Attached in my log file, I tried everything, Adware worked for a long time, all of a sudden it started freezing up IN THE DELETING MODE, then i have to reboot the system by unpluging computer for reboot..I HOPE I PUT THIS LOG FILE IN THE RIGHT PLACE....please help
Thanks
Ad-Aware SE Build 1.05
Logfile Created on:22 December 2004 22:55:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R23 16.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):25 total references
FindWhateverNow(TAC index:7):1 total references
IEHijacker.richfind(TAC index:7):51 total references
Lop(TAC index:7):2 total references
MRU List(TAC index:0):21 total references
SafeSearch(TAC index:4):1 total references
Tracking Cookie(TAC index:3):40 total references
UKVideo2 Dialer(TAC index:5):6 total references
Win32.Adverts.TrojanDownloader(TAC index:6):4 total references
Win32.Dluca.TrojanDownloader(TAC index:6):18 total references
WindUpdates(TAC index:8):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
22-12-2004 22:55:20 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279180735
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294957075
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278220911
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [BCMDMMSG.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278218795
Threads : 1
Priority : Normal
FileVersion : 3.2.09 07/06/2000 14:06:52
ProductVersion : 3.2.09 07/06/2000 14:06:52
ProductName : BCM Modem Messaging Applet
CompanyName : BCM
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © BCM 1998-2000
OriginalFilename : smdmstat.exe
#:5 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278214991
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:6 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278202271
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:7 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278247135
Threads : 5
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:8 [DEFWATCH.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278244115
Threads : 2
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:9 [RTVSCN95.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278239031
Threads : 34
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278316119
Threads : 19
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:11 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4278347351
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278368787
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:13 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278418967
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:14 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278403123
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:15 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278429347
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:16 [HIDSERV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278427223
Threads : 1
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : HIDSERV.EXE
#:17 [SK9910DM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278427467
Threads : 1
Priority : Normal
FileVersion : 1, 0, 8, 0
CompanyName : Silitek Corporation
FileDescription : Daemon
LegalCopyright : Copyright (C) Silitek Corp. 1999, 2000
#:18 [VPTRAY.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278477187
Threads : 2
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
#:19 [DRAGDIAG.EXE]
FilePath : C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\
ProcessID : 4278442199
Threads : 2
Priority : Normal
FileVersion : 300.7.0.2
ProductVersion : 300.7.0.2
ProductName : SpeedTouch USB
CompanyName : THOMSON
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON 1999-2003
#:20 [SNCNTR.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278437971
Threads : 1
Priority : Normal
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
FindWhateverNow Object Recognized!
Type : Process
Data : SNCNTR.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
Warning! FindWhateverNow Object found in memory(C:\WINDOWS\SYSTEM\SNCNTR.EXE)
"C:\WINDOWS\SYSTEM\SNCNTR.EXE"Process terminated successfully
#:21 [WINADTOOLS.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADTOOLS\
ProcessID : 4278469707
Threads : 4
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINWRENCH.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADTOOLS\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADTOOLS\WINWRENCH.DLL)
WindUpdates Object Recognized!
Type : Process
Data : WINADTOOLS.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WINDOWS ADTOOLS\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE)
"C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE"Process terminated successfully
#:22 [WINRATCHET.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADTOOLS\
ProcessID : 4278460291
Threads : 2
Priority : Normal
#:23 [WINADCTL.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADCONTROL\
ProcessID : 4278471227
Threads : 4
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINADSHIFT.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADSHIFT.DLL)
WindUpdates Object Recognized!
Type : Process
Data : WINADCTL.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE)
"C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE"Process terminated successfully
#:24 [WINADALT.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADCONTROL\
ProcessID : 4278471447
Threads : 2
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINADALT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE)
"C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE"Process terminated successfully
#:25 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4278497659
Threads : 1
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:26 [WKCALREM.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4278370951
Threads : 2
Priority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:27 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278328675
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 27
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadctlx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadctlx.installer
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
Value : param
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
Value : LastUpdate
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
Value : UninstallString
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
Value : DisplayName
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000.1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000.1
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar.1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar.1
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : toolbar_id
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : toolbar_version
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : firstTime
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CurrentFont
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : FontSize
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CurrentLayout
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ToolbarIsFailed
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : TBFace
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : corruptedMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : uninstallMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : updateMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : autoUpdateMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : versionError
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : connectionError
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : lastVersionMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : contextMenuItemName
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : closeAllWindowsForUpdate
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : firstURL
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : serverpath
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : updateUrl
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : urlAfterUpdate
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : urlAfterUninstall
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : contextSearch
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : OpenNew
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : AutoComplete
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : KeepHistory
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : RunSearchAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : RunSearchDragAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : DescriptiveText
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ShowHighlightButton
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ShowFindButtons
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : UpdateAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : EditWidthcombo1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : #EditWidthcombo1#
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : Scope
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : OldOS
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CountOS
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : m_bWorking
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
Value : DisplayName
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
Value : UninstallString
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\video1\dialers
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1\dialers
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program info
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program info
Value : ClientID
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program data
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program data
Value : SSET
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : VNPIN
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : CCINFO
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : LastWNK
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DaytimeDocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DaytimeDocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DocTime
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adtools
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adtools
Value : LastUpdate
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Windows AdControl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Windows AdControl
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Windows AdTools"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Windows AdTools
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 83
Objects found so far: 110
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\DOWNLOADED PROGRAM FILES\WINADCTLX.DLL
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : winadctlx.dll
Category : Malware
Comment :
Object : c:\windows\downloaded program files\
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
Value : .Owner
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
Value : {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : /windows/downloaded program files/winadtoolsx.dll
Category : Malware
Comment :
Object : c:\
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
Value : .Owner
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
Value : {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : /windows/downloaded program files/winadctlx.dll
Category : Malware
Comment :
Object : c:\
BlazeFind Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
BlazeFind Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 122
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@specificclick.net/
Expires : 14-12-2014 15:49:02
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bs.serving-sys.com/
Expires : 01-01-2038 05:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-cbs.hitbox[1].txt
Category : Data Miner
Comment : Hits:58
Value : Cookie:default@ehg-cbs.hitbox.com/
Expires : 22-12-2005 10:20:02
LastSync : Hits:58
UseCount : 0
Hits : 58
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@centrport.net/
Expires : 01-01-2030
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:default@ads.pointroll.com/
Expires : 01-01-2010
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@zedo.com/
Expires : 20-12-2014 10:04:06
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@servedby.advertising.com/
Expires : 21-01-2005 21:20:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@tribalfusion.com/
Expires : 01-01-2038
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:default@edge.ru4.com/
Expires : 18-02-2005 13:27:58
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@mediaplex.com/
Expires : 22-06-2009
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@2o7.net/
Expires : 20-12-2009 15:40:14
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@atdmt.com/
Expires : 19-12-2009
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:default@serving-sys.com/
Expires : 01-01-2038 05:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bfast[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bfast.com/
Expires : 22-12-2024 10:07:22
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[2].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:default@questionmarket.com/
Expires : 10-02-2006 05:49:20
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:54
Value : Cookie:default@z1.adserver.com/
Expires : 22-12-2005 21:49:06
LastSync : Hits:54
UseCount : 0
Hits : 54
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@advertising.com/
Expires : 21-12-2009 21:20:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@versiontracker.com/
Expires : 20-12-2006 14:31:22
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@doubleclick.net/
Expires : 21-12-2007 09:50:30
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:default@hitbox.com/
Expires : 22-12-2005 10:20:02
LastSync : Hits:40
UseCount : 0
Hits : 40
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 142
Deep scanning and examining files (c
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-cbs.hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ehg-cbs.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@specificclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@tribalfusion[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ads.pointroll[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@versiontracker[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@zedo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bfast[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bfast[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bs.serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@edge.ru4[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@servedby.advertising[2].txt
BlazeFind Object Recognized!
Type : File
Data : WinAdToolsX.dll
Category : Malware
Comment :
Object : c:\WINDOWS\Downloaded Program Files\
SafeSearch Object Recognized!
Type : File
Data : qdelwbi.tmp
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 1, 0, 0, 25
ProductVersion : 1, 0, 0, 25
Lop Object Recognized!
Type : File
Data : sclonlmr.exe
Category : Malware
Comment :
Object : c:\Program Files\Common Files\nudtcacd\lonnbluf\
Lop Object Recognized!
Type : File
Data : falmnmspr.exe
Category : Malware
Comment :
Object : c:\Program Files\Common Files\nudtcacd\nnsnqrrbsq\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 166
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 166
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Windows AdTools
WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Windows AdControl
WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
WindUpdates Object Recognized!
Type : File
Data : WinRatchet.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinWrench.dll
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : Info.txt
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinAdTools.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinAdAlt.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
WindUpdates Object Recognized!
Type : File
Data : WinAdShift.dll
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
WindUpdates Object Recognized!
Type : File
Data : WinAdCtl.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
Value : IUG
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1
UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netscape\netscape navigator\viewers
Value : TYPE33
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\infosoft
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : Info
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : DocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : DocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Value : UninstallString
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Value : DisplayName
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : File
Data : sncntr.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 190
23:16:32 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:11.910
Objects scanned:90838
Objects identified:167
Objects ignored:0
New critical objects:167
Thanks
Ad-Aware SE Build 1.05
Logfile Created on:22 December 2004 22:55:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R23 16.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind(TAC index:5):25 total references
FindWhateverNow(TAC index:7):1 total references
IEHijacker.richfind(TAC index:7):51 total references
Lop(TAC index:7):2 total references
MRU List(TAC index:0):21 total references
SafeSearch(TAC index:4):1 total references
Tracking Cookie(TAC index:3):40 total references
UKVideo2 Dialer(TAC index:5):6 total references
Win32.Adverts.TrojanDownloader(TAC index:6):4 total references
Win32.Dluca.TrojanDownloader(TAC index:6):18 total references
WindUpdates(TAC index:8):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
22-12-2004 22:55:20 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279180735
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294957075
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278220911
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [BCMDMMSG.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278218795
Threads : 1
Priority : Normal
FileVersion : 3.2.09 07/06/2000 14:06:52
ProductVersion : 3.2.09 07/06/2000 14:06:52
ProductName : BCM Modem Messaging Applet
CompanyName : BCM
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © BCM 1998-2000
OriginalFilename : smdmstat.exe
#:5 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278214991
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:6 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278202271
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:7 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278247135
Threads : 5
Priority : Normal
FileVersion : 4.90.3003.0
ProductVersion : 4.90.3003.0
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:8 [DEFWATCH.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278244115
Threads : 2
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:9 [RTVSCN95.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278239031
Threads : 34
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278316119
Threads : 19
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:11 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4278347351
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278368787
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:13 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278418967
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:14 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278403123
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:15 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278429347
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:16 [HIDSERV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278427223
Threads : 1
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : HIDSERV.EXE
#:17 [SK9910DM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278427467
Threads : 1
Priority : Normal
FileVersion : 1, 0, 8, 0
CompanyName : Silitek Corporation
FileDescription : Daemon
LegalCopyright : Copyright (C) Silitek Corp. 1999, 2000
#:18 [VPTRAY.EXE]
FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
ProcessID : 4278477187
Threads : 2
Priority : Normal
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright (C) Symantec Corporation 1991-2002
#:19 [DRAGDIAG.EXE]
FilePath : C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\
ProcessID : 4278442199
Threads : 2
Priority : Normal
FileVersion : 300.7.0.2
ProductVersion : 300.7.0.2
ProductName : SpeedTouch USB
CompanyName : THOMSON
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON 1999-2003
#:20 [SNCNTR.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278437971
Threads : 1
Priority : Normal
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
FindWhateverNow Object Recognized!
Type : Process
Data : SNCNTR.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
Warning! FindWhateverNow Object found in memory(C:\WINDOWS\SYSTEM\SNCNTR.EXE)
"C:\WINDOWS\SYSTEM\SNCNTR.EXE"Process terminated successfully
#:21 [WINADTOOLS.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADTOOLS\
ProcessID : 4278469707
Threads : 4
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINWRENCH.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADTOOLS\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADTOOLS\WINWRENCH.DLL)
WindUpdates Object Recognized!
Type : Process
Data : WINADTOOLS.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WINDOWS ADTOOLS\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE)
"C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE"Process terminated successfully
#:22 [WINRATCHET.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADTOOLS\
ProcessID : 4278460291
Threads : 2
Priority : Normal
#:23 [WINADCTL.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADCONTROL\
ProcessID : 4278471227
Threads : 4
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINADSHIFT.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADSHIFT.DLL)
WindUpdates Object Recognized!
Type : Process
Data : WINADCTL.EXE
Category : Malware
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE)
"C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE"Process terminated successfully
#:24 [WINADALT.EXE]
FilePath : C:\PROGRAM FILES\WINDOWS ADCONTROL\
ProcessID : 4278471447
Threads : 2
Priority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WINADALT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\PROGRAM FILES\WINDOWS ADCONTROL\
Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE)
"C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADALT.EXE"Process terminated successfully
#:25 [MSNMSGR.EXE]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4278497659
Threads : 1
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:26 [WKCALREM.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4278370951
Threads : 2
Priority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:27 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278328675
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 27
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadctlx.installer
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadctlx.installer
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
Value : param
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adcontrol
Value : LastUpdate
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
Value : UninstallString
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adcontrol
Value : DisplayName
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000.1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000.1
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.xbtb00000
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar.1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xbtb00000.ietoolbar.1
Value :
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : toolbar_id
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : toolbar_version
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : firstTime
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CurrentFont
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : FontSize
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CurrentLayout
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ToolbarIsFailed
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : TBFace
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : corruptedMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : uninstallMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : updateMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : autoUpdateMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : versionError
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : connectionError
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : lastVersionMsg
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : contextMenuItemName
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : closeAllWindowsForUpdate
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : firstURL
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : serverpath
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : updateUrl
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : urlAfterUpdate
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : urlAfterUninstall
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : contextSearch
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : OpenNew
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : AutoComplete
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : KeepHistory
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : RunSearchAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : RunSearchDragAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : DescriptiveText
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ShowHighlightButton
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : ShowFindButtons
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : UpdateAutomatically
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : EditWidthcombo1
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : #EditWidthcombo1#
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : Scope
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : OldOS
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : CountOS
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\xbtb00000\ietoolbar
Value : m_bWorking
IEHijacker.richfind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
Value : DisplayName
IEHijacker.richfind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\xbtb00000.xbtb00000ietoolbar
Value : UninstallString
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\video1\dialers
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1\dialers
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program info
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program info
Value : ClientID
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program data
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\program data
Value : SSET
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : VNPIN
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : CCINFO
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : LastWNK
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DaytimeDocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DaytimeDocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\infosoft\qsearch
Value : DocTime
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adtools
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adtools
Value : LastUpdate
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Windows AdControl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Windows AdControl
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Windows AdTools"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Windows AdTools
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 83
Objects found so far: 110
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\DOWNLOADED PROGRAM FILES\WINADCTLX.DLL
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : winadctlx.dll
Category : Malware
Comment :
Object : c:\windows\downloaded program files\
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
Value : .Owner
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll
Value : {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : /windows/downloaded program files/winadtoolsx.dll
Category : Malware
Comment :
Object : c:\
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
Value : .Owner
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll
Value : {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
BlazeFind Object Recognized!
Type : File
Data : /windows/downloaded program files/winadctlx.dll
Category : Malware
Comment :
Object : c:\
BlazeFind Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
BlazeFind Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 122
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@specificclick.net/
Expires : 14-12-2014 15:49:02
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bs.serving-sys.com/
Expires : 01-01-2038 05:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-cbs.hitbox[1].txt
Category : Data Miner
Comment : Hits:58
Value : Cookie:default@ehg-cbs.hitbox.com/
Expires : 22-12-2005 10:20:02
LastSync : Hits:58
UseCount : 0
Hits : 58
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@centrport.net/
Expires : 01-01-2030
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ads.pointroll[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:default@ads.pointroll.com/
Expires : 01-01-2010
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@zedo.com/
Expires : 20-12-2014 10:04:06
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@servedby.advertising.com/
Expires : 21-01-2005 21:20:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@tribalfusion.com/
Expires : 01-01-2038
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:default@edge.ru4.com/
Expires : 18-02-2005 13:27:58
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@mediaplex.com/
Expires : 22-06-2009
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@2o7.net/
Expires : 20-12-2009 15:40:14
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@atdmt.com/
Expires : 19-12-2009
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:default@serving-sys.com/
Expires : 01-01-2038 05:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bfast[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bfast.com/
Expires : 22-12-2024 10:07:22
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[2].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:default@questionmarket.com/
Expires : 10-02-2006 05:49:20
LastSync : Hits:31
UseCount : 0
Hits : 31
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:54
Value : Cookie:default@z1.adserver.com/
Expires : 22-12-2005 21:49:06
LastSync : Hits:54
UseCount : 0
Hits : 54
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@advertising.com/
Expires : 21-12-2009 21:20:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@versiontracker.com/
Expires : 20-12-2006 14:31:22
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@doubleclick.net/
Expires : 21-12-2007 09:50:30
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:default@hitbox.com/
Expires : 22-12-2005 10:20:02
LastSync : Hits:40
UseCount : 0
Hits : 40
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 142
Deep scanning and examining files (c
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-cbs.hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ehg-cbs.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@specificclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@tribalfusion[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ads.pointroll[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@versiontracker[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@versiontracker[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@zedo[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bfast[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bfast[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bs.serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@edge.ru4[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@servedby.advertising[2].txt
BlazeFind Object Recognized!
Type : File
Data : WinAdToolsX.dll
Category : Malware
Comment :
Object : c:\WINDOWS\Downloaded Program Files\
SafeSearch Object Recognized!
Type : File
Data : qdelwbi.tmp
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 1, 0, 0, 25
ProductVersion : 1, 0, 0, 25
Lop Object Recognized!
Type : File
Data : sclonlmr.exe
Category : Malware
Comment :
Object : c:\Program Files\Common Files\nudtcacd\lonnbluf\
Lop Object Recognized!
Type : File
Data : falmnmspr.exe
Category : Malware
Comment :
Object : c:\Program Files\Common Files\nudtcacd\nnsnqrrbsq\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 166
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 166
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Windows AdTools
WindUpdates Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Windows AdControl
WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
WindUpdates Object Recognized!
Type : File
Data : WinRatchet.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinWrench.dll
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : Info.txt
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinAdTools.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adtools\
WindUpdates Object Recognized!
Type : File
Data : WinAdAlt.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
WindUpdates Object Recognized!
Type : File
Data : WinAdShift.dll
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
WindUpdates Object Recognized!
Type : File
Data : WinAdCtl.exe
Category : Malware
Comment :
Object : C:\Program Files\windows adcontrol\
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
Value : IUG
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1
UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netscape\netscape navigator\viewers
Value : TYPE33
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\infosoft
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : Info
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : DocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sncntr
Value : DocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Value : UninstallString
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sncntr
Value : DisplayName
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sncntr
Win32.Dluca.TrojanDownloader Object Recognized!
Type : File
Data : sncntr.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 0, 0, 0, 95
ProductVersion : 0, 0, 0, 95
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 190
23:16:32 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:11.910
Objects scanned:90838
Objects identified:167
Objects ignored:0
New critical objects:167