Ad-Aware SE Build 1.05 Logfile Created on:den 10 juni 2005 14:55:25 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R49 31.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy(TAC index:8):80 total references ClickSpring(TAC index:6):15 total references DyFuCA(TAC index:3):36 total references EffectiveBrandToolbar(TAC index:7):17 total references ExactSearchBar(TAC index:5):5 total references Hijacker.TopConverting(TAC index:5):12 total references Other(TAC index:5):15 total references Possible Browser Hijack attempt(TAC index:3):3 total references SahAgent(TAC index:9):6 total references TIB Browser(TAC index:6):19 total references Tracking Cookie(TAC index:3):9 total references Windows(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2005-06-10 14:55:25 - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 460 ThreadCreationTime : 2005-06-10 10:31:53 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\D:\WINDOWS\system32\ ProcessID : 564 ThreadCreationTime : 2005-06-10 10:32:03 BasePriority : High #:3 [services.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 608 ThreadCreationTime : 2005-06-10 10:32:04 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:4 [lsass.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 620 ThreadCreationTime : 2005-06-10 10:32:04 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:5 [svchost.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 800 ThreadCreationTime : 2005-06-10 10:32:06 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:6 [svchost.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 852 ThreadCreationTime : 2005-06-10 10:32:07 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [spoolsv.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1180 ThreadCreationTime : 2005-06-10 10:32:15 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:8 [cisvc.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1296 ThreadCreationTime : 2005-06-10 10:32:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:9 [vsmon.exe] FilePath : D:\WINDOWS\system32\ZoneLabs\ ProcessID : 1364 ThreadCreationTime : 2005-06-10 10:32:21 BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:10 [rundll32.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 2020 ThreadCreationTime : 2005-06-10 10:36:39 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Kör en DLL-fil som ett program InternalName : rundll LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : RUNDLL.EXE #:11 [explorer.exe] FilePath : D:\WINDOWS\ ProcessID : 352 ThreadCreationTime : 2005-06-10 10:36:44 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE #:12 [zlclient.exe] FilePath : D:\Program\Zone Labs\ZoneAlarm\ ProcessID : 792 ThreadCreationTime : 2005-06-10 10:36:55 BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe #:13 [cidaemon.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1672 ThreadCreationTime : 2005-06-10 10:39:35 BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:14 [svchost.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 1932 ThreadCreationTime : 2005-06-10 11:36:33 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:15 [taskmgr.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 300 ThreadCreationTime : 2005-06-10 11:38:40 BasePriority : High FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aktivitetshanteraren InternalName : taskmgr LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : taskmgr.exe #:16 [xxxxx.exe] FilePath : c:\ ProcessID : 1384 ThreadCreationTime : 2005-06-10 11:43:24 BasePriority : Normal #:17 [intronsad.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 1380 ThreadCreationTime : 2005-06-10 11:45:20 BasePriority : Normal #:18 [sssdfgbsdfghbnj.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 1340 ThreadCreationTime : 2005-06-10 11:46:27 BasePriority : Normal #:19 [sssdfgbsdfghbnj.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 1876 ThreadCreationTime : 2005-06-10 11:46:27 BasePriority : Normal #:20 [optimize.exe] FilePath : D:\Program Files\Internet Optimizer\ ProcessID : 2108 ThreadCreationTime : 2005-06-10 11:48:25 BasePriority : Normal Warning! DyFuCA Object found in memory(D:\Program Files\Internet Optimizer\optimize.exe) DyFuCA Object Recognized! Type : Process Data : optimize.exe Category : Malware Comment : Object : D:\Program Files\Internet Optimizer\ "D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully "D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully #:21 [weirdontheweb.exe] FilePath : D:\Program\WeirdOnTheWeb\ ProcessID : 2216 ThreadCreationTime : 2005-06-10 11:49:08 BasePriority : Normal FileVersion : 18.317.0.18 ProductVersion : 18.317.0.18 ProductName : Notifier FileDescription : Notifier LegalCopyright : Copyright © 2004 Notifier #:22 [lruc.exe] FilePath : D:\Program\ptwh\ ProcessID : 2476 ThreadCreationTime : 2005-06-10 11:50:19 BasePriority : Normal #:23 [bargains.exe] FilePath : D:\Program\BullsEye Network\bin\ ProcessID : 2532 ThreadCreationTime : 2005-06-10 11:50:43 BasePriority : Normal FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe #:24 [msxct.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 2612 ThreadCreationTime : 2005-06-10 11:51:04 BasePriority : Normal #:25 [0pfq9qor.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 2720 ThreadCreationTime : 2005-06-10 11:51:58 BasePriority : Idle FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Warning! SahAgent Object found in memory(D:\WINDOWS\System32\0pfq9qor.exe) SahAgent Object Recognized! Type : Process Data : 0pfq9qor.exe Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 "D:\WINDOWS\System32\0pfq9qor.exe"Process terminated successfully "D:\WINDOWS\System32\0pfq9qor.exe"Process terminated successfully #:26 [arpa.exe] FilePath : D:\WINDOWS\system32\??mbols\ ProcessID : 3328 ThreadCreationTime : 2005-06-10 11:56:47 BasePriority : Normal ClickSpring Object Recognized! Type : Process Data : arpa.exe Category : Malware Comment : (CSI MATCH) Object : D:\WINDOWS\system32\??mbols\ Warning! ClickSpring Object found in memory(D:\WINDOWS\system32\??mbols\arpa.exe) "D:\WINDOWS\system32\??mbols\arpa.exe"Process terminated successfully "D:\WINDOWS\system32\??mbols\arpa.exe"Process terminated successfully #:27 [sssdfgbsdfghbnj.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 3248 ThreadCreationTime : 2005-06-10 12:26:10 BasePriority : Normal #:28 [ad-aware.exe] FilePath : D:\Program\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2172 ThreadCreationTime : 2005-06-10 12:54:51 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 3 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} Value : EffectiveBrandToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4} Hijacker.TopConverting Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c} Hijacker.TopConverting Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1} Hijacker.TopConverting Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f} Hijacker.TopConverting Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f} Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : loader2.loader2ctrl.1 Hijacker.TopConverting Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : loader2.loader2ctrl.1 Value : Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454} Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\avenue media EffectiveBrandToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\effective-i EffectiveBrandToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e} EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e} Value : TIB Browser Object Recognized! Type : Regkey Data : Category : Dialer Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\websiteviewer BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MainDir BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : RestartADPDuration BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TimeOutInterval BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastADPRestart BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TempUniqueKey BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\clickspring ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\clickspring Value : UUID ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\clickspring Value : PID ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : SystemComponent ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : Installer DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\dyfuca DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayIcon DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media EffectiveBrandToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\effective-i EffectiveBrandToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : DisplayName EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : UninstallString EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : DisplayVersion EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : HelpLink EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Publisher EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : URLInfoAbout EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Contact EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Comments EffectiveBrandToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : DisplayIcon SahAgent Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winsock2\layered provider sample TIB Browser Object Recognized! Type : RegValue Data : Category : Dialer Comment : "lc" Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\websiteviewer\settings Value : lc BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : "Internet Optimizer" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Internet Optimizer Windows Object Recognized! Type : RegData Data : explorer.exe d:\windows\system32\wininet.exe Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe d:\windows\system32\wininet.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 135 Objects found so far: 138 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : {79849612-A98F-45B8-95E9-4D13C7B6B35C} (http://static.topconverting.com/activex/website.ocx) Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Value : SystemComponent Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Value : Installer Possible Browser Hijack attempt : {9EB320CE-BE1D-4304-A081-4B4665414BEF} (http://www.mt-download.com/mediaticketsinstaller.cab?refid=4699) SahAgent Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "0pfq9qor" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : 0pfq9qor SahAgent Object Recognized! Type : File Data : 0pfq9qor.exe Category : Data Miner Comment : Object : d:\windows\system32\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 143 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@targetnetworks[2].txt Category : Data Miner Comment : Hits:11 Value : Cookie:radmin@targetnetworks.net/ Expires : 2013-12-01 16:00:00 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@realmedia[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@realmedia.com/ Expires : 2021-01-01 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@0[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@jinternetoptimizer.cjt1.net/HTM/587/0 Expires : 2006-06-10 14:27:50 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@www.shopathomeselect[1].txt Category : Data Miner Comment : Hits:26 Value : Cookie:radmin@www.shopathomeselect.com/ Expires : 2100-01-01 02:00:00 LastSync : Hits:26 UseCount : 0 Hits : 26 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@fastclick[2].txt Category : Data Miner Comment : Hits:3 Value : Cookie:radmin@fastclick.net/ Expires : 2007-05-31 14:23:34 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@casalemedia[1].txt Category : Data Miner Comment : Hits:6 Value : Cookie:radmin@casalemedia.com/ Expires : 2006-06-01 10:36:58 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@z1.adserver[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:radmin@z1.adserver.com/ Expires : 2006-06-10 14:46:34 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@revenue[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@revenue.net/ Expires : 2022-06-10 07:05:42 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@creatives.internetfuel[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@creatives.internetfuel.com/ Expires : 2005-06-11 02:23:38 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 9 Objects found so far: 152 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» TIB Browser Object Recognized! Type : File Data : 125399.exe Category : Dialer Comment : Object : C:\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 153 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\_winxpdisk\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 153 TIB Browser Object Recognized! Type : File Data : 2.dat Category : Dialer Comment : Object : D:\Documents and Settings\radmin\Skrivbord\ TIB Browser Object Recognized! Type : File Data : 125399[1].exe Category : Dialer Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\4E3UGGJF\ DyFuCA Object Recognized! Type : File Data : optimize[1].exe Category : Malware Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\4E3UGGJF\ TIB Browser Object Recognized! Type : File Data : all[1].exe Category : Dialer Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\8AAOM05T\ DyFuCA Object Recognized! Type : File Data : nem220[1].dll Category : Malware Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\8AAOM05T\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL Disk Scan Result for D:\Documents and Settings\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 158 Disk Scan Result for D:\music\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 158 DyFuCA Object Recognized! Type : File Data : optimize.exe Category : Malware Comment : Object : D:\Program Files\Internet Optimizer\ Disk Scan Result for D:\Program Files\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\AWS\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Bazooka Scanner\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\ClamWin\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Common files\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\ComPlus Applications\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Delade filer\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\HHD Software\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Internet Explorer\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Java\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Lavasoft\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Messenger\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\microsoft frontpage\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Movie Maker\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Mozilla Firefox\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\MSN Gaming Zone\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\MSN\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\NetMeeting\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Onlinetjänster\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\OSS\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Outlook Express\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Registry Firewall\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\regprot\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\SilverAge Software\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\SPCS\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Spybot - Search & Destroy\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\sysinternals\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Uninstall Information\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\upx\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Windows Media Components\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Windows Media Player\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Windows NT\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\WindowsUpdate\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\xerox\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\Program\Zone Labs\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\RECYCLER\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\System Volume Information\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 Disk Scan Result for D:\temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 159 ExactSearchBar Object Recognized! Type : File Data : exdl.exe Category : Data Miner Comment : Object : D:\WINDOWS\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe DyFuCA Object Recognized! Type : File Data : nem220.dll Category : Malware Comment : Object : D:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL DyFuCA Object Recognized! Type : File Data : optimize.exe Category : Malware Comment : Object : D:\WINDOWS\ SahAgent Object Recognized! Type : File Data : ss7g9i4q.exe Category : Data Miner Comment : Object : D:\WINDOWS\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 TIB Browser Object Recognized! Type : File Data : all64.exe Category : Dialer Comment : Object : D:\WINDOWS\system32\ ExactSearchBar Object Recognized! Type : File Data : exdl.exe Category : Data Miner Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe ExactSearchBar Object Recognized! Type : File Data : exdl0.exe Category : Data Miner Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe ExactSearchBar Object Recognized! Type : File Data : exdl1.exe Category : Data Miner Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul.exe Category : Malware Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exul1.exe Category : Malware Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : javexulm.vxd Category : Malware Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe ExactSearchBar Object Recognized! Type : File Data : mqexdlm.srg Category : Data Miner Comment : Object : D:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe SahAgent Object Recognized! Type : File Data : umqltg4cl_.exe Category : Data Miner Comment : Object : D:\WINDOWS\Temp\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Disk Scan Result for D:\WINDOWS\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 172 Scanning Hosts file...... Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 81 entries scanned. New critical objects:0 Objects found so far: 172 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» ClickSpring Object Recognized! Type : File Data : MediaTicketsInstaller.INF Category : Malware Comment : Object : D:\WINDOWS\downloaded program files\ ClickSpring Object Recognized! Type : File Data : MediaTicketsInstaller.ocx Category : Malware Comment : Object : D:\WINDOWS\downloaded program files\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : MediaTicketsInstaller ActiveX Control Module CompanyName : PowerTeam Corporation FileDescription : MediaTicketsInstaller ActiveX Control Module InternalName : MediaTicketsInstaller LegalCopyright : Copyright (C) 2003 OriginalFilename : MediaTicketsInstaller.OCX BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : InstallOccurUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : AlreadyInstalledUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : ETServer BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : NewPartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\BullsEye Network BargainBuddy Object Recognized! Type : File Data : ad.dat Category : Malware Comment : Object : D:\Program\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ub.dat Category : Malware Comment : Object : D:\Program\bullseye network\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe Category : Malware Comment : Object : D:\Program\bullseye network\ FileVersion : 8.0.3.9 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module BargainBuddy Object Recognized! Type : File Data : adv.exe Category : Malware Comment : Object : D:\Program\bullseye network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe Category : Malware Comment : Object : D:\Program\bullseye network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe BargainBuddy Object Recognized! Type : File Data : bargains.exe Category : Malware Comment : Object : D:\Program\bullseye network\bin\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : D:\WINDOWS\System32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe Category : Malware Comment : Object : D:\WINDOWS\System32\ BargainBuddy Object Recognized! Type : File Data : msbe.dll Category : Malware Comment : Object : D:\WINDOWS\System32\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : ADP Module CompanyName : eXact Advertising FileDescription : ADP Module InternalName : apuc LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL EffectiveBrandToolbar Object Recognized! Type : Folder Category : Data Miner Comment : Object : D:\Program\TheSearchAccelerator TIB Browser Object Recognized! Type : Regkey Data : Category : Dialer Comment : Rootkey : HKEY_CURRENT_USER Object : software\websiteviewer TIB Browser Object Recognized! Type : Folder Category : Dialer Comment : Object : D:\Program\WebSiteViewer TIB Browser Object Recognized! Type : File Data : sex.lnk Category : Dialer Comment : Object : D:\Documents and Settings\radmin\Skrivbord\ TIB Browser Object Recognized! Type : File Data : 125399.ban Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : 125399.dd Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : 125399.dlr Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : 125399.exe Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : 125399.ico Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : lSE.txt Category : Dialer Comment : Object : D:\Program\websiteviewer\ TIB Browser Object Recognized! Type : File Data : sex.lnk Category : Dialer Comment : Object : D:\Documents and Settings\radmin\Start-meny\ TIB Browser Object Recognized! Type : File Data : sex.lnk Category : Dialer Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Skrivbord\sex.lnk Object : D:\Documents and Settings\radmin\Skrivbord\ TIB Browser Object Recognized! Type : File Data : sex.lnk Category : Dialer Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\sex.lnk Object : D:\Documents and Settings\radmin\Start-meny\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 46 Objects found so far: 218 15:10:00 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:14:35.58 Objects scanned:80635 Objects identified:225 Objects ignored:0 New critical objects:225