinfected C:\Program Files\nCase\msbb.exe
Adware:Adware/nCase No disinfected C:\Program Files\nCase\FLEOK\msbb.exe
Adware:Adware/nCase No disinfected C:\Program Files\nCase\ncmyb.dll
Adware:Adware/PortalScan No disinfected C:\Program Files\STC\STC.exe
Spyware:Spyware/BetterInet No disinfected C:\Program Files\STC\bdl14108.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\STC\slmss.exe
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\STC\ClrSchP070.exe
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\STC\BundleOuter2601031121.exe
Spyware:Spyware/TVMedia No disinfected C:\Program Files\STC\Tvm_b5_269.exe
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\STC\CSV5P070.exe
Virus:Trojan Horse Disinfected C:\Program Files\STC\fpn16100.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\STC\s_win32.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\STC\tvmedia.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\STC\bookedspace.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\STC\qoologic.exe
Adware:Adware/QuickSearch No disinfected C:\Program Files\ICQPlus\Skins\TBEZA127Q.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\ICQPlus\Skins\NNEZTA388.exe
Virus:Trj/Multidropper.AM Disinfected C:\Program Files\pup.exe
Spyware:Spyware/AdClicker No disinfected C:\Program Files\over.exe
Adware:Adware/SideSearch No disinfected C:\Program Files\Lycos\Sidesearch\sidesearch13218.dll
Adware:Adware/ClockSync No disinfected C:\Program Files\ClockSync\Sync.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe
Adware:Adware/Apropos No disinfected C:\Program Files\AutoUpdate\AutoUpdate.exe
Spyware:Spyware/AdClicker No disinfected C:\do.exe
Adware:Adware/PortalScan No disinfected C:\installer\id53.exe
Adware:Adware/VirtualBouncer No disinfected C:\myPcsearch.exe
Spyware:Spyware/TVMedia No disinfected C:\TV Media\TVMBHO.DLL
Spyware:Spyware/TVMedia No disinfected C:\TV Media\TVMCORE.DLL
Spyware:Spyware/TVMedia No disinfected C:\TV Media\TVM.EXE
Adware:Adware/WinTools No disinfected C:\edow.exe
Adware:Adware/SaveNow No disinfected C:\SaveInstCsSm.exe
Adware:Adware/IEDriver No disinfected C:\Overpro323.exe
Virus:Trj/Downloader.AJ Disinfected C:\834590.exe
thats the panda scan
  • 0

Advertisements

#26
tampabelle
Posted 16 June 2005 - 09:19 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,

Can you post a fresh Hijack This log ??

Since you did the online scan, some of the infections would have been removed already :tazz:.
  • 0

#27
natman
Posted 16 June 2005 - 12:12 PM

natman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:10:30 PM, on 6/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QIEBBC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MY DOCUMENTS\PAIN2XTREME4YA2004\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth.net Internet Service
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://bluelight.my.yahoo.com"); (C:\Program Files\Netscape\Users\m_cj\prefs.js)
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\GBUMA3~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_19_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\RNLELA.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\QIEBBC.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [$sys$DRMServer] C:\WINDOWS\SYSTEM\$sys$filesystem\$sys$DRMServer.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [msnmsgr] xC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] x:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\Run: [AIM] x:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [msnmsgr] xC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKCU\..\RunServices: [Yahoo! Pager] x:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunServices: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\RunServices: [AIM] x:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe
O4 - Startup: Norton Install.pif = C:\NORTON~1\NAV95SC\INSTALL.BAT
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtange...smmp/wtinst.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#28
tampabelle
Posted 16 June 2005 - 12:25 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,


I am working on the fix for your log and post it back as soon as possible

cheers
  • 0

#29
tampabelle
Posted 16 June 2005 - 01:25 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi natman,

Here we go -

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entires, delete some files or uninstall sosme programs. If in case, you do not see those entires / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Download these programs and save them in a new folder on your Desktop. Once the PC has been cleaned, plese delete the folder entirely as the programs can be prone to misuse and damage to your system. DO NOT RUN THE PROGRAMS YET.

FixISTbar
CWShredder
Findit9xME

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Unzip Findit9xME and save the extracted files to the same directory.

Please reboot the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

2. Remove Infections

Run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Run FixIstbar.exe.

3. Run Hijack This

Run Hijack This and click on Scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\SYSTEM\GBUMA3~1.DLL
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\SUPDATE.DLL,SHStart
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\RNLELA.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\QIEBBC.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\Tvm.exe
O4 - HKCU\..\RunServices: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix Checked. Close Hijack This.

4. Uninstall Rogue Programs

Open Add or Remove Programs (Click on on Start ---> Settings ---> Control panel and this should be a listed item. The name may differ slightly, but it will be there).

Uninstall / remove the following programs if found -

Adware.DealHelper
TV Media
Ebates Moe Money Maker
POP!

In the uninstall is successful for any reason, please proceed with the rest of the fix.

5. Delete Rogue Files

Open Windows Explorer. Locate and delete the following folders and files -

Folders
C:\TV MEDIA
c:\Program Files\AutoUpdate
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER
ISTsvc

Files
C:\WINDOWS\Dhbrowser.exe
C:\WINDOWS\DHP.dll
C:\WINDOWS\Dhsvr.exe
C:\WINDOWS\DHUpdt.exe
C:\WINDOWS\Dealhlpr.dll
C:\WINDOWS\SYSTEM\RNLELA.exe
C:\WINDOWS\SYSTEM\QIEBBC.exe
C:\WINDOWS\SYSTEM\GBUMA3~1.DLL
C:\WINDOWS\SYSTEM\automove.exe
C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
C:\WINDOWS\SYSTEM\SUPDATE.DLL

Reboot the PC.

Run Findit9xME.bat and save its log file for posting here.

Run Hijack This and Post a fresh log here along with the saved log from Findit 9xME
  • 0

#30
tampabelle
Posted 28 June 2005 - 07:35 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP