Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad-Ware SE log

Started by VDC , May 03 2005 11:01 AM

  • This topic is locked This topic is locked

#1
VDC
Posted 03 May 2005 - 11:01 AM

VDC

    New Member

  • Member
  • Pip
  • 5 posts
eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4fc95edd-4796-4966-9049-29649c80111d}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
Value :
eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4fc95edd-4796-4966-9049-29649c80111d}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
Value :
ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{60494593-5408-447d-bd5e-a16640d6af99}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8e0d8965-b97b-468d-8306-a05929e439c1}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
Value :

WhenU Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1

WhenU Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1
Value : WUSE_Id

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : \interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : \interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}
Value :

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\mediacharger

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : UUID

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : PID

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : guid

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : promo

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : ss

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : control

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : controlchecksum

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : updateTime

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : accessStatus

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : failureCount

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpi

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpi
Value : item2

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : Gid

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : Country

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : LastNI

StatBlaster Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores

StatBlaster Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : 35f05749-e699-45df-a27f-79c05110c180

StatBlaster Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_overpro

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\\software\mediacharger

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\intexp
Value : Date

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{5D60FF48-95BE-4956-B4C6-6BB168A70310}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\urlsearchhooks
Value : {5D60FF48-95BE-4956-B4C6-6BB168A70310}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 97
Objects found so far: 97


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagedefault-homepage-network.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://default-homep...t.cgi?new-hklm"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://default-homep...t.cgi?new-hklm"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs....cgi?uid=&id=0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs....cgi?uid=&id=0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainStart Page.startium.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.startium.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.startium.com/"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs....cgi?uid=&id=0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs....cgi?uid=&id=0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURL.shopnav.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.shopnav.com/q.cgi?q="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.shopnav.com/q.cgi?q="

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll

MediaCharger Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll
Value : .Owner

MediaCharger Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll
Value : {EB6AFDAB-E16D-430B-A5EE-0408A12289DC}

MediaCharger Object Recognized!
Type : File
Data : /winnt/downloaded program files/activeinstall.dll
Category : Malware
Comment :
Object : c:\
FileVersion : 1.0.0.20
ProductVersion : 1.0.0.20
ProductName : ActiveInstall Module
FileDescription : ActiveInstall Module
InternalName : ActiveInstall
LegalCopyright : Copyright 2001
OriginalFilename : ActiveInstall.DLL


MediaCharger Object Recognized!
Type : RegValue
Data : C:\WINNT\Downloaded Program Files\ActiveInstall.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINNT\Downloaded Program Files\ActiveInstall.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 110

MRU List Object Recognized!
Location: : C:\Documents and Settings\Dana.Aymar\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Dana.Aymar\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\automap\11.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\automap\11.0\pushpins
Description : list of recently used pushpins in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\automap\11.0\recent file list
Description : list of recently used files in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\office\9.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dana.berry@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-1-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 4-15-2035 10:39:58 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-12-2035 4:39:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 9-6-2014 7:50:08 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dana.Aymar\Cookies\[email protected][2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 151



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PurityScan Object Recognized!
Type : File
Data : spiw.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Dana.Aymar\Application Data\
FileVersion : 1, 0, 0, 1047
ProductVersion : 1.0
ProductName : ChannelUp
CompanyName : PSD Tools, LLC
FileDescription : ChannelUp v1.0
LegalCopyright : Copyright © 2003-2004 PSD Tools, LLC
OriginalFilename : ChannelUp.exe


Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : Duad[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Dana.Aymar\Local Settings\Temporary Internet Files\Content.IE5\83BJMC1H\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@domainsponsor[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@domainsponsor[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@qksrv[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@qksrv[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@tickle[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@tickle[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : joe.kreischer@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\joe.kreischer\Cookies\joe.kreischer@zedo[1].txt

Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : Duad[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\joe.kreischer\Local Settings\Temporary Internet Files\Content.IE5\Q9ESU9RG\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@fastclic
  • 0

Advertisements

#2
Rawe
Posted 03 May 2005 - 11:05 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello...
Would you please repost your scanlog from "Full system scan", following the directions here .
We need to see complete logfile, from beginning to the end, so that we will know what to do.

- Rawe :tazz:
  • 0

#3
VDC
Posted 03 May 2005 - 11:23 AM

VDC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 03, 2005 1:11:07 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):9 total references
BrowserAid(TAC index:6):10 total references
ClearSearch(TAC index:7):18 total references
ClickSpring(TAC index:6):4 total references
Ebates MoneyMaker(TAC index:4):1 total references
eUniverse(TAC index:10):21 total references
EzuLa(TAC index:6):2 total references
ImIServer IEPlugin(TAC index:5):31 total references
MediaCharger(TAC index:5):8 total references
Possible Browser Hijack attempt(TAC index:3):11 total references
PromulGate(TAC index:5):17 total references
PurityScan(TAC index:6):1 total references
Roings(TAC index:8):1 total references
StatBlaster(TAC index:8):7 total references
Tracking Cookie(TAC index:3):132 total references
WhenU(TAC index:3):2 total references
Win32.TrojanDownloader.Agent.Ay(TAC index:7):3 total references
VX2(TAC index:10):41 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:27 %
Total physical memory:260088 kb
Available physical memory:68076 kb
Total page file size:631200 kb
Available on page file:451920 kb
Total virtual memory:2097024 kb
Available virtual memory:1977448 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-3-2005 1:11:07 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-3-2005 3:59:33 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-3-2005 3:59:42 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-3-2005 3:59:44 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-3-2005 3:59:46 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-3-2005 3:59:46 PM
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 5-3-2005 3:59:51 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 436
ThreadCreationTime : 5-3-2005 3:59:51 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [clisvcl.exe]
ModuleName : C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
Command Line : C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
ProcessID : 508
ThreadCreationTime : 5-3-2005 3:59:58 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Client Service
InternalName : CLISVCL
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : CLISVCL.EXE

#:9 [defwatch.exe]
ModuleName : C:\PROGRA~1\NavNT\DefWatch.exe
Command Line : C:\PROGRA~1\NavNT\DefWatch.exe
ProcessID : 524
ThreadCreationTime : 5-3-2005 4:00:00 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 540
ThreadCreationTime : 5-3-2005 4:00:00 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [rtvscan.exe]
ModuleName : C:\PROGRA~1\NavNT\rtvscan.exe
Command Line : C:\PROGRA~1\NavNT\rtvscan.exe
ProcessID : 588
ThreadCreationTime : 5-3-2005 4:00:03 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:12 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 660
ThreadCreationTime : 5-3-2005 4:00:05 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:13 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 676
ThreadCreationTime : 5-3-2005 4:00:06 PM
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:14 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 800
ThreadCreationTime : 5-3-2005 4:00:08 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:15 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 860
ThreadCreationTime : 5-3-2005 4:00:11 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:16 [mspmspsv.exe]
ModuleName : C:\WINNT\System32\mspmspsv.exe
Command Line : C:\WINNT\System32\mspmspsv.exe
ProcessID : 876
ThreadCreationTime : 5-3-2005 4:00:11 PM
BasePriority : Normal
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:17 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 888
ThreadCreationTime : 5-3-2005 4:00:12 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:18 [wuser32.exe]
ModuleName : C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
Command Line : C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
ProcessID : 912
ThreadCreationTime : 5-3-2005 4:00:12 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : WUSER32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : WUSER32.EXE

#:19 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1276
ThreadCreationTime : 5-3-2005 4:00:26 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:20 [smsapm32.exe]
ModuleName : C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
Command Line : C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
ProcessID : 1260
ThreadCreationTime : 5-3-2005 4:00:30 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Manager (Win32)
InternalName : SMSAPM32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : SMSAPM32.EXE

#:21 [launch32.exe]
ModuleName : C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
Command Line : "C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE"
ProcessID : 1240
ThreadCreationTime : 5-3-2005 4:00:56 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : LAUNCH32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : LAUNCH32.EXE

#:22 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1384
ThreadCreationTime : 5-3-2005 4:00:59 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [glf258.exe]
ModuleName : C:\Program Files\eBlocs\SpyBlocs\GLF258.exe
Command Line : "C:\Program Files\eBlocs\SpyBlocs\GLF258.exe"
ProcessID : 1432
ThreadCreationTime : 5-3-2005 4:01:03 PM
BasePriority : Normal
FileVersion : 6, 20, 28, 0
ProductVersion : 6, 20, 28, 0
ProductName : SpyBlocs Application
CompanyName : www.eblocs.com
FileDescription : SpyBlocs MFC Application
InternalName : SpyBlocs
LegalCopyright : Copyright © 2005, www.eblocs.com
OriginalFilename : SpyBlocs.EXE

#:24 [smsmon32.exe]
ModuleName : C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
Command Line : C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe -startup
ProcessID : 1452
ThreadCreationTime : 5-3-2005 4:01:13 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Monitor (Win32)
InternalName : SMSMON32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : SMSMON32.EXE

#:25 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 384
ThreadCreationTime : 5-3-2005 4:29:16 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:26 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 756
ThreadCreationTime : 5-3-2005 4:43:39 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : btgrabdll.btgrabdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : btgrabdll.btgrabdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : btgrabdll.btgrabdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : btgrabdll.btgrabdllobj.1
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000000221}

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000000221}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-f09c-02b4-6ec2-ad0300000000}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-f09c-02b4-6ec2-ad0300000000}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4fc95edd-4796-4966-9049-29649c80111d}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4fc95edd-4796-4966-9049-29649c80111d}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore
Value :

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : csie.csiecore.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{60494593-5408-447d-bd5e-a16640d6af99}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8e0d8965-b97b-468d-8306-a05929e439c1}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
Value :

WhenU Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1

WhenU Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1
Value : WUSE_Id

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : \interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : \interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}
Value :

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\mediacharger

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : UUID

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : PID

ClearSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : guid

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : promo

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : ss

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : control

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : controlchecksum

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : updateTime

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : accessStatus

ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clrsch
Value : failureCount

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpi

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpi
Value : item2

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : Gid

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : Country

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\runwindowsupdate
Value : LastNI

StatBlaster Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores

StatBlaster Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : 35f05749-e699-45df-a27f-79c05110c180

StatBlaster Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : temp_overpro

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\\software\mediacharger

Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\intexp
Value : Date

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{5D60FF48-95BE-4956-B4C6-6BB168A70310}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1993962763-2146910623-839522115-2869\software\microsoft\internet explorer\urlsearchhooks
Value : {5D60FF48-95BE-4956-B4C6-6BB168A70310}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 97
Objects found so far: 97


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagedefault-homepage-network.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://default-homep...t.cgi?new-hklm"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://default-homep...t.cgi?new-hklm"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8927992&id=5.0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drs...8927992&id=5.0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs....cgi?uid=&id=0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs....cgi?uid=&id=0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainStart Page.startium.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.startium.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.startium.com/"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs....cgi?uid=&id=0"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs....cgi?uid=&id=0"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURL.shopnav.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.shopnav.com/q.cgi?q="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.shopnav.com/q.cgi?q="

MediaCharger Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll

MediaCharger Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll
Value : .Owner

MediaCharger Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINNT/Downloaded Program Files/ActiveInstall.dll
Value : {EB6AFDAB-E16D-430B-A5EE-0408A12289DC}

MediaCharger Object Recognized!
Type : File
Data : /winnt/downloaded program files/activeinstall.dll
Category : Malware
Comment :
Object : c:\
FileVersion : 1.0.0.20
ProductVersion : 1.0.0.20
ProductName : ActiveInstall Module
FileDescription : ActiveInstall Module
InternalName : ActiveInstall
LegalCopyright : Copyright 2001
OriginalFilename : ActiveInstall.DLL


MediaCharger Object Recognized!
Type : RegValue
Data : C:\WINNT\Downloaded Program Files\ActiveInstall.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINNT\Downloaded Program Files\ActiveInstall.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 110


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dana.berry@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-1-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 4-15-2035 10:39:58 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-12-2035 4:39:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 9-6-2014 7:50:08 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dana.Aymar\Cookies\[email protected][2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 115


PurityScan Object Recognized!
  • 0

#4
Rawe
Posted 03 May 2005 - 11:46 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your logfile is incomplete.
Please keep copying it ..
You'll know when you are at the end when you see "Summary of this scan" information has posted. Start to copy from the object it left on your previous post.

- Rawe :tazz:
  • 0

#5
VDC
Posted 03 May 2005 - 01:17 PM

VDC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@maxserving[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kelly.shiflet@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\kelly.shiflet@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\kelly.shiflet\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : miguel.malave@overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\miguel.malave@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Miguel.Malave\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@accumail[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@accumail[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@bfast[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@clickbank[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@clickbank[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@fastclick[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@fastclick[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@gator[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@gator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@linksynergy[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@linksynergy[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@mediaplex[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@popupsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@popupsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@sexlist[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@sexlist[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@tripod[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@tripod[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@xxxcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@xxxcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : orlando.sales@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Orlando.Sales\Cookies\orlando.sales@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sean.hogan@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sean.hogan\Cookies\sean.hogan@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sean.hogan@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sean.hogan\Cookies\sean.hogan@centrport[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sean.hogan@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sean.hogan\Cookies\sean.hogan@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sean.hogan@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sean.hogan\Cookies\sean.hogan@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sean.hogan@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\sean.hogan\Cookies\sean.hogan@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@domainsponsor[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : theresa.vultaggio@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\theresa.vultaggio@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\theresa.vultaggio\Cookies\[email protected][1].txt

EzuLa Object Recognized!
Type : File
Data : ESB.exe
Category : Data Miner
Comment :
Object : C:\
FileVersion : 2, 0, 70, 00
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : EARNStatBlaster10
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


PromulGate Object Recognized!
Type : File
Data : dpi.exe
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\Dpi\



eUniverse Object Recognized!
Type : File
Data : wupdater.exe
Category : Data Miner
Comment :
Object : C:\Program Files\Common Files\updater\
FileVersion : 1, 3, 5, 0
ProductVersion : 1, 3, 5, 0
ProductName : Updater Application
FileDescription : Updater Application
InternalName : Updater
LegalCopyright : Copyright © 2003
OriginalFilename : updater.exe


MediaCharger Object Recognized!
Type : File
Data : ActiveInstall.dll
Category : Malware
Comment :
Object : C:\WINNT\Downloaded Program Files\
FileVersion : 1.0.0.20
ProductVersion : 1.0.0.20
ProductName : ActiveInstall Module
FileDescription : ActiveInstall Module
InternalName : ActiveInstall
LegalCopyright : Copyright 2001
OriginalFilename : ActiveInstall.DLL


VX2 Object Recognized!
Type : File
Data : FT1_01_0_251_GEPFAH.EXE
Category : Malware
Comment :
Object : C:\WINNT\



Ebates MoneyMaker Object Recognized!
Type : File
Data : mmaker2.exe
Category : Data Miner
Comment :
Object : C:\WINNT\



VX2 Object Recognized!
Type : File
Data : polmx2.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : remtm2.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


VX2 Object Recognized!
Type : File
Data : satmat.exe
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 0, 1, 1, 3
ProductVersion : 0, 1, 1, 3
CompanyName : Better Internet Inc.
FileDescription : www.abetterinternet.com
LegalCopyright : Copyright © 2002


ImIServer IEPlugin Object Recognized!
Type : File
Data : systb.dll_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : wbho Module
FileDescription : wbho Module
InternalName : wbho
LegalCopyright : Copyright 2004
OriginalFilename : wbho.DLL


VX2 Object Recognized!
Type : File
Data : 0021-bdl94126.EXE
Category : Malware
Comment :
Object : C:\WINNT\system32\



ClearSearch Object Recognized!
Type : File
Data : CS4P028.exe
Category : Data Miner
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 4, 0, 4
ProductVersion : 1, 4, 0, 4
ProductName : Loader
CompanyName : Clear Search
FileDescription : Loader
InternalName : Loader
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : Loader.exe


PromulGate Object Recognized!
Type : File
Data : dp-k13w13.exe
Category : Data Miner
Comment :
Object : C:\WINNT\system32\



Win32.TrojanDownloader.Agent.Ay Object Recognized!
Type : File
Data : qurnrwv.exe
Category : Data Miner
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


StatBlaster Object Recognized!
Type : File
Data : silent.exe
Category : Data Miner
Comment :
Object : C:\WINNT\system32\



BrowserAid Object Recognized!
Type : File
Data : stlbdist.DLL
Category : Data Miner
Comment :
Object : C:\WINNT\system32\



ClickSpring Object Recognized!
Type : File
Data : wtssu.exe
Category : Malware
Comment :
Object : C:\WINNT\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : sear1 Application
FileDescription : sear1 MFC Application
InternalName : sear1
LegalCopyright : Copyright © 2002
OriginalFilename : sear1.EXE


StatBlaster Object Recognized!
Type : File
Data : update_1.exe
Category : Data Miner
Comment :
Object : C:\WINNT\Temp\



StatBlaster Object Recognized!
Type : File
Data : WinWildApp.exe
Category : Data Miner
Comment :
Object : C:\WINNT\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 264


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.
New critical objects:0
Objects found so far: 264



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Get out of Debt!.url
Category : Misc
Comment : Problematic URL discovered: www.adsrve.com/favorites.php?id=7&i=21503328
Object : C:\Documents and Settings\Dana.Aymar\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Pharmacy.url
Category : Misc
Comment : Problematic URL discovered: www.adsrve.com/favorites.php?id=8&i=21503328
Object : C:\Documents and Settings\Dana.Aymar\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Submit Resume.url
Category : Misc
Comment : Problematic URL discovered: www.adsrve.com/favorites.php?id=9&i=21503328
Object : C:\Documents and Settings\Dana.Aymar\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\incredifind

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\incredifind
Value : UID

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : installDate

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : cid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : puid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : Install_Dir

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : EXEname

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : VersionNumber

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updmgr
Value : LastUpdateAttempt

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {4FC95EDD-4796-4966-9049-29649C80111D}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2trSEvnt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIL1a2stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1S2Insur

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIL1a2stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BI1C2ntrSTransac

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BII1n2ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1u2rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIs1t2i3cky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIs1t2icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIs1t2icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIs1t2icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIS1t2atusOfSInst

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\DOCUME~1\DANA~1.AYM\LOCALS~1\Temp\DrTemp

VX2 Object Recognized!
Type : File
Data : BTGrab.dll
Category : Malware
Comment :
Object : C:\DOCUME~1\DANA~1.AYM\LOCALS~1\Temp\
FileVersion : 0, 9, 4, 89
ProductVersion : 0, 9, 4, 89
ProductName : btgrab
CompanyName : BTGrab
FileDescription : www.btgrab.com
LegalCopyright : Copyright © 2005
OriginalFilename : btgrab.dll
Comments : www.btgrab.com


VX2 Object Recognized!
Type : File
Data : bi.dll
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 0, 0, 4, 35
ProductVersion : 0, 0, 4, 35
ProductName : Win32 BI Application
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
LegalCopyright : Copyright © 2003
OriginalFilename : BI.DLL
Comments : www.abetterinternet.com


VX2 Object Recognized!
Type : File
Data : bi.ini
Category : Malware
Comment :
Object : C:\WINNT\



VX2 Object Recognized!
Type : File
Data : payload2.inf
Category : Malware
Comment :
Object : C:\WINNT\downloaded program files\



VX2 Object Recognized!
Type : File
Data : bi.inf
Category : Malware
Comment :
Object : C:\WINNT\inf\



VX2 Object Recognized!
Type : File
Data : payload.inf
Category : Malware
Comment :
Object : C:\WINNT\inf\



VX2 Object Recognized!
Type : File
Data : payload2.inf
Category : Malware
Comment :
Object : C:\WINNT\inf\



ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINNT\



PromulGate Object Recognized!
Type : File
Data : dpi.inf
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\..\application data\dpi\



PromulGate Object Recognized!
Type : File
Data : dpih.inf
Category : Data Miner
Comment :
Object : C:\Documents and Settings\All Users\Start Menu\..\application data\dpi\



BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\updt

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\updt
Value : upt

BrowserAid Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Dana.Aymar\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}

BrowserAid Object Recognized!
Type : File
Data : stlbdist.XML
Category : Data Miner
Comment :
Object : C:\WINNT\system32\



StatBlaster Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 52
Objects found so far: 319

1:18:48 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:40.984
Objects scanned:96979
Objects identified:319
Objects ignored:0
New critical objects:319
  • 0

#6
Rawe
Posted 03 May 2005 - 11:37 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#7
VDC
Posted 04 May 2005 - 02:35 PM

VDC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the new log: :tazz:

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 4:18:32 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:28 %
Total physical memory:260088 kb
Available physical memory:72804 kb
Total page file size:631200 kb
Available on page file:483440 kb
Total virtual memory:2097024 kb
Available virtual memory:1996768 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-4-2005 4:18:32 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 5-4-2005 8:02:15 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-4-2005 8:02:24 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-4-2005 8:02:26 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-4-2005 8:02:28 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-4-2005 8:02:28 PM
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 408
ThreadCreationTime : 5-4-2005 8:02:32 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 436
ThreadCreationTime : 5-4-2005 8:02:33 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [clisvcl.exe]
ModuleName : C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
Command Line : C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
ProcessID : 516
ThreadCreationTime : 5-4-2005 8:02:40 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Client Service
InternalName : CLISVCL
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : CLISVCL.EXE

#:9 [defwatch.exe]
ModuleName : C:\PROGRA~1\NavNT\DefWatch.exe
Command Line : C:\PROGRA~1\NavNT\DefWatch.exe
ProcessID : 532
ThreadCreationTime : 5-4-2005 8:02:42 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:10 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 548
ThreadCreationTime : 5-4-2005 8:02:42 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [rtvscan.exe]
ModuleName : C:\PROGRA~1\NavNT\rtvscan.exe
Command Line : C:\PROGRA~1\NavNT\rtvscan.exe
ProcessID : 600
ThreadCreationTime : 5-4-2005 8:02:44 PM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:12 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 676
ThreadCreationTime : 5-4-2005 8:02:47 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:13 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 692
ThreadCreationTime : 5-4-2005 8:02:48 PM
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:14 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 796
ThreadCreationTime : 5-4-2005 8:02:49 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:15 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 336
ThreadCreationTime : 5-4-2005 8:02:51 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:16 [mspmspsv.exe]
ModuleName : C:\WINNT\System32\mspmspsv.exe
Command Line : C:\WINNT\System32\mspmspsv.exe
ProcessID : 864
ThreadCreationTime : 5-4-2005 8:02:52 PM
BasePriority : Normal
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:17 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 880
ThreadCreationTime : 5-4-2005 8:02:52 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:18 [wuser32.exe]
ModuleName : C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
Command Line : C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
ProcessID : 900
ThreadCreationTime : 5-4-2005 8:02:52 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : WUSER32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : WUSER32.EXE

#:19 [smsapm32.exe]
ModuleName : C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
Command Line : C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
ProcessID : 1248
ThreadCreationTime : 5-4-2005 8:03:04 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Manager (Win32)
InternalName : SMSAPM32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : SMSAPM32.EXE

#:20 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1196
ThreadCreationTime : 5-4-2005 8:05:15 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:21 [launch32.exe]
ModuleName : C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
Command Line : "C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE"
ProcessID : 1284
ThreadCreationTime : 5-4-2005 8:05:21 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : Systems Management Server
InternalName : LAUNCH32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : LAUNCH32.EXE

#:22 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1332
ThreadCreationTime : 5-4-2005 8:05:23 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [smsmon32.exe]
ModuleName : C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
Command Line : C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe -startup
ProcessID : 1364
ThreadCreationTime : 5-4-2005 8:05:26 PM
BasePriority : Normal
FileVersion : 2.00.1493.5011
ProductVersion : 2.00.1493.5011
ProductName : Systems Management Server
CompanyName : Microsoft Corporation
FileDescription : SMS 2.0 Client - Advertised Programs Monitor (Win32)
InternalName : SMSMON32
LegalCopyright : Copyright © Microsoft Corporation 1994-2003
OriginalFilename : SMSMON32.EXE

#:24 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1192
ThreadCreationTime : 5-4-2005 8:05:32 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.
New critical objects:0
Objects found so far: 0


4:22:26 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:53.360
Objects scanned:76307
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#8
Rawe
Posted 04 May 2005 - 02:38 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:

(After restored, reboot, rescan with Ad-aware SE, and post a fresh scanlog.)
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP