Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32.Alcan.A causing havoc [CLOSED]

Started by Tender_Prey , Jun 16 2005 04:03 PM

  • This topic is locked This topic is locked

#1
Tender_Prey
Posted 16 June 2005 - 04:03 PM

Tender_Prey

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I hope you can help.
I have the the W32.Alcan.a worm in my system and it refuses to leave and it's really causing havoc with my system (installing malware etc!).
Please see Ad-aware log below.
I have Killbox and CCleaner installed.
One major problem for the fix is that my computer no longer starts in Safe Mode (but perhaps this is a result of the worm??)
Many Thanks for any advice.


Ad-Aware SE Build 1.06r1
Logfile Created on:16 June 2005 23:12:45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R50 13.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R50 13.06.2005
Internal build : 58
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 481146 Bytes
Total size : 1456012 Bytes
Signature data size : 1427935 Bytes
Reference data size : 27565 Bytes
Signatures total : 40456
CSI Fingerprints total : 904
CSI data size : 31134 Bytes
Target categories : 15
Target families : 692


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:25 %
Total physical memory:261196 kb
Available physical memory:64596 kb
Total page file size:632988 kb
Available on page file:420068 kb
Total virtual memory:2097024 kb
Available virtual memory:2044644 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


16-06-2005 23:12:45 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 608
ThreadCreationTime : 16-06-2005 21:09:10
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 680
ThreadCreationTime : 16-06-2005 21:09:16
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 704
ThreadCreationTime : 16-06-2005 21:09:17
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 748
ThreadCreationTime : 16-06-2005 21:09:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 760
ThreadCreationTime : 16-06-2005 21:09:18
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 924
ThreadCreationTime : 16-06-2005 21:09:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 976
ThreadCreationTime : 16-06-2005 21:09:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 992
ThreadCreationTime : 16-06-2005 21:09:19
BasePriority : Normal
FileVersion : 4, 2, 14, 0
ProductVersion : 4, 2, 14, 0
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1220
ThreadCreationTime : 16-06-2005 21:09:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1248
ThreadCreationTime : 16-06-2005 21:09:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : n/a
ProcessID : 1312
ThreadCreationTime : 16-06-2005 21:09:22
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [sndsrvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Command Line : n/a
ProcessID : 1324
ThreadCreationTime : 16-06-2005 21:09:22
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:13 [spbbcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Command Line : n/a
ProcessID : 1352
ThreadCreationTime : 16-06-2005 21:09:23
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:14 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1596
ThreadCreationTime : 16-06-2005 21:09:23
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1828
ThreadCreationTime : 16-06-2005 21:09:26
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1884
ThreadCreationTime : 16-06-2005 21:09:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 200
ThreadCreationTime : 16-06-2005 21:09:28
BasePriority : Normal
FileVersion : 4, 2, 14, 0
ProductVersion : 4, 2, 14, 0
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe

#:18 [usisrv.exe]
ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe"
ProcessID : 236
ThreadCreationTime : 16-06-2005 21:09:28
BasePriority : Normal
FileVersion : 1, 0, 1, 15
ProductVersion : 1, 0, 1, 15
ProductName : Ulead Systems USISrv
CompanyName : Ulead Systems
FileDescription : USISrv
InternalName : USISrv
LegalCopyright : Copyright © 2003 Ulead Systems
OriginalFilename : USISrv.exe

#:19 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 260
ThreadCreationTime : 16-06-2005 21:09:29
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:20 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : n/a
ProcessID : 296
ThreadCreationTime : 16-06-2005 21:09:29
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:21 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 312
ThreadCreationTime : 16-06-2005 21:09:30
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [winupdates.exe]
ModuleName : C:\Program Files\winupdates\winupdates.exe
Command Line : "C:\Program Files\winupdates\winupdates.exe" /auto
ProcessID : 320
ThreadCreationTime : 16-06-2005 21:09:30
BasePriority : Normal
FileVersion : 3.06
ProductVersion : 3.06
ProductName : inno setup
CompanyName : inno setup
FileDescription : inno setup
InternalName : Setup
LegalCopyright : inno setup
LegalTrademarks : inno setup
OriginalFilename : Setup.exe
Comments : inno setup

#:23 [invbn.exe]
ModuleName : C:\WINDOWS\System32\invbn.exe
Command Line : "C:\WINDOWS\System32\invbn.exe"
ProcessID : 336
ThreadCreationTime : 16-06-2005 21:09:30
BasePriority : Normal


#:24 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 340
ThreadCreationTime : 16-06-2005 21:09:30
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 476
ThreadCreationTime : 16-06-2005 21:09:30
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:26 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 972
ThreadCreationTime : 16-06-2005 21:09:32
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [appservices.exe]
ModuleName : C:\PROGRA~1\Iomega\System32\AppServices.exe
Command Line : "C:\PROGRA~1\Iomega\System32\AppServices.exe"
ProcessID : 1168
ThreadCreationTime : 16-06-2005 21:09:32
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT

#:28 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 1192
ThreadCreationTime : 16-06-2005 21:09:33
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:29 [npfmntor.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
Command Line : n/a
ProcessID : 1372
ThreadCreationTime : 16-06-2005 21:09:35
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:30 [nprotect.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
Command Line : n/a
ProcessID : 1440
ThreadCreationTime : 16-06-2005 21:09:36
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:31 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1816
ThreadCreationTime : 16-06-2005 21:09:40
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:32 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
Command Line : n/a
ProcessID : 2100
ThreadCreationTime : 16-06-2005 21:09:46
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll

#:33 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 2120
ThreadCreationTime : 16-06-2005 21:09:47
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:34 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 2164
ThreadCreationTime : 16-06-2005 21:09:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : n/a
ProcessID : 2176
ThreadCreationTime : 16-06-2005 21:09:48
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:36 [ulcdrsvr.exe]
ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
ProcessID : 2288
ThreadCreationTime : 16-06-2005 21:09:52
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Ulead Systems ULCDRSvr
CompanyName : Ulead Systems, Inc.
FileDescription : ULCDRSvr
InternalName : ULCDRSvr
LegalCopyright : Copyright © 2002 Ulead Systems, Inc.
OriginalFilename : ULCDRSvr.exe

#:37 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 2356
ThreadCreationTime : 16-06-2005 21:09:54
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:38 [adservice.exe]
ModuleName : C:\Program Files\Iomega\AutoDisk\ADService.exe
Command Line : "C:\Program Files\Iomega\AutoDisk\ADService.exe"
ProcessID : 2436
ThreadCreationTime : 16-06-2005 21:09:55
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:39 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[3d0]SUSDS70350bc292b32f48ad71b89e7cd0d49d
ProcessID : 2880
ThreadCreationTime : 16-06-2005 21:10:49
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3036
ThreadCreationTime : 16-06-2005 21:11:18
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3144
ThreadCreationTime : 16-06-2005 21:12:04
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istbar.barobj

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag.1

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\avenue media

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : Binary

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SoftwareUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPath

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SliderLegalText

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPort

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryFailedDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : AdvDelaySec

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TrackingFileFlag

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : RestartADPDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TimeOutInterval

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SystemInstallTime

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TempUniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastADPRestart

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : IdleMinutesThreshold

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinMinutesBetweenTwoADs

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDomainCap

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinCountOfUrlsBetweenTwoADs

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDailyCapPerUSer

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastQueryTime

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : last_conn_l

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : we

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : cdata

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : TimeOffset

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : action_url_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : action_url_last_chunk

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : action_url_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : key_file

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais
Value : kw_last_chunk

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : duid

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : partner_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : product_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt1

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt2

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt3

DyFuCA Object Recognized!
Type : RegValue
Data
  • 0

Advertisements

#2
Tender_Prey
Posted 16 June 2005 - 04:09 PM

Tender_Prey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
(ad-aware log cont.)

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt3

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gma

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gvi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gpi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : boom

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : boom_ver

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : barTitle

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : serverpath

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : urlAfterInstall

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : gUpdate

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : TBRowMode

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : xml_istbar.xml

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : imagemap_normal.bmp

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : imagemap_over.bmp

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : showcorrupted

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : updatever

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : refreshscope

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : allowupdate

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : LastCheckTime

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : version.txt

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : UpdateBegin

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : ButtonText

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : HotIcon

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : Icon

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : CLSID

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : BandCLSID

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind
Value : UninstallString

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathBHO

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathDLL

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathXML

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathEXE

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : InstallDate

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : SearchSite

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : update

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : ver

SideFind Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : IntervalBetweenShows

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}"
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\microsoft\internet explorer\toolbar\webbrowser
Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52}

Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\powerscan
Value : account_id

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment : "Internet Optimizer"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Internet Optimizer

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "{FAA356E4-D317-42A6-AB41-A3021C6E7D52}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {FAA356E4-D317-42A6-AB41-A3021C6E7D52}

Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-1202660629-1957994488-1003\\software\powerscan
Value : account_id

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 182
Objects found so far: 182


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 5
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 5
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 5
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 5
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 5
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : HelpLink

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment : "sais"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : sais

DyFuCA Object Recognized!
Type : File
Data : sais.exe
TAC Rating : 3
Category : Malware
Comment :
Object : c:\program files\180solutions\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment : "dcj"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : dcj

180Solutions Object Recognized!
Type : File
Data : dcj.exe
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\windows\



Powerscan Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Malware
Comment : "Power Scan"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Power Scan

Powerscan Object Recognized!
Type : File
Data : powerscan.exe
TAC Rating : 5
Category : Malware
Comment :
Object : c:\program files\power scan\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright © 2004
OriginalFilename : Power-Scan.exe


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 193

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 14-06-2015 23:00:34
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : john@xxxtoolbar[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 16-07-2005 23:17:20
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 196



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : File
Data : cmctl[1].dll
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\81MNSD6Z\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : ContentMatchControl
FileDescription : ContentMatchControl
InternalName : ContentMatchControl1
LegalCopyright : Copyright 2005
OriginalFilename : ContentMatchControl1.DLL


DyFuCA Object Recognized!
Type : File
Data : sidefind13[1].dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K9UNCXM7\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL


DyFuCA Object Recognized!
Type : File
Data : ncase_new[1].exe
TAC Rating : 3
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\SLENO5Q7\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


istbar Object Recognized!
Type : File
Data : istrecover[1].exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\UNO32RSL\



Powerscan Object Recognized!
Type : File
Data : powerscan[1].exe
TAC Rating : 5
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\UNO32RSL\
FileVersion : 1, 1, 0, 2
ProductVersion : 1, 1, 0, 2
ProductName : PowerScan v1.1
FileDescription : PowerScan v1.1
InternalName : PowerScan v1.1
LegalCopyright : Copyright © 2004
OriginalFilename : Power-Scan.exe


SideFind Object Recognized!
Type : File
Data : sfbho13[1].dll
TAC Rating : 5
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\W5IR49M7\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL


DyFuCA Object Recognized!
Type : File
Data : nem220[1].dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\WL2Z85MN\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lucy@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Lucy\Cookies\lucy@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lucy@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Lucy\Cookies\lucy@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lucy@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Lucy\Cookies\lucy@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Lucy\Cookies\[email protected][1].txt

180Solutions Object Recognized!
Type : File
Data : sais.exe
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\Program Files\180Solutions\FLEOK\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


BargainBuddy Object Recognized!
Type : File
Data : adv.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe


BargainBuddy Object Recognized!
Type : File
Data : adx.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\BullsEye Network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe


istbar Object Recognized!
Type : File
Data : cmctl.dll
TAC Rating : 7
Category : Malware
Comment :
Object : C:\Program Files\ISTbar\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : ContentMatchControl
FileDescription : ContentMatchControl
InternalName : ContentMatchControl1
LegalCopyright : Copyright 2005
OriginalFilename : ContentMatchControl1.DLL


SideFind Object Recognized!
Type : File
Data : sfbho.dll
TAC Rating : 5
Category : Malware
Comment :
Object : C:\Program Files\SideFind\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL


DyFuCA Object Recognized!
Type : File
Data : sidefind.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\Program Files\SideFind\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL


BargainBuddy Object Recognized!
Type : File
Data : exdl.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


DyFuCA Object Recognized!
Type : File
Data : nem220.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : bszip.dll
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 3.0.2.0
ProductVersion : 3.02
ProductName : BigSpeed Zip DLL
CompanyName : BigSpeedSoft
InternalName : bszip.dll
LegalCopyright : © BigSpeedSoft
LegalTrademarks : BigSpeed is a trademark of BigSpeedSoft
OriginalFilename : bszip.dll


BargainBuddy Object Recognized!
Type : File
Data : exdl.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : exdl1.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


BargainBuddy Object Recognized!
Type : File
Data : exul.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : exul1.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : javexulm.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe


BargainBuddy Object Recognized!
Type : File
Data : mqexdlm.srg
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 222


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 222




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : InstallOccurUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : AlreadyInstalledUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : ETServer

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : NewPartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System

BargainBuddy Object Recognized!
Type : Folder
TAC Rating : 8
Category : Malware
Comment : BargainBuddy
Object : c:\program files\BullsEye Network

BargainBuddy Object Recognized!
Type : File
Data : ad.dat
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : ub.dat
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\bullseye network\



BargainBuddy Object Recognized!
Type : File
Data : Uninstall.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\bullseye network\
FileVersion : 8.0.3.9
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module


BargainBuddy Object Recognized!
Type : File
Data : bargains.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\bullseye network\bin\



BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE


BargainBuddy Object Recognized!
Type : File
Data : exclean.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\windows\system32\



BargainBuddy Object Recognized!
Type : File
Data : msbe.dll
TAC Rating : 8
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 8, 0, 3, 8
ProductVersion : 8, 0, 3, 6
ProductName : ADP Module
CompanyName : eXact Advertising
FileDescription : ADP Module
InternalName : apuc
LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL


DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\mi
  • 0

#3
Tender_Prey
Posted 16 June 2005 - 04:14 PM

Tender_Prey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
(ad-aware log cont.2)

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sais
Value : UninstallString

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sais
Value : DisplayIcon

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout
Value : DComment

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\SideFind

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\Power Scan

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\ISTsvc

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\ISTbar

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\Internet Optimizer

DyFuCA Object Recognized!
Type : Folder
TAC Rating : 3
Category : Malware
Comment : DyFuCA
Object : c:\program files\180Solutions

DyFuCA Object Recognized!
Type : File
Data : optimize.exe
TAC Rating : 3
Category : Malware
Comment :
Object : c:\program files\internet optimizer\



istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : File
Data : sais.log
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\180solutions\



istbar Object Recognized!
Type : File
Data : saisau.dat
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\180solutions\



istbar Object Recognized!
Type : File
Data : sais_kyf.dat
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\180solutions\



istbar Object Recognized!
Type : File
Data : istsvc.exe
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istsvc\



istbar Object Recognized!
Type : File
Data : imagemap_normal.bmp
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istbar\



istbar Object Recognized!
Type : File
Data : imagemap_over.bmp
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istbar\



istbar Object Recognized!
Type : File
Data : istbarcm.dll
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istbar\



istbar Object Recognized!
Type : File
Data : version.txt
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istbar\



istbar Object Recognized!
Type : File
Data : xml_istbar.xml
TAC Rating : 7
Category : Malware
Comment :
Object : c:\program files\istbar\



SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}

SideFind Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}

SideFind Object Recognized!
Type : File
Data : sfexd001
TAC Rating : 5
Category : Malware
Comment :
Object : c:\program files\sidefind\



Powerscan Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\powerscan

Powerscan Object Recognized!
Type : Folder
TAC Rating : 5
Category : Malware
Comment : Powerscan
Object : c:\documents and settings\john\start menu\programs\Power Scan

Powerscan Object Recognized!
Type : File
Data : Power Scan.lnk
TAC Rating : 5
Category : Malware
Comment :
Object : c:\documents and settings\john\start menu\programs\power scan\



180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : kw_last_chunk

Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : cmd.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : netstat.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : ping.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : regedit.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : taskkill.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tasklist.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Win32.P2P-Worm.Alcan.a Object Recognized!
Type : File
Data : tracert.com
TAC Rating : 8
Category : Worm
Comment :
Object : C:\WINDOWS\System32\



Powerscan Object Recognized!
Type : File
Data : Power Scan.lnk
TAC Rating : 5
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\John\Start Menu\Programs\Power Scan\Power Scan.lnk
Object : C:\Documents and Settings\John\Start Menu\Programs\Power Scan\



Other Object Recognized!
Type : File
Data : SAIS.EXE-1CACDE60.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : SAIS.EXE-25D5D1DE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : EXDL.EXE-025B7023.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : EXDL1.EXE-03ADA40F.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : EXUL1.EXE-0DA91456.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : OPTIMIZE.EXE-01F38553.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : OPTIMIZE.EXE-3298A59E.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Other Object Recognized!
Type : File
Data : ISTSVC.EXE-0B9CA3A6.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 70
Objects found so far: 292

23:49:24 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:36:39.102
Objects scanned:119059
Objects identified:308
Objects ignored:0
New critical objects:308
  • 0

#4
Guest_Andy_veal_*
Posted 18 June 2005 - 09:19 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R50 13.06.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#5
steveml
Posted 29 June 2005 - 04:14 AM

steveml

    New Member

  • Member
  • Pip
  • 9 posts
Hi,

edited for content.

Cheers,
Ste.

Edited by coachwife6, 29 June 2005 - 06:48 AM.

  • 0

#6
Guest_Andy_veal_*
Posted 29 June 2005 - 04:16 PM

Guest_Andy_veal_*
  • Guest
I would like to add,

The product that steveml was advertising has been on Rogue/Suspect Anti-spyware list

Even though it has now been removed, in my opinion it is still unsafe, the company might of changed but if it customers remember what the company has been previously doing they may not support it.

I do not recommend any program on the Rogue/Suspect Anti-Spyware site.

:tazz:
  • 0

#7
don77
Posted 06 July 2005 - 04:37 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP