Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans and ads galore...

Started by 19scooby71 , Aug 06 2005 06:14 AM

  • Please log in to reply

#1
19scooby71
Posted 06 August 2005 - 06:14 AM

19scooby71

    New Member

  • Member
  • Pip
  • 2 posts
Here are my log files after running all the virus removers and ad destroying apps...

Trojan Hunter

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Program Files\Common Files\Download\freeprodtb.exe/7hQhs.exe (TrojanDropper.MCM.100)
Found trojan file: C:\Program Files\Common Files\InetGet\mc-110-12-0000079.exe/CsHq.exe (TrojanDropper.MCM.100)
Found trojan file: C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe/mYyc3kF.exe (TrojanDropper.MCM.100)
Found trojan file: C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe/d4UIO.exe (TrojanDropper.MCM.100)
4 trojan files found


Ewido Logs

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:54:29 AM, 8/6/2005
+ Report-Checksum: 46377F02

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-577807401-1653484925-1353375585-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-577807401-1653484925-1353375585-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
C:\Documents and Settings\Family\Cookies\family@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Common Files\mc-110-12-0000079.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\EDowST3.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup


::Report End


Ad-Aware Logs


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, August 06, 2005 09:19:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R60 04.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):1 total references
Adintelligence.AproposToolbar(TAC index:5):11 total references
BargainBuddy(TAC index:8):45 total references
BookedSpace(TAC index:10):9 total references
ExactSearchBar(TAC index:5):30 total references
Other(TAC index:5):6 total references
PeopleOnPage(TAC index:9):9 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
SahAgent(TAC index:9):1 total references
Tracking Cookie(TAC index:3):4 total references
TX4.BrowserAd(TAC index:3):2 total references
Win32.TrojanDownloader.Small.aly(TAC index:8):4 total references
VirtualBouncer(TAC index:5):3 total references
VX2(TAC index:10):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


06-08-2005 09:19:33 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 608
ThreadCreationTime : 05-08-2005 22:50:21
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 05-08-2005 22:50:23
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 05-08-2005 22:50:24
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 05-08-2005 22:50:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 05-08-2005 22:50:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1104
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1172
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1300
ThreadCreationTime : 05-08-2005 22:50:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1468
ThreadCreationTime : 05-08-2005 22:50:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1532
ThreadCreationTime : 05-08-2005 22:50:29
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 960
ThreadCreationTime : 05-08-2005 22:50:37
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1044
ThreadCreationTime : 05-08-2005 22:50:37
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1184
ThreadCreationTime : 05-08-2005 22:50:37
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ProcessID : 1252
ThreadCreationTime : 05-08-2005 22:50:37
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ProcessID : 1332
ThreadCreationTime : 05-08-2005 22:50:38
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:19 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ProcessID : 1764
ThreadCreationTime : 05-08-2005 22:50:38
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1856
ThreadCreationTime : 05-08-2005 22:50:38
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 172
ThreadCreationTime : 05-08-2005 22:50:41
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1316
ThreadCreationTime : 05-08-2005 22:50:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\Core\
ProcessID : 2336
ThreadCreationTime : 05-08-2005 22:50:59
BasePriority : Normal
FileVersion : 5, 2, 0, 5
ProductVersion : 5, 2, 0, 5
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:24 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2348
ThreadCreationTime : 05-08-2005 22:50:59
BasePriority : Normal


#:25 [intelmem.exe]
FilePath : C:\Program Files\Intel\Modem Event Monitor\
ProcessID : 2440
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 0, 1, 0, 10
ProductVersion : 0, 1, 0, 10
ProductName : Intel Modem Event Monitor Application
CompanyName : Intel Corporation
FileDescription : Modem Event Monitor Application
InternalName : Modem Event Monitor
LegalCopyright : Copyright © 2003
OriginalFilename : IntelMEM.exe

#:26 [jucheck.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2452
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 5.0.20.9
ProductVersion : 5.0.20.9
ProductName : Java™ 2 Platform Standard Edition 5.0 Update 2
CompanyName : Sun Microsystems, Inc.
FileDescription : Java™ Update Checker
InternalName : Java™ Update Checker
LegalCopyright : Copyright © 2004
OriginalFilename : jucheck.exe

#:27 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2468
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:28 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 2512
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:29 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2560
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:30 [dmxlauncher.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2576
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal


#:31 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2604
ThreadCreationTime : 05-08-2005 22:51:00
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:32 [e_s4i0f2.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 2728
ThreadCreationTime : 05-08-2005 22:51:01
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S4I0F2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S4I0F2.EXE

#:33 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2948
ThreadCreationTime : 05-08-2005 22:51:02
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:34 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 3100
ThreadCreationTime : 05-08-2005 22:51:03
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:35 [pokapoka62.exe]
FilePath : C:\WINDOWS\etb\
ProcessID : 3152
ThreadCreationTime : 05-08-2005 22:51:04
BasePriority : Normal


#:36 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 3256
ThreadCreationTime : 05-08-2005 22:51:05
BasePriority : Normal
FileVersion : 1.00.0501
ProductVersion : 1.00.0501
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2544
ThreadCreationTime : 05-08-2005 22:51:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:38 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3808
ThreadCreationTime : 05-08-2005 22:56:52
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:39 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2496
ThreadCreationTime : 05-08-2005 22:58:48
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:40 [appanage.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 06-08-2005 07:58:25
BasePriority : Normal


Adintelligence.AproposToolbar Object Recognized!
Type : Process
Data : appanage.exe
TAC Rating : 5
Category : Misc
Comment :
Object : C:\WINDOWS\system32\


"C:\WINDOWS\system32\appanage.exe"Process terminated successfully
"C:\WINDOWS\system32\appanage.exe"Process terminated successfully

#:41 [asydd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3564
ThreadCreationTime : 06-08-2005 07:58:27
BasePriority : Normal


#:42 [cxtpls.exe]
FilePath : C:\Program Files\Aprps\
ProcessID : 1060
ThreadCreationTime : 06-08-2005 08:02:09
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe

#:43 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 3592
ThreadCreationTime : 06-08-2005 08:19:20
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

TX4.BrowserAd Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}

TX4.BrowserAd Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains

BookedSpace Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

PeopleOnPage Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

VirtualBouncer Object Recognized!
Type : RegValue
Data : .redearthsystems.com
TAC Rating : 5
Category : Malware
Comment : "RURL"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : RURL

VirtualBouncer Object Recognized!
Type : RegValue
Data : 100
TAC Rating : 5
Category : Malware
Comment : "DistID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : DistID

VirtualBouncer Object Recognized!
Type : RegValue
Data : spywarelabs.com
TAC Rating : 5
Category : Malware
Comment : "DURL"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : DURL

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.exactsearch.net

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.exactsear...net/sidesearch"
TAC Rating : 5
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.exactsear...net/sidesearch"

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Misc
Comment : "hBu9RfbnX"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : hBu9RfbnX

Adintelligence.AproposToolbar Object Recognized!
Type : File
Data : appanage.exe
TAC Rating : 5
Category : Misc
Comment :
Object : c:\windows\system32\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 26


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : family@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 05-08-2010 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : family@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 05-08-2008 09:17:24
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : family@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 06-08-2006 09:18:12
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 06-08-2006 09:18:12
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 30



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PeopleOnPage Object Recognized!
Type : File
Data : AutoUpdaterInstaller[1].exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Family\Temporary Internet Files\Content.IE5\YGFVBEY2\



ExactSearchBar Object Recognized!
Type : File
Data : A0008504.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008505.srg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008506.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008507.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008572.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008573.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008593.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008594.srg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008595.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008596.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP126\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


Win32.TrojanDownloader.Small.aly Object Recognized!
Type : File
Data : A0008605.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\



Win32.TrojanDownloader.Small.aly Object Recognized!
Type : File
Data : A0008606.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\



ExactSearchBar Object Recognized!
Type : File
Data : A0008658.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008659.srg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008660.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008661.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


VX2 Object Recognized!
Type : File
Data : A0008771.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


ExactSearchBar Object Recognized!
Type : File
Data : A0008788.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008789.srg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008790.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008791.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP127\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


VX2 Object Recognized!
Type : File
Data : A0008913.EXE
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 2, 0, 1, 8
ProductVersion : 2, 0, 1, 8
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


BargainBuddy Object Recognized!
Type : File
Data : A0008915.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : ADP Module
CompanyName : eXact Advertising
FileDescription : ADP Module
InternalName : apuc
LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


BargainBuddy Object Recognized!
Type : File
Data : A0008916.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008917.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008918.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008920.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 2, 0, 0, 19
ProductVersion : 2, 0, 0, 19
ProductName : nls.dll Module
CompanyName : eXact Advertising
FileDescription : nls.dll Module
InternalName : nls.dll
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.dll


ExactSearchBar Object Recognized!
Type : File
Data : A0008921.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : NAVISearch Module
CompanyName : eXact Advertising
FileDescription : NLS Module
InternalName : NLS
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : nls.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0008928.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : A0008929.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


ExactSearchBar Object Recognized!
Type : File
Data : A0009315.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP129\
FileVe

Last of all after removing viruses etc

Edited by 19scooby71, 06 August 2005 - 06:18 AM.

  • 0

Advertisements

#2
19scooby71
Posted 06 August 2005 - 06:19 AM

19scooby71

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Last of all after removing viruses etc with the help of above I rebooted and tested then did the Hijack this logs as below


Logfile of HijackThis v1.99.1
Scan saved at 1:10:55 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiotimes.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for all your help/........
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP