Ad-Aware SE Build 1.05
Logfile Created on:Friday, December 24, 2004 3:17:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R23 16.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):21 total references
CoolWebSearch(TAC index:10):9 total references
midADdle(TAC index:4):10 total references
MRU List(TAC index:0):7 total references
Rads01.Quadrogram(TAC index:6):1 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
12-24-2004 3:17:19 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 144
ThreadCreationTime : 12-24-2004 4:04:50 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 168
ThreadCreationTime : 12-24-2004 4:05:05 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 188
ThreadCreationTime : 12-24-2004 4:05:08 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 216
ThreadCreationTime : 12-24-2004 4:05:09 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 228
ThreadCreationTime : 12-24-2004 4:05:09 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [ibmpmsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 340
ThreadCreationTime : 12-24-2004 4:05:14 PM
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 396
ThreadCreationTime : 12-24-2004 4:05:14 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 444
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 496
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:10 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 524
ThreadCreationTime : 12-24-2004 4:05:15 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:11 [mnmsrvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 416
ThreadCreationTime : 12-24-2004 4:05:19 PM
BasePriority : Normal
FileVersion : 4.4.3385
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : NetMeeting Remote Desktop Sharing
InternalName : mnmsrvc
LegalCopyright : Copyright © Microsoft Corporation 1996-1999
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : mnmsrvc.dll
#:12 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 600
ThreadCreationTime : 12-24-2004 4:05:20 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 668
ThreadCreationTime : 12-24-2004 4:05:24 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 684
ThreadCreationTime : 12-24-2004 4:05:25 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:15 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 720
ThreadCreationTime : 12-24-2004 4:05:26 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:16 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 772
ThreadCreationTime : 12-24-2004 4:05:27 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:17 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ProcessID : 792
ThreadCreationTime : 12-24-2004 4:05:28 PM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:18 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 804
ThreadCreationTime : 12-24-2004 4:05:29 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1104
ThreadCreationTime : 12-24-2004 4:06:07 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:20 [tp4serv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1236
ThreadCreationTime : 12-24-2004 4:06:15 PM
BasePriority : Normal
FileVersion : 3.03
ProductVersion : 3.03
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright © IBM Corporation 1997-2001
OriginalFilename : daemon.exe
#:21 [ltmsg.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1248
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 12
ProductVersion : 1, 0, 1, 12
ProductName : LUCENT TECHNOLOGIES ltmsg
CompanyName : LUCENT TECHNOLOGIES
FileDescription : ltmsg
InternalName : ltmsg
LegalCopyright : Copyright © 1999
OriginalFilename : ltmsg.exe
Comments : Messaging application for Lucent Modem
#:22 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 1280
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal
#:23 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1296
ThreadCreationTime : 12-24-2004 4:06:16 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE
#:24 [ico.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1304
ThreadCreationTime : 12-24-2004 4:06:17 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:25 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1320
ThreadCreationTime : 12-24-2004 4:06:17 PM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1336
ThreadCreationTime : 12-24-2004 4:06:18 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:27 [ebkg1xp.exe]
FilePath : C:\documents and settings\administrator\local settings\temp\
ProcessID : 1376
ThreadCreationTime : 12-24-2004 4:06:19 PM
BasePriority : Normal
midADdle Object Recognized!
Type : Process
Data : eBKg1Xp.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\documents and settings\administrator\local settings\temp\
Warning! midADdle Object found in memory(C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe)
Warning! "C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe"Process could not be terminated!
"C:\documents and settings\administrator\local settings\temp\eBKg1Xp.exe"Process terminated successfully
#:28 [monitorbk.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1412
ThreadCreationTime : 12-24-2004 4:06:20 PM
BasePriority : Normal
FileVersion : 3, 1, 4, 23
ProductVersion : 3, 1, 4, 23
ProductName : Wireless LAN Monitor Utility
CompanyName : Belkin Components
FileDescription : Wireless LAN Monitor Utility
InternalName : monitorbk.exe
LegalCopyright : Copyright © 2002 Belkin Components
LegalTrademarks : Belkin Components
OriginalFilename : monitorbk.exe
Comments : Wireless LAN Monitor Utility
#:29 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1444
ThreadCreationTime : 12-24-2004 4:06:27 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:30 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 296
ThreadCreationTime : 12-24-2004 4:51:48 PM
BasePriority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 304
ThreadCreationTime : 12-24-2004 8:17:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value :
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value : AppID
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e8eaeb34-f7b5-4c55-87ff-720faf53d841}
Value :
midADdle Object Recognized!
Type : Regkey
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}
midADdle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\searchhelp.dll
midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\searchhelp.dll
Value : AppID
midADdle Object Recognized!
Type : Regkey
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\1.0
midADdle Object Recognized!
Type : RegValue
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ecb25a48-e6e0-49af-99af-07c763e31389}\1.0
Value :
midADdle Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e318d698-27b3-44d5-8998-c35eafb9c034}
midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e318d698-27b3-44d5-8998-c35eafb9c034}
Value :
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl
CoolWebSearch Object Recognized!
Type : RegData
Data : CSearchHelpIEExtension Object
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp
Value :
Data : CSearchHelpIEExtension Object
midADdle Object Recognized!
Type : RegData
Data : SearchHelp
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid
Value :
Data : SearchHelp
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-842364552-819684009-115087773-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-21-2014 7:32:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2-22-2005 11:19:40 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 1-1-2038
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 33
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Rads01.Quadrogram Object Recognized!
Type : File
Data : msexreg.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\3Com\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\biosupdate1.2.1\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\Documents and Settings\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\DRIVERS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\I386\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\My Music\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\Recycled\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\RECYCLER\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\WINNT\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Disk Scan Result for C:\WUTemp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
midADdle Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Updater
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhelp
Value :
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PIDNoCB
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PIDNoNLS
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PrevBBBuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKey
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System
BargainBuddy Object Recognized!
Type : File
Data : exul.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe
BargainBuddy Object Recognized!
Type : File
Data : exdl.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE
BargainBuddy Object Recognized!
Type : File
Data : angelex.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
BargainBuddy Object Recognized!
Type : File
Data : zeta.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
BargainBuddy Object Recognized!
Type : File
Data : exdl0.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : autoheal.exe
Category : Malware
Comment :
Object : C:\WINNT\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 51
3:31:12 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:52.167
Objects scanned:125082
Objects identified:52
Objects ignored:0
New critical objects:52