D
Damian Stalls
I have included information from MS Anti-Spyware and Ad-
Aware. Please continue down to see Ad-Aware's results.
The very bottom of post shows Ad-Aware's total.
---------------------------------------
This is what MS Anti-Spyware Detected..
---------------------------------------
Possible Browser Hijack
Type: Browser Modifier
Threat Level: High
Description: Possible Browser Hijack redirects Internet
Explorer.
Advice: High-risk items have a large potential for adverse
effect, such as loss of computer control, and should be
removed unless knowingly installed.
About Browser Modifier: Software that changes browser
settings, such as the homepage, without adequate consen
--------------------------------------------------
Ad-Aware's Results on the same system:
--------------------------------------------------
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, March 22, 2005 11:33:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):25 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total
references
Tracking Cookie(TAC index:3):83 total references
xirc.darkwarez(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user
only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates
critical objects
3-22-2005 11:33:18 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 3-22-2005 4:50:13 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 3-22-2005 4:50:16 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 3-22-2005 4:50:18 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 3-22-2005 4:50:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 3-22-2005 4:50:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 3-22-2005 4:50:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 3-22-2005 4:50:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 3-22-2005 4:50:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 3-22-2005 4:50:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 3-22-2005 4:50:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 3-22-2005 4:50:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ipud32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 3-22-2005 4:51:04 PM
BasePriority : Normal
xirc.darkwarez Object Recognized!
Type : Process
Data : ipud32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
Warning! xirc.darkwarez Object found in memory
(C:\WINDOWS\system32\ipud32.exe)
"C:\WINDOWS\system32\ipud32.exe"Process terminated
successfully
"C:\WINDOWS\system32\ipud32.exe"Process terminated
successfully
#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 1552
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager
Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:14 [defwatch.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1572
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec
Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
#:15 [mdm.exe]
FilePath : C:\Program Files\Common
Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1620
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : mdm.exe
#:16 [savroam.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1652
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.5.0.0
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec
Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe
#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1688
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:18 [rtvscan.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1724
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec
Corporation. All rights reserved.
#:19 [ccevtmgr.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 1804
ThreadCreationTime : 3-22-2005 4:51:08 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager
Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:20 [brmfrsmg.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 3-22-2005 4:51:10 PM
BasePriority : Normal
FileVersion : 1.45.15.340
ProductVersion : 1.45.15.340
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother MFL Pro Resource Manager
InternalName : BrmfRsmg for Windows2000
LegalCopyright : Copyright (C) 1996-2001 Brother
Industries, Ltd.
OriginalFilename : BrmfRsmg.exe
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 3-22-2005 4:51:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : ALG.exe
#:22 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 34408
ThreadCreationTime : 3-23-2005 7:13:43 AM
BasePriority : Normal
#:23 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 34440
ThreadCreationTime : 3-23-2005 7:13:44 AM
BasePriority : High
#:24 [rdpclip.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 34620
ThreadCreationTime : 3-23-2005 7:13:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : RDP Clip Monitor
InternalName : RDPClip
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : RDPClip.exe
#:25 [ccapp.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 33096
ThreadCreationTime : 3-23-2005 7:14:07 AM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:26 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft
AntiSpyware\
ProcessID : 33164
ThreadCreationTime : 3-23-2005 7:14:09 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft
Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are
registered trademarks of Microsoft Corporation. SpyNet(tm)
is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:27 [sdktv32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 33244
ThreadCreationTime : 3-23-2005 7:14:09 AM
BasePriority : Normal
Warning! CoolWebSearch Object found in memory
(C:\WINDOWS\system32\sdktv32.exe)
CoolWebSearch Object Recognized!
Type : Process
Data : sdktv32.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\sdktv32.exe"Process terminated
successfully
"C:\WINDOWS\system32\sdktv32.exe"Process terminated
successfully
#:28 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0
\Distillr\
ProcessID : 33336
ThreadCreationTime : 3-23-2005 7:14:11 AM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat
Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems
Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:29 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft
AntiSpyware\
ProcessID : 33400
ThreadCreationTime : 3-23-2005 7:14:11 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft
Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are
registered trademarks of Microsoft Corporation. SpyNet(tm)
is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:30 [logon.scr]
FilePath : C:\WINDOWS\system32\
ProcessID : 33960
ThreadCreationTime : 3-23-2005 7:23:48 AM
BasePriority : Idle
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Logon Screen Saver
InternalName : logon
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : logon
#:31 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 33708
ThreadCreationTime : 3-23-2005 7:28:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : EXPLORER.EXE
#:32 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 33332
ThreadCreationTime : 3-23-2005 7:33:03 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:33 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 33628
ThreadCreationTime : 3-23-2005 7:33:03 AM
BasePriority : Normal
FileVersion : 5.2.3790.1159 (dnsrv.040209-1620)
ProductVersion : 5.2.3790.1159
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : HH.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0dce97d-ee8a-f1c7-121c-
ad36b035e509}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-
9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sdktv32.exe"
Rootkey : HKEY_LOCAL_MACHINE
Object :
Software\Microsoft\Windows\CurrentVersion\Run
Value : sdktv32.exe
CoolWebSearch Object Recognized!
Type : File
Data : sdktv32.exe
Category : Malware
Comment :
Object : c:\windows\system32\
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 3-20-2010 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value :
Cookie:[email protected]/
Expires : 3-21-2005 9:08:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 8
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@ad-logics[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@ad-logics[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)-sys[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@domainsponsor[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@excite[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@excite[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@maxserving[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@overture[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@pro-market[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@revenue[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@specificclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@specificclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@statcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@targetnet[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@valueclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)4[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@gator[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@gator[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected]
[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@apmebf[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)4[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@overture[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@qsrch[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@qsrch[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected]
[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
CoolWebSearch Object Recognized!
Type : File
Data : javatp.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : rayxc.dat
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : hnmqw.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : ient.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : sszki.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 94
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered:
http://www.onlysex.ws/
Object : C:\Documents and
Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered:
http://www.lookfor.cc/
Object : C:\Documents and
Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free porn.url
Category : Misc
Comment : Problematic URL discovered:
http://www.7days.ws/
Object : C:\Documents and
Settings\Administrator\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\urlsearchhooks
Value : {91EF62AC-1515-4102-869D-
7CF17FBD48DC}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet
explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet
explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\main
Value : Use Search Asst
Data : no
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 113
11:52:30 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:11.362
Objects scanned:134700
Objects identified:113
Objects ignored:0
New critical objects:113
Aware. Please continue down to see Ad-Aware's results.
The very bottom of post shows Ad-Aware's total.
---------------------------------------
This is what MS Anti-Spyware Detected..
---------------------------------------
Possible Browser Hijack
Type: Browser Modifier
Threat Level: High
Description: Possible Browser Hijack redirects Internet
Explorer.
Advice: High-risk items have a large potential for adverse
effect, such as loss of computer control, and should be
removed unless knowingly installed.
About Browser Modifier: Software that changes browser
settings, such as the homepage, without adequate consen
--------------------------------------------------
Ad-Aware's Results on the same system:
--------------------------------------------------
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, March 22, 2005 11:33:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):25 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total
references
Tracking Cookie(TAC index:3):83 total references
xirc.darkwarez(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user
only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates
critical objects
3-22-2005 11:33:18 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 3-22-2005 4:50:13 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 3-22-2005 4:50:16 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 3-22-2005 4:50:18 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 3-22-2005 4:50:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 3-22-2005 4:50:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 3-22-2005 4:50:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 3-22-2005 4:50:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 3-22-2005 4:50:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 3-22-2005 4:50:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 3-22-2005 4:50:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 3-22-2005 4:50:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ipud32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 3-22-2005 4:51:04 PM
BasePriority : Normal
xirc.darkwarez Object Recognized!
Type : Process
Data : ipud32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
Warning! xirc.darkwarez Object found in memory
(C:\WINDOWS\system32\ipud32.exe)
"C:\WINDOWS\system32\ipud32.exe"Process terminated
successfully
"C:\WINDOWS\system32\ipud32.exe"Process terminated
successfully
#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 1552
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager
Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:14 [defwatch.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1572
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec
Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
#:15 [mdm.exe]
FilePath : C:\Program Files\Common
Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1620
ThreadCreationTime : 3-22-2005 4:51:05 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : mdm.exe
#:16 [savroam.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1652
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.5.0.0
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec
Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe
#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1688
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32
Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : svchost.exe
#:18 [rtvscan.exe]
FilePath : C:\Program Files\Symantec
AntiVirus\
ProcessID : 1724
ThreadCreationTime : 3-22-2005 4:51:06 PM
BasePriority : Normal
FileVersion : 9.0.0.338
ProductVersion : 9.0.0.338
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec
Corporation. All rights reserved.
#:19 [ccevtmgr.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 1804
ThreadCreationTime : 3-22-2005 4:51:08 PM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager
Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:20 [brmfrsmg.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 3-22-2005 4:51:10 PM
BasePriority : Normal
FileVersion : 1.45.15.340
ProductVersion : 1.45.15.340
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother MFL Pro Resource Manager
InternalName : BrmfRsmg for Windows2000
LegalCopyright : Copyright (C) 1996-2001 Brother
Industries, Ltd.
OriginalFilename : BrmfRsmg.exe
#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 3-22-2005 4:51:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : ALG.exe
#:22 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 34408
ThreadCreationTime : 3-23-2005 7:13:43 AM
BasePriority : Normal
#:23 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 34440
ThreadCreationTime : 3-23-2005 7:13:44 AM
BasePriority : High
#:24 [rdpclip.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 34620
ThreadCreationTime : 3-23-2005 7:13:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : RDP Clip Monitor
InternalName : RDPClip
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : RDPClip.exe
#:25 [ccapp.exe]
FilePath : C:\Program Files\Common
Files\Symantec Shared\
ProcessID : 33096
ThreadCreationTime : 3-23-2005 7:14:07 AM
BasePriority : Normal
FileVersion : 2.2.0.577
ProductVersion : 2.2.0.577
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec
Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:26 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft
AntiSpyware\
ProcessID : 33164
ThreadCreationTime : 3-23-2005 7:14:09 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft
Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are
registered trademarks of Microsoft Corporation. SpyNet(tm)
is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:27 [sdktv32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 33244
ThreadCreationTime : 3-23-2005 7:14:09 AM
BasePriority : Normal
Warning! CoolWebSearch Object found in memory
(C:\WINDOWS\system32\sdktv32.exe)
CoolWebSearch Object Recognized!
Type : Process
Data : sdktv32.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\sdktv32.exe"Process terminated
successfully
"C:\WINDOWS\system32\sdktv32.exe"Process terminated
successfully
#:28 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0
\Distillr\
ProcessID : 33336
ThreadCreationTime : 3-23-2005 7:14:11 AM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat
Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems
Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:29 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft
AntiSpyware\
ProcessID : 33400
ThreadCreationTime : 3-23-2005 7:14:11 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft
Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are
registered trademarks of Microsoft Corporation. SpyNet(tm)
is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:30 [logon.scr]
FilePath : C:\WINDOWS\system32\
ProcessID : 33960
ThreadCreationTime : 3-23-2005 7:23:48 AM
BasePriority : Idle
FileVersion : 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Logon Screen Saver
InternalName : logon
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : logon
#:31 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 33708
ThreadCreationTime : 3-23-2005 7:28:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180
(xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating
System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : EXPLORER.EXE
#:32 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 33332
ThreadCreationTime : 3-23-2005 7:33:03 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:33 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 33628
ThreadCreationTime : 3-23-2005 7:33:03 AM
BasePriority : Normal
FileVersion : 5.2.3790.1159 (dnsrv.040209-1620)
ProductVersion : 5.2.3790.1159
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All
rights reserved.
OriginalFilename : HH.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0dce97d-ee8a-f1c7-121c-
ad36b035e509}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-
9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sdktv32.exe"
Rootkey : HKEY_LOCAL_MACHINE
Object :
Software\Microsoft\Windows\CurrentVersion\Run
Value : sdktv32.exe
CoolWebSearch Object Recognized!
Type : File
Data : sdktv32.exe
Category : Malware
Comment :
Object : c:\windows\system32\
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 3-20-2010 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value :
Cookie:[email protected]/
Expires : 3-21-2005 9:08:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 8
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@ad-logics[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@ad-logics[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)-sys[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@cgi-bin[4].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@cgi-bin[4].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@domainsponsor[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@domainsponsor[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@euniverseads[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@excite[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@excite[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@maxserving[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@overture[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@pro-market[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@pro-market[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@revenue[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@specificclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@specificclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@statcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@targetnet[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@valueclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bwardi@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\bwardi\Cookies\bwardi@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@cgi-bin[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)4[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@gator[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@gator[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected]
[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\[email protected][2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : craggio@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\craggio\Cookies\craggio@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@apmebf[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@apmebf[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@centrport[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)4[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@overture[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@qsrch[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@qsrch[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)
[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected]
[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mchalmers@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\mchalmers@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : (e-mail address removed)[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and
Settings\mchalmers\Cookies\[email protected][1].txt
CoolWebSearch Object Recognized!
Type : File
Data : javatp.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : rayxc.dat
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : hnmqw.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : ient.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : sszki.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 94
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered:
http://www.onlysex.ws/
Object : C:\Documents and
Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered:
http://www.lookfor.cc/
Object : C:\Documents and
Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free porn.url
Category : Misc
Comment : Problematic URL discovered:
http://www.7days.ws/
Object : C:\Documents and
Settings\Administrator\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\urlsearchhooks
Value : {91EF62AC-1515-4102-869D-
7CF17FBD48DC}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet
explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet
explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet
explorer\main
Value : Use Search Asst
Data : no
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 113
11:52:30 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:11.362
Objects scanned:134700
Objects identified:113
Objects ignored:0
New critical objects:113