Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this log [CLOSED]


  • This topic is locked This topic is locked

#1
nsb92263

nsb92263

    New Member

  • Member
  • Pip
  • 1 posts
I'm new to this. I'm giving Geeks To Go a try at helping get rid of corrupted files. Please look over my log and help me understand what to do to clean this mess up.
Thanks so much.
Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, September 03, 2005 9:06:20 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R64 31.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):108 total references
BroadCastPC(TAC index:7):6 total references
DyFuCA(TAC index:3):16 total references
EzuLa(TAC index:6):62 total references
FlashenhancerBHO(TAC index:7):3 total references
FlashTrack(TAC index:7):2 total references
Hijacker.TopConverting(TAC index:5):1 total references
IBIS Toolbar(TAC index:5):21 total references
IEHijacker.ZestyFind(TAC index:6):7 total references
istbar(TAC index:7):9 total references
MRU List(TAC index:0):39 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Powerscan(TAC index:5):7 total references
PromulGate(TAC index:5):8 total references
PurityScan(TAC index:6):2 total references
SahAgent(TAC index:9):6 total references
SideFind(TAC index:5):4 total references
Surfaccuracy(TAC index:5):2 total references
SurfSideKickBHO(TAC index:7):5 total references
Tracking Cookie(TAC index:3):145 total references
WhenU(TAC index:3):44 total references
WhenU.SaveNow(TAC index:10):1 total references
Zango(TAC index:6):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R64 31.08.2005
Internal build : 75
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 515324 Bytes
Total size : 1551493 Bytes
Signature data size : 1518382 Bytes
Reference data size : 32599 Bytes
Signatures total : 43181
CSI Fingerprints total : 1032
CSI data size : 36709 Bytes
Target categories : 15
Target families : 740


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:252656 kb
Available physical memory:64808 kb
Total page file size:620448 kb
Available on page file:308988 kb
Total virtual memory:2097024 kb
Available virtual memory:2038828 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-3-2005 9:06:20 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 652
ThreadCreationTime : 9-4-2005 12:45:52 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 728
ThreadCreationTime : 9-4-2005 12:45:54 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 772
ThreadCreationTime : 9-4-2005 12:45:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 784
ThreadCreationTime : 9-4-2005 12:45:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 944
ThreadCreationTime : 9-4-2005 12:45:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1084
ThreadCreationTime : 9-4-2005 12:45:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1460
ThreadCreationTime : 9-4-2005 12:45:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : n/a
ProcessID : 1572
ThreadCreationTime : 9-4-2005 12:46:05 AM
BasePriority : Normal


#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : n/a
ProcessID : 1636
ThreadCreationTime : 9-4-2005 12:46:06 AM
BasePriority : Normal
FileVersion : 4, 0, 7, 1
ProductVersion : 4, 0, 7, 1
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:10 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : n/a
ProcessID : 1656
ThreadCreationTime : 9-4-2005 12:46:06 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:11 [sqlservr.exe]
ModuleName : C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
Command Line : n/a
ProcessID : 1672
ThreadCreationTime : 9-4-2005 12:46:06 AM
BasePriority : Normal
FileVersion : 2000.080.0194.00
ProductVersion : 8.00.194
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2000 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:12 [prismxl.sys]
ModuleName : C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
Command Line : n/a
ProcessID : 1788
ThreadCreationTime : 9-4-2005 12:46:09 AM
BasePriority : Normal
FileVersion : 4.10
ProductVersion : 4.10
ProductName : PrismXL Software Family
CompanyName : Lanovation
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : Copyright © 1997-2002 Lanovation
OriginalFilename : PrismXL.sys

#:13 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1832
ThreadCreationTime : 9-4-2005 12:46:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : n/a
ProcessID : 1948
ThreadCreationTime : 9-4-2005 12:46:10 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:15 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1996
ThreadCreationTime : 9-4-2005 12:46:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : n/a
ProcessID : 380
ThreadCreationTime : 9-4-2005 12:46:11 AM
BasePriority : High


#:17 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1112
ThreadCreationTime : 9-4-2005 12:46:44 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1984
ThreadCreationTime : 9-4-2005 12:46:49 AM
BasePriority : Normal
FileVersion : 4, 0, 7, 1
ProductVersion : 4, 0, 7, 1
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © Ahead Software 1996-2003, Karlsbad, Germany
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:19 [mmtask.exe]
ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Command Line : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
ProcessID : 2056
ThreadCreationTime : 9-4-2005 12:46:49 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:20 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2116
ThreadCreationTime : 9-4-2005 12:46:49 AM
BasePriority : Normal
FileVersion : 6.3
ProductVersion : QuickTime 6.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:21 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 2232
ThreadCreationTime : 9-4-2005 12:46:53 AM
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:22 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 2304
ThreadCreationTime : 9-4-2005 12:46:55 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:23 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 2356
ThreadCreationTime : 9-4-2005 12:46:56 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:24 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 2392
ThreadCreationTime : 9-4-2005 12:46:59 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:25 [hppwrsav.exe]
ModuleName : C:\SCANJET\PrecisionScanLT\hppwrsav.exe
Command Line : "C:\SCANJET\PrecisionScanLT\hppwrsav.exe"
ProcessID : 2412
ThreadCreationTime : 9-4-2005 12:46:59 AM
BasePriority : Normal


#:26 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2420
ThreadCreationTime : 9-4-2005 12:47:00 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [exec.exe]
ModuleName : C:\Program Files\Juno\exec.exe
Command Line : "C:\Program Files\Juno\exec.exe" regrun
ProcessID : 2480
ThreadCreationTime : 9-4-2005 12:47:03 AM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.

#:28 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2544
ThreadCreationTime : 9-4-2005 12:47:06 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:29 [aoltray.exe]
ModuleName : C:\Program Files\America Online 9.0\aoltray.exe
Command Line : "C:\Program Files\America Online 9.0\aoltray.exe" -check
ProcessID : 2832
ThreadCreationTime : 9-4-2005 12:47:28 AM
BasePriority : Normal
FileVersion : 9.00.000
ProductVersion : 9.00.000
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2003

#:30 [snapdetect.exe]
ModuleName : C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
Command Line : "C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe"
ProcessID : 2840
ThreadCreationTime : 9-4-2005 12:47:28 AM
BasePriority : Normal


#:31 [wkcalrem.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe"
ProcessID : 3028
ThreadCreationTime : 9-4-2005 12:47:59 AM
BasePriority : Normal
FileVersion : 7.02.0620.0
ProductVersion : 7.02.0620.0
ProductName : Microsoft® Works 7.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:32 [sqlmangr.exe]
ModuleName : C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Command Line : "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe" /n
ProcessID : 3072
ThreadCreationTime : 9-4-2005 12:48:01 AM
BasePriority : Normal
FileVersion : 2000.080.0194.00
ProductVersion : 8.00.194
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Service Manager
InternalName : SQLMANGR
LegalCopyright : © 1988-2000 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLMANGR.exe
Comments : NT INTEL X86

#:33 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 3176
ThreadCreationTime : 9-4-2005 12:48:11 AM
BasePriority : Normal


#:34 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 3212
ThreadCreationTime : 9-4-2005 12:48:18 AM
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:35 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\guard.tmp",DllGetVersion
ProcessID : 3300
ThreadCreationTime : 9-4-2005 12:48:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:36 [7ta2hmsl.exe]
ModuleName : C:\WINDOWS\system32\7ta2hmsl.exe
Command Line : C:\WINDOWS\system32\7ta2hmsl.exe
ProcessID : 828
ThreadCreationTime : 9-4-2005 12:55:17 AM
BasePriority : Idle
FileVersion : 4, 1, 0, 6
ProductVersion : 4, 1, 0, 6

#:37 [iexplore.exe]
ModuleName : C:\program files\internet explorer\iexplore.exe
Command Line : "C:\program files\internet explorer\iexplore.exe" "C:\WINDOWS\TEMP\2U3PNJD3.html"
ProcessID : 1748
ThreadCreationTime : 9-4-2005 1:05:14 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:38 [ptdxregu.exe]
ModuleName : c:\windows\system32\ptdxregu.exe
Command Line : c:\windows\system32\ptdxregu.exe DO0605
ProcessID : 3496
ThreadCreationTime : 9-4-2005 1:05:28 AM
BasePriority : Idle
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : © 2004

#:39 [rsysvw2d.exe]
ModuleName : C:\WINDOWS\system32\rsysvw2d.exe
Command Line : C:\WINDOWS\system32\rsysvw2d.exe
ProcessID : 3676
ThreadCreationTime : 9-4-2005 1:05:44 AM
BasePriority : Idle
FileVersion : 0.42
ProductVersion : 1.0b
LegalCopyright : Copyright © 2004

#:40 [hijackthis.exe]
ModuleName : C:\DOCUME~1\Sue\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
Command Line : "C:\DOCUME~1\Sue\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe"
ProcessID : 3628
ThreadCreationTime : 9-4-2005 1:13:32 AM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:41 [notepad.exe]
ModuleName : C:\WINDOWS\system32\NOTEPAD.EXE
Command Line : "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Sue\My Documents\hijackthis.log
ProcessID : 184
ThreadCreationTime : 9-4-2005 1:23:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3276
ThreadCreationTime : 9-4-2005 2:00:42 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{370f6327-41c4-4fa6-a2df-1ba57ee0fbb9}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\ezulabootexe.exe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{c0335198-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8a044396-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}

WhenU Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wusn.1

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent.1

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ist
Value : NeverISTsvc

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : STRUP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : TPV

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : NP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : ZP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : HP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : EP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : PP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : BP

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\ezula
Value : WP

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-725345543-1220945662-839522115-1002\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\ezulabootexe.exe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{c0335198-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2babd334-5c3f-11d4-b184-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c03351a4-6755-11d4-8a73-0050da2ee1be}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulabootexe.installctrl.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe.1

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a542-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a544-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{7edc96e1-5dd3-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c03351a3-6755-11d4-8a73-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372dc-f552-11d3-8528-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372de-f552-11d3-8528-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{8a044396-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{c0335197-6755-11d4-8a73-0050da2ee1be}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

WhenU Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave

WhenU Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave
Value : InstallDir

WhenU Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave
Value : pats_url

WhenU Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please visit this page and scroll down to Step 5. Follow the instructions there to download a tool called Hijackthis and post a log here as a reply to this post.

http://www.geekstogo..._Log-t2852.html
  • 0

#3
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP