followed MSAntiSpy with an Ad-Aware scan showing among other, CoolWebSearch. Here's that log:
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 26, 2005 11:38:01 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BroadCastPC(TAC index:7):1 total references
BrowserAid(TAC index:6):3 total references
CoolWebSearch(TAC index:10):8 total references
Tracking Cookie(TAC index:3):37 total references
Virtumonde(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4/26/2005 11:38:01 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 512
ThreadCreationTime : 4/26/2005 6:36:40 PM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 4/26/2005 6:36:42 PM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 4/26/2005 6:36:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 4/26/2005 6:36:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 4/26/2005 6:36:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 4/26/2005 6:36:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 4/26/2005 6:36:45 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 4/26/2005 6:36:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1268
ThreadCreationTime : 4/26/2005 6:36:45 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:10 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 4/26/2005 6:36:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:11 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1408
ThreadCreationTime : 4/26/2005 6:36:46 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:12 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1468
ThreadCreationTime : 4/26/2005 6:36:47 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:13 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1504
ThreadCreationTime : 4/26/2005 6:36:47 PM
BasePriority : High
#:14 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1540
ThreadCreationTime : 4/26/2005 6:36:47 PM
BasePriority : Normal
#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1604
ThreadCreationTime : 4/26/2005 6:36:48 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1692
ThreadCreationTime : 4/26/2005 6:36:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:17 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 4/26/2005 6:37:21 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 656
ThreadCreationTime : 4/26/2005 6:37:22 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:19 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 2056
ThreadCreationTime : 4/26/2005 6:37:25 PM
BasePriority : Normal
FileVersion : 5.3.2.35
ProductVersion : 5.3.2.35
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe
#:20 [ahqtb.exe]
FilePath : C:\Program Files\Creative\SBLive\AudioHQ\
ProcessID : 2124
ThreadCreationTime : 4/26/2005 6:37:26 PM
BasePriority : Normal
FileVersion : 1.3.0
ProductVersion : 1.3.0
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright (c) Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ
#:21 [ctnotify.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 2140
ThreadCreationTime : 4/26/2005 6:37:26 PM
BasePriority : Normal
FileVersion : 1.55.0.0
ProductVersion : 1.55
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : CtNotify
LegalCopyright : Copyright (c) 1999 Creative Technology Ltd.
OriginalFilename : CtNotify.exe
Comments : CtNotify Entry
#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2164
ThreadCreationTime : 4/26/2005 6:37:26 PM
BasePriority : Normal
FileVersion : 0.1.0.2879
ProductVersion : 0.1.0.2879
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2003
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2176
ThreadCreationTime : 4/26/2005 6:37:26 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:24 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 2184
ThreadCreationTime : 4/26/2005 6:37:26 PM
BasePriority : Normal
#:25 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 2208
ThreadCreationTime : 4/26/2005 6:37:27 PM
BasePriority : Normal
FileVersion : 3.1.1.184
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2003 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:26 [mediadet.exe]
FilePath : C:\Program Files\Creative\ShareDLL\
ProcessID : 2364
ThreadCreationTime : 4/26/2005 6:37:29 PM
BasePriority : Normal
FileVersion : 1.55.2.0
ProductVersion : 1.55
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright (c) 1998 Creative Technology Ltd.
OriginalFilename : MediaDet.exe
Comments : Local Server
#:27 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2516
ThreadCreationTime : 4/26/2005 6:37:32 PM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:28 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2592
ThreadCreationTime : 4/26/2005 6:37:35 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2600
ThreadCreationTime : 4/26/2005 6:37:36 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : uid2
BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : Country
Virtumonde Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2025429265-1078145449-1957994488-1008\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\earn
Virtumonde Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2025429265-1078145449-1957994488-1008\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\earn
Value : Order
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BHOW"
Rootkey : HKEY_USERS
Object : S-1-5-21-2025429265-1078145449-1957994488-1008\software\microsoft\internet explorer\main
Value : BHOW
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 6
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@0[1].txt
Category : Data Miner
Comment : Hits:57
Value : Cookie:hayden@jbigpops.cjt1.net/HTM/378/0
Expires : 3/12/2006 12:46:40 PM
LastSync : Hits:57
UseCount : 0
Hits : 57
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
hayden@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@z1.adserver.com/
Expires : 3/14/2006 9:43:54 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@maxserving.com/
Expires : 3/10/2015 1:17:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@2o7[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:hayden@2o7.net/
Expires : 3/11/2010 9:14:02 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@realmedia[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:hayden@realmedia.com/
Expires : 3/14/2006 10:13:40 PM
LastSync : Hits:13
UseCount : 0
Hits : 13
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@0[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:hayden@jgen26.cjt1.net/HTM/672/0
Expires : 3/12/2006 12:28:20 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@centrport.net/
Expires : 12/31/2029 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@qksrv[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:hayden@qksrv.net/
Expires : 3/4/2010 9:24:32 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@euniverseads[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:hayden@euniverseads.com/
Expires : 12/31/2010 5:00:00 PM
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@revenue[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:hayden@revenue.net/
Expires : 6/9/2022 10:05:42 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
hayden@ads.addynamix[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@ads.addynamix.com/
Expires : 3/15/2005 9:10:12 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@oinadserve[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:hayden@oinadserve.com/
Expires : 12/31/2020 5:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@specificclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@specificclick.net/
Expires : 3/10/2015 10:49:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@trafficmp[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:hayden@trafficmp.com/
Expires : 3/14/2006 9:48:22 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@zedo[1].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:hayden@zedo.com/
Expires : 3/12/2015 8:39:54 PM
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@~~local~~[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@~~local~~/
Expires : 3/15/2005 9:43:52 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@0[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:hayden@jwindsorandpearl.cjt1.net/HTM/559/0
Expires : 3/5/2006 1:15:30 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
hayden@ran.popuppers[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:hayden@ran.popuppers.com/
Expires : 3/15/2005 8:50:40 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@pro-market[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:hayden@pro-market.net/
Expires : 5/31/2030 5:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
hayden@perf.overture[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@perf.overture.com/
Expires : 4/21/2009 12:02:04 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@apmebf[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:hayden@apmebf.com/
Expires : 3/4/2010 9:24:32 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@casalemedia[2].txt
Category : Data Miner
Comment : Hits:35
Value : Cookie:hayden@casalemedia.com/
Expires : 3/5/2006 4:43:56 PM
LastSync : Hits:35
UseCount : 0
Hits : 35
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
hayden@c5.zedo[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:hayden@c5.zedo.com/
Expires : 3/15/2005 8:43:34 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hayden@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:hayden@statcounter.com/
Expires : 3/11/2010 10:37:30 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 30
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BroadCastPC Object Recognized!
Type : File
Data : GLM7E.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Hayden\Local Settings\Temp\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mom & dad@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@0[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@adrevolver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
whitney@ads.addynamix[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@ads.addynamix[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
whitney@as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@as-us.falkag[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@centrport[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@maxserving[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@maxserving[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
whitney@premiumnetworkrocks.valuead[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@premiumnetworkrocks.valuead[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@revenue[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
whitney@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : whitney@~~local~~[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Whitney\Cookies\whitney@~~local~~[1].txt
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
75 entries scanned.
New critical objects:0
Objects found so far: 44
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .key
Virtumonde Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .key
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_zesoft
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\media
Value : GUID
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : nid
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 53
11:50:56 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:55.605
Objects scanned:126833
Objects identified:53
Objects ignored:0
New critical objects:53