Downloaded new version of Ad-Aware SE and here is the logfile now.
Any takers?
thx,
tj
Ad-Aware SE Build 1.05
Logfile Created on:Friday, February 25, 2005 8:47:23 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
AltnetBDE(TAC index:4):5 total references
BargainBuddy(TAC index:8):14 total references
BlazeFind(TAC index:5):8 total references
BookedSpace(TAC index:10):7 total references
BrilliantDigital(TAC index:6):22 total references
Claria(TAC index:7):4 total references
CoolWebSearch(TAC index:10):4 total references
DealHelper(TAC index:7):13 total references
DownloadWare(TAC index:8):8 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
eUniverse(TAC index:10):1 total references
ExactSearchBar(TAC index:5):2 total references
Favoriteman(TAC index:8):3 total references
IBIS Toolbar(TAC index:5):21 total references
IGetNet(TAC index:8):3 total references
ImIServer IEPlugin(TAC index:5):4 total references
Lop(TAC index:7):1 total references
MSView(TAC index:10):3 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
SahAgent(TAC index:9):10 total references
Softomate Toolbar(TAC index:9):6 total references
TopMoxie(TAC index:3):6 total references
Tracking Cookie(TAC index:3):463 total references
WindUpdates(TAC index:8):3 total references
VX2(TAC index:10):49 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560
2-25-2005 8:41:00 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R28 16.02.2005
Internal build : 33
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 411893 Bytes
Total size : 1300934 Bytes
Signature data size : 1271214 Bytes
Reference data size : 29208 Bytes
Signatures total : 36156
Fingerprints total : 620
Fingerprints size : 23479 Bytes
Target categories : 15
Target families : 632
2-25-2005 8:41:06 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:261132 kb
Available physical memory:74232 kb
Total page file size:630976 kb
Available on page file:263096 kb
Total virtual memory:2097024 kb
Available virtual memory:2037508 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2-25-2005 8:47:23 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 2-24-2005 8:43:41 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 2-24-2005 8:43:48 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 2-24-2005 8:43:49 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 2-24-2005 8:43:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 2-24-2005 8:43:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 2-24-2005 8:43:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 2-24-2005 8:43:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1620
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal
#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1632
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:14 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1704
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:15 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1808
ThreadCreationTime : 2-24-2005 8:45:03 PM
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1936
ThreadCreationTime : 2-24-2005 8:45:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1968
ThreadCreationTime : 2-24-2005 8:45:07 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:18 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1988
ThreadCreationTime : 2-24-2005 8:45:07 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 248
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 280
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:21 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 316
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 2-24-2005 8:45:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1552
ThreadCreationTime : 2-25-2005 3:06:28 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:24 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 3112
ThreadCreationTime : 2-25-2005 3:06:38 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:25 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 3780
ThreadCreationTime : 2-25-2005 3:06:44 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
#:26 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 3344
ThreadCreationTime : 2-25-2005 3:06:44 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\ipoqaa.dll)
CoolWebSearch Object Recognized!
Type : Process
Data : ipoqaa.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1764
ThreadCreationTime : 2-25-2005 3:06:45 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:28 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 3892
ThreadCreationTime : 2-25-2005 3:06:45 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:29 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 184
ThreadCreationTime : 2-25-2005 3:06:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:30 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2472
ThreadCreationTime : 2-25-2005 3:06:48 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3204
ThreadCreationTime : 2-25-2005 3:06:52 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:32 [hpoant07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\
ProcessID : 972
ThreadCreationTime : 2-25-2005 3:06:58 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOANT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOANT07.EXE
Comments : HP OfficeJet V Series COM Device Objects
#:33 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2504
ThreadCreationTime : 2-25-2005 3:07:01 PM
BasePriority : Normal
#:34 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2976
ThreadCreationTime : 2-25-2005 3:07:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:35 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 3732
ThreadCreationTime : 2-25-2005 3:07:25 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager
#:36 [hpoipm07.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3384
ThreadCreationTime : 2-25-2005 3:07:30 PM
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:37 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 916
ThreadCreationTime : 2-25-2005 3:07:59 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status
#:38 [hpofxm07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 4052
ThreadCreationTime : 2-25-2005 3:08:00 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet G Series Fax Manager
InternalName : HPOFXM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOFXM07.EXE
Comments : HP OfficeJet G Series Fax Manager
#:39 [outlook.exe]
FilePath : C:\PROGRA~1\MICROS~2\Office\
ProcessID : 988
ThreadCreationTime : 2-25-2005 3:11:53 PM
BasePriority : Normal
#:40 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 3820
ThreadCreationTime : 2-25-2005 3:12:12 PM
BasePriority : Normal
#:41 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 880
ThreadCreationTime : 2-25-2005 4:40:51 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:42 [opscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2708
ThreadCreationTime : 2-25-2005 4:46:08 PM
BasePriority : Normal
FileVersion : 10.0.2.610
ProductVersion : 10.0.2.610
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Out of Process Scan Server
InternalName : OPScan
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : OPScan.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback
Value : BuildNumber
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}
Value :
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81739076-56b7-42ec-a0aa-692794fded1a}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81739076-56b7-42ec-a0aa-692794fded1a}
Value :
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}
Value :
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}
Value :
DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{06e53101-654c-45eb-bff6-e37e13b5972a}
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{06e53101-654c-45eb-bff6-e37e13b5972a}
Value :
DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}
DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}
DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}
Value :
eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00d6a7e7-4a97-456f-848a-3b75bf7554d7}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Value :
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1
Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1
Value :
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar
Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar
Value :
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3fa866ac-40d7-4fe6-babf-78ee854a4325}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1757981266-920026266-682003330-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LNI0d1OfSInst"
Rootkey : HKEY_USERS
Object : S-1-5-21-1757981266-920026266-682003330-1004\software\localnrd
Value : LNI0d1OfSInst
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 54
Objects found so far: 55
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@questionmarket[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 2-16-2006 1:20:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@adrevolver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@casalemedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@clickagents[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@targetnet[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@tickle[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@valueclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\
[email protected][1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 79
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : localNrd.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Abertombie\Local Settings\Temp\THI6BEF.tmp\
Elitum.ElitebarBHO Object Recognized!
Type : File
Data : preInsln.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Abertombie\Local Settings\Temp\THI6BEF.tmp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@fastclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@realmedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@valueclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@zedo[1].txt
VX2 Object Recognized!
Type : File
Data : conscorr.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Ash\Local Settings\Temp\
VX2 Object Recognized!
Type : File
Data : conscorr.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Ash\Local Settings\Temp\
FileVersion : 0, 3, 1, 3
ProductVersion : 0, 3, 1, 3
CompanyName : ConsCorr
FileDescription : www.conscorr.com
LegalCopyright : Copyright © 2002
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@0[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@276[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@276[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@adrevolver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\
[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][2].txt
Category : Data Miner
Comment