Ad-Aware SE Build 1.05
Logfile Created on:den 10 juni 2005 14:55:25
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
换换换换换换换换换换换换换换换换换换换换换换换换换�
References detected during the scan:
换换换换换换换换换换换换换换换换换换换�
BargainBuddy(TAC index:8):80 total references
ClickSpring(TAC index:6):15 total references
DyFuCA(TAC index:3):36 total references
EffectiveBrandToolbar(TAC index:7):17 total references
ExactSearchBar(TAC index:5):5 total references
Hijacker.TopConverting(TAC index:5):12 total references
Other(TAC index:5):15 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
SahAgent(TAC index:9):6 total references
TIB Browser(TAC index:6):19 total references
Tracking Cookie(TAC index:3):9 total references
Windows(TAC index:3):1 total references
换换换换换换换换换换换换换换换换换换换�
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
2005-06-10 14:55:25 - Scan started. (Custom mode)
Listing running processes
换换换换换换换换换换换换换换换换换换换
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 2005-06-10 10:31:53
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 2005-06-10 10:32:03
BasePriority : High
#:3 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 2005-06-10 10:32:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Operativsystemet Microsoft� Windows�
CompanyName : Microsoft Corporation
FileDescription : Tj鋘st- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : � Microsoft Corporation. Med ensamr鋞t.
OriginalFilename : services.exe
#:4 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 2005-06-10 10:32:04
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 2005-06-10 10:32:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 852
ThreadCreationTime : 2005-06-10 10:32:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1180
ThreadCreationTime : 2005-06-10 10:32:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [cisvc.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 2005-06-10 10:32:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:9 [vsmon.exe]
FilePath : D:\WINDOWS\system32\ZoneLabs\
ProcessID : 1364
ThreadCreationTime : 2005-06-10 10:32:21
BasePriority : Normal
FileVersion : 5.5.062.004
ProductVersion : 5.5.062.004
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright � 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:10 [rundll32.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 2020
ThreadCreationTime : 2005-06-10 10:36:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Operativsystemet Microsoft� Windows�
CompanyName : Microsoft Corporation
FileDescription : K鰎 en DLL-fil som ett program
InternalName : rundll
LegalCopyright : � Microsoft Corporation. Med ensamr鋞t.
OriginalFilename : RUNDLL.EXE
#:11 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 352
ThreadCreationTime : 2005-06-10 10:36:44
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Operativsystemet Microsoft� Windows�
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : � Microsoft Corporation. Med ensamr鋞t.
OriginalFilename : EXPLORER.EXE
#:12 [zlclient.exe]
FilePath : D:\Program\Zone Labs\ZoneAlarm\
ProcessID : 792
ThreadCreationTime : 2005-06-10 10:36:55
BasePriority : Normal
FileVersion : 5.5.062.004
ProductVersion : 5.5.062.004
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright � 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:13 [cidaemon.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1672
ThreadCreationTime : 2005-06-10 10:39:35
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:14 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1932
ThreadCreationTime : 2005-06-10 11:36:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft� Windows� Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : � Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [taskmgr.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 300
ThreadCreationTime : 2005-06-10 11:38:40
BasePriority : High
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Operativsystemet Microsoft� Windows�
CompanyName : Microsoft Corporation
FileDescription : Aktivitetshanteraren
InternalName : taskmgr
LegalCopyright : � Microsoft Corporation. Med ensamr鋞t.
OriginalFilename : taskmgr.exe
#:16 [xxxxx.exe]
FilePath : c:\
ProcessID : 1384
ThreadCreationTime : 2005-06-10 11:43:24
BasePriority : Normal
#:17 [intronsad.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 2005-06-10 11:45:20
BasePriority : Normal
#:18 [sssdfgbsdfghbnj.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1340
ThreadCreationTime : 2005-06-10 11:46:27
BasePriority : Normal
#:19 [sssdfgbsdfghbnj.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1876
ThreadCreationTime : 2005-06-10 11:46:27
BasePriority : Normal
#:20 [optimize.exe]
FilePath : D:\Program Files\Internet Optimizer\
ProcessID : 2108
ThreadCreationTime : 2005-06-10 11:48:25
BasePriority : Normal
Warning! DyFuCA Object found in memory(D:\Program Files\Internet Optimizer\optimize.exe)
DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment :
Object : D:\Program Files\Internet Optimizer\
"D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
"D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
#:21 [weirdontheweb.exe]
FilePath : D:\Program\WeirdOnTheWeb\
ProcessID : 2216
ThreadCreationTime : 2005-06-10 11:49:08
BasePriority : Normal
FileVersion : 18.317.0.18
ProductVersion : 18.317.0.18
ProductName : Notifier
FileDescription : Notifier
LegalCopyright : Copyright � 2004 Notifier
#:22 [lruc.exe]
FilePath : D:\Program\ptwh\
ProcessID : 2476
ThreadCreationTime : 2005-06-10 11:50:19
BasePriority : Normal
#:23 [bargains.exe]
FilePath : D:\Program\BullsEye Network\bin\
ProcessID : 2532
ThreadCreationTime : 2005-06-10 11:50:43
BasePriority : Normal
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright � 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
#:24 [msxct.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 2612
ThreadCreationTime : 2005-06-10 11:51:04
BasePriority : Normal
#:25 [0pfq9qor.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 2720
ThreadCreationTime : 2005-06-10 11:51:58
BasePriority : Idle
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
Warning! SahAgent Object found in memory(D:\WINDOWS\System32\0pfq9qor.exe)
SahAgent Object Recognized!
Type : Process
Data : 0pfq9qor.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\System32\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
"D:\WINDOWS\System32\0pfq9qor.exe"Process terminated successfully
"D:\WINDOWS\System32\0pfq9qor.exe"Process terminated successfully
#:26 [arpa.exe]
FilePath : D:\WINDOWS\system32\??mbols\
ProcessID : 3328
ThreadCreationTime : 2005-06-10 11:56:47
BasePriority : Normal
ClickSpring Object Recognized!
Type : Process
Data : arpa.exe
Category : Malware
Comment : (CSI MATCH)
Object : D:\WINDOWS\system32\??mbols\
Warning! ClickSpring Object found in memory(D:\WINDOWS\system32\??mbols\arpa.exe)
"D:\WINDOWS\system32\??mbols\arpa.exe"Process terminated successfully
"D:\WINDOWS\system32\??mbols\arpa.exe"Process terminated successfully
#:27 [sssdfgbsdfghbnj.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 3248
ThreadCreationTime : 2005-06-10 12:26:10
BasePriority : Normal
#:28 [ad-aware.exe]
FilePath : D:\Program\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2172
ThreadCreationTime : 2005-06-10 12:54:51
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright � Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
换换换换换换换换换换换换换换换换换换换
New critical objects: 3
Objects found so far: 3
Started registry scan
换换换换换换换换换换换换换换换换换换换
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}
Value :
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}
Value :
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaticketsinstaller.mediaticketsinstallerctrl.1
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaticketsinstaller.mediaticketsinstallerctrl.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Value :
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454}
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\policies\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\avenue media
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\effective-i
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :
TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\websiteviewer
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MainDir
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : Binary
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SoftwareUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPath
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SliderLegalText
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPort
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryFailedDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : BuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : AdvDelaySec
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TrackingFileFlag
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : RestartADPDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TimeOutInterval
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastADPRestart
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerID
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SystemInstallTime
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TempUniqueKey
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : FirstHit
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UniqueKey
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : IdleMinutesThreshold
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinMinutesBetweenTwoADs
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDomainCap
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinCountOfUrlsBetweenTwoADs
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDailyCapPerUSer
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastQueryTime
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : UUID
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring
Value : PID
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}
Value : SystemComponent
ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}
Value : Installer
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayIcon
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayName
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\effective-i
EffectiveBrandToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : DisplayName
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : UninstallString
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : DisplayVersion
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : HelpLink
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : Publisher
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : URLInfoAbout
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : Contact
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : Comments
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator
Value : DisplayIcon
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample
TIB Browser Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : "lc"
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\websiteviewer\settings
Value : lc
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UninstallUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UninstallUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UniqueKeyUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UniqueKeyUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHitUrl"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHitUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BullsEye Network"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : BullsEye Network
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Internet Optimizer"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Internet Optimizer
Windows Object Recognized!
Type : RegData
Data : explorer.exe d:\windows\system32\wininet.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe d:\windows\system32\wininet.exe
Registry Scan result:
换换换换换换换换换换换换换换换换换换换
New critical objects: 135
Objects found so far: 138
Started deep registry scan
换换换换换换换换换换换换换换换换换换换
Possible Browser Hijack attempt : {79849612-A98F-45B8-95E9-4D13C7B6B35C} (http://static.topconverting.com/activex/website.ocx)
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}
Value : SystemComponent
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}
Value : Installer
Possible Browser Hijack attempt : {9EB320CE-BE1D-4304-A081-4B4665414BEF} (http://www.mt-download.com/mediaticketsinstaller.cab?refid=4699)
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "0pfq9qor"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : 0pfq9qor
SahAgent Object Recognized!
Type : File
Data : 0pfq9qor.exe
Category : Data Miner
Comment :
Object : d:\windows\system32\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
Deep registry scan result:
换换换换换换换换换换换换换换换换换换换
New critical objects: 4
Objects found so far: 143
Started Tracking Cookie scan
换换换换换换换换换换换换换换换换换换换
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@targetnetworks[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:radmin@targetnetworks.net/
Expires : 2013-12-01 16:00:00
LastSync : Hits:11
UseCount : 0
Hits : 11
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@realmedia[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:radmin@realmedia.com/
Expires : 2021-01-01 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:radmin@jinternetoptimizer.cjt1.net/HTM/587/0
Expires : 2006-06-10 14:27:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@www.shopathomeselect[1].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:radmin@www.shopathomeselect.com/
Expires : 2100-01-01 02:00:00
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@fastclick[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:radmin@fastclick.net/
Expires : 2007-05-31 14:23:34
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@casalemedia[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:radmin@casalemedia.com/
Expires : 2006-06-01 10:36:58
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:radmin@z1.adserver.com/
Expires : 2006-06-10 14:46:34
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@revenue[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:radmin@revenue.net/
Expires : 2022-06-10 07:05:42
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : radmin@creatives.internetfuel[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:radmin@creatives.internetfuel.com/
Expires : 2005-06-11 02:23:38
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
换换换换换换换换换换换换换换换换换换换
New critical objects: 9
Objects found so far: 152
Deep scanning and examining files (C:)
换换换换换换换换换换换换换换换换换换换
TIB Browser Object Recognized!
Type : File
Data : 125399.exe
Category : Dialer
Comment :
Object : C:\
Disk Scan Result for C:\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 153
Deep scanning and examining files (D:)
换换换换换换换换换换换换换换换换换换换
Disk Scan Result for D:\_winxpdisk\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 153
TIB Browser Object Recognized!
Type : File
Data : 2.dat
Category : Dialer
Comment :
Object : D:\Documents and Settings\radmin\Skrivbord\
TIB Browser Object Recognized!
Type : File
Data : 125399[1].exe
Category : Dialer
Comment :
Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\4E3UGGJF\
DyFuCA Object Recognized!
Type : File
Data : optimize[1].exe
Category : Malware
Comment :
Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\4E3UGGJF\
TIB Browser Object Recognized!
Type : File
Data : all[1].exe
Category : Dialer
Comment :
Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\8AAOM05T\
DyFuCA Object Recognized!
Type : File
Data : nem220[1].dll
Category : Malware
Comment :
Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\8AAOM05T\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL
Disk Scan Result for D:\Documents and Settings\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 158
Disk Scan Result for D:\music\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 158
DyFuCA Object Recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : D:\Program Files\Internet Optimizer\
Disk Scan Result for D:\Program Files\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\AWS\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Bazooka Scanner\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\ClamWin\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Common files\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\ComPlus Applications\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Delade filer\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\HHD Software\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Internet Explorer\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Java\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Lavasoft\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Messenger\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\microsoft frontpage\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Movie Maker\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Mozilla Firefox\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\MSN Gaming Zone\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\MSN\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\NetMeeting\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Onlinetj鋘ster\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\OSS\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Outlook Express\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Registry Firewall\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\regprot\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\SilverAge Software\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\SPCS\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Spybot - Search & Destroy\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\sysinternals\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Uninstall Information\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\upx\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Windows Media Components\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Windows Media Player\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Windows NT\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\WindowsUpdate\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\xerox\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\Program\Zone Labs\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\RECYCLER\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\System Volume Information\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
Disk Scan Result for D:\temp\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 159
ExactSearchBar Object Recognized!
Type : File
Data : exdl.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
DyFuCA Object Recognized!
Type : File
Data : nem220.dll
Category : Malware
Comment :
Object : D:\WINDOWS\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL
DyFuCA Object Recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : D:\WINDOWS\
SahAgent Object Recognized!
Type : File
Data : ss7g9i4q.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
TIB Browser Object Recognized!
Type : File
Data : all64.exe
Category : Dialer
Comment :
Object : D:\WINDOWS\system32\
ExactSearchBar Object Recognized!
Type : File
Data : exdl.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
ExactSearchBar Object Recognized!
Type : File
Data : exdl0.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
ExactSearchBar Object Recognized!
Type : File
Data : exdl1.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
BargainBuddy Object Recognized!
Type : File
Data : exul.exe
Category : Malware
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe
BargainBuddy Object Recognized!
Type : File
Data : exul1.exe
Category : Malware
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe
BargainBuddy Object Recognized!
Type : File
Data : javexulm.vxd
Category : Malware
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe
ExactSearchBar Object Recognized!
Type : File
Data : mqexdlm.srg
Category : Data Miner
Comment :
Object : D:\WINDOWS\system32\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe
SahAgent Object Recognized!
Type : File
Data : umqltg4cl_.exe
Category : Data Miner
Comment :
Object : D:\WINDOWS\Temp\
FileVersion : 4, 0, 2, 3
ProductVersion : 4, 0, 2, 3
Disk Scan Result for D:\WINDOWS\
换换换换换换换换换换换换换换换换换换换
New critical objects: 0
Objects found so far: 172
Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换换
Hosts file scan result:
换换换换换换换换换换换换换换换换换换换
81 entries scanned.
New critical objects:0
Objects found so far: 172
Performing conditional scans...
换换换换换换换换换换换换换换换换换换换
ClickSpring Object Recognized!
Type : File
Data : MediaTicketsInstaller.INF
Category : Malware
Comment :
Object : D:\WINDOWS\downloaded program files\
ClickSpring Object Recognized!
Type : File
Data : MediaTicketsInstaller.ocx
Category : Malware
Comment :
Object : D:\WINDOWS\downloaded program files\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : MediaTicketsInstaller ActiveX Control Module
CompanyName : PowerTeam Corporation
FileDescription : MediaTicketsInstaller ActiveX Control Module
InternalName : MediaTicketsInstaller
LegalCopyright : Copyright (C) 2003
OriginalFilename : MediaTicketsInstaller.OCX
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : InstallOccurUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : AlreadyInstalledUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : ETServer
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : NewPartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : System
BargainBuddy Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : D:\Program\BullsEye Network
BargainBuddy Object Recognized!
Type : File
Data : ad.dat
Category : Malware
Comment :
Object : D:\Program\bullseye network\
BargainBuddy Object Recognized!
Type : File
Data : ub.dat
Category : Malware
Comment :
Object : D:\Program\bullseye network\
BargainBuddy Object Recognized!
Type : File
Data : Uninstall.exe
Category : Malware
Comment :
Object : D:\Program\bullseye network\
FileVersion : 8.0.3.9
ProductName : BullsEye Network
CompanyName : eXact Advertising
FileDescription : BargainBuddy Module
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
LegalTrademarks : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
Comments : BargainBuddy Module
BargainBuddy Object Recognized!
Type : File
Data : adv.exe
Category : Malware
Comment :
Object : D:\Program\bullseye network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe
BargainBuddy Object Recognized!
Type : File
Data : adx.exe
Category : Malware
Comment :
Object : D:\Program\bullseye network\bin\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright � 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe
BargainBuddy Object Recognized!
Type : File
Data : bargains.exe
Category : Malware
Comment :
Object : D:\Program\bullseye network\bin\
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright � 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
BargainBuddy Object Recognized!
Type : File
Data : bbchk.exe
Category : Malware
Comment :
Object : D:\WINDOWS\System32\
FileVersion : 5.101.1663.1
ProductVersion : 5.101.1663.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : ECM ChkTrust
InternalName : CHKTRUST.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : CHKTRUST.EXE
BargainBuddy Object Recognized!
Type : File
Data : exclean.exe
Category : Malware
Comment :
Object : D:\WINDOWS\System32\
BargainBuddy Object Recognized!
Type : File
Data : msbe.dll
Category : Malware
Comment :
Object : D:\WINDOWS\System32\
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : ADP Module
CompanyName : eXact Advertising
FileDescription : ADP Module
InternalName : apuc
LegalCopyright : Copyright � 2003-2005 eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : apuc.DLL
EffectiveBrandToolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : D:\Program\TheSearchAccelerator
TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\websiteviewer
TIB Browser Object Recognized!
Type : Folder
Category : Dialer
Comment :
Object : D:\Program\WebSiteViewer
TIB Browser Object Recognized!
Type : File
Data : sex.lnk
Category : Dialer
Comment :
Object : D:\Documents and Settings\radmin\Skrivbord\
TIB Browser Object Recognized!
Type : File
Data : 125399.ban
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 125399.dd
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 125399.dlr
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 125399.exe
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : 125399.ico
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : lSE.txt
Category : Dialer
Comment :
Object : D:\Program\websiteviewer\
TIB Browser Object Recognized!
Type : File
Data : sex.lnk
Category : Dialer
Comment :
Object : D:\Documents and Settings\radmin\Start-meny\
TIB Browser Object Recognized!
Type : File
Data : sex.lnk
Category : Dialer
Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Skrivbord\sex.lnk
Object : D:\Documents and Settings\radmin\Skrivbord\
TIB Browser Object Recognized!
Type : File
Data : sex.lnk
Category : Dialer
Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\sex.lnk
Object : D:\Documents and Settings\radmin\Start-meny\
Conditional scan result:
换换换换换换换换换换换换换换换换换换换
New critical objects: 46
Objects found so far: 218
15:10:00 Scan Complete
Summary Of This Scan
换换换换换换换换换换换换换换换换换换换
Total scanning time:00:14:35.58
Objects scanned:80635
Objects identified:225
Objects ignored:0
New critical objects:225