After I run the scan, and the quarantine, when it tries to delete the files, it just hangs up, it never finishes deleting the files.. especially if there are a lot of files. My last scan had over 431 files..
are there some files that can't be deleted by adaware?
please help, I am infected with spyware and it is killing my computer....
Full Version: Help with deleting files
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
Hi DOB 
You could try to scan with Adaware in safe mode with the latest update
http://www.computerhope.com/issues/chsafe.htm
Or if that doesn't work post the log here from "normal" mode, then they could see what you have running
When the scan has completed, click "Show Logfile". Copy/paste the complete log file into this thread. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.
Cheers
Mannen
You could try to scan with Adaware in safe mode with the latest update
http://www.computerhope.com/issues/chsafe.htm
Or if that doesn't work post the log here from "normal" mode, then they could see what you have running
When the scan has completed, click "Show Logfile". Copy/paste the complete log file into this thread. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.
Cheers
Mannen
QUOTE(Mannen @ Apr 28 2006, 09:38 PM) 
Hi DOB
You could try to scan with Adaware in safe mode with the latest update
http://www.computerhope.com/issues/chsafe.htm
Or if that doesn't work post the log here from "normal" mode, then they could see what you have running
When the scan has completed, click "Show Logfile". Copy/paste the complete log file into this thread. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.
Cheers
Mannen
You could try to scan with Adaware in safe mode with the latest update
http://www.computerhope.com/issues/chsafe.htm
Or if that doesn't work post the log here from "normal" mode, then they could see what you have running
When the scan has completed, click "Show Logfile". Copy/paste the complete log file into this thread. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.
Cheers
Mannen
thanks
I tried that and it still didn't work in safe mode. I even deleted my cookies and then ran the scan... It gets to the point of deleting files, and hangs up at the end...
I will post the scan log next..
thanks for your help...
Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, April 27, 2006 7:35:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R105 26.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):7 total references
Adware.Look2Me(TAC index:7):45 total references
Adware.ZenoSearch(TAC index:4):6 total references
Alexa(TAC index:5):8 total references
CmdServices(TAC index:4):1 total references
FizzleBar(TAC index:5):1 total references
ImIServer IEPlugin(TAC index:5):5 total references
MRU List(TAC index:0):1 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Softomate Toolbar(TAC index:9):3 total references
SurfSideKickBHO(TAC index:7):1 total references
Targetsaver(TAC index:8):3 total references
Tracking Cookie(TAC index:3):222 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
Win32.TrojanClicker(TAC index:6):1 total references
Win32.TrojanDownloader.Qoologic(TAC index:10):3 total references
WindUpdates(TAC index:8):4 total references
Zango(TAC index:6):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-27-06 7:35:01 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279179573
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921801
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294924761
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278231825
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278242269
Threads : 3
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [GBPOLL.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4278236933
Threads : 2
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Polling Service
InternalName : GoBack Polling Service
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBPoll.exe
Comments : Patents Pending.
#:7 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4278243889
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278190857
Threads : 31
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : MTIHND.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\MTIHND.DLL)
#:9 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278295029
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : FOPWPP.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\FOPWPP.DLL)
Logfile Created on:Thursday, April 27, 2006 7:35:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R105 26.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):7 total references
Adware.Look2Me(TAC index:7):45 total references
Adware.ZenoSearch(TAC index:4):6 total references
Alexa(TAC index:5):8 total references
CmdServices(TAC index:4):1 total references
FizzleBar(TAC index:5):1 total references
ImIServer IEPlugin(TAC index:5):5 total references
MRU List(TAC index:0):1 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Softomate Toolbar(TAC index:9):3 total references
SurfSideKickBHO(TAC index:7):1 total references
Targetsaver(TAC index:8):3 total references
Tracking Cookie(TAC index:3):222 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
Win32.TrojanClicker(TAC index:6):1 total references
Win32.TrojanDownloader.Qoologic(TAC index:10):3 total references
WindUpdates(TAC index:8):4 total references
Zango(TAC index:6):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-27-06 7:35:01 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279179573
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921801
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294924761
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278231825
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278242269
Threads : 3
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [GBPOLL.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4278236933
Threads : 2
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Polling Service
InternalName : GoBack Polling Service
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBPoll.exe
Comments : Patents Pending.
#:7 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4278243889
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278190857
Threads : 31
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : MTIHND.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\MTIHND.DLL)
#:9 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278295029
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : FOPWPP.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\FOPWPP.DLL)
#:10 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278281413
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278285001
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:12 [NAVAPW32.EXE]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4278356525
Threads : 7
Priority : Normal
FileVersion : 6.1.0.05
ProductVersion : 6.1.0.05
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © Symantec Corporation 1991-1999
OriginalFilename : NAVAPW32.DLL
#:13 [TGCMD.EXE]
FilePath : C:\PROGRAM FILES\SUPPORT.COM\BIN\
ProcessID : 4278378189
Threads : 5
Priority : Normal
FileVersion : 5,5,402,0
ProductVersion : 5,5,402,0
ProductName : Support.com Scheduler and Command Dispatcher
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
LegalCopyright : Copyright 1997-2069 Support.com
OriginalFilename : TGCMD.EXE
#:14 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278321877
Threads : 6
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:15 [VIEWMGR.EXE]
FilePath : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\
ProcessID : 4278348149
Threads : 2
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:16 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278400281
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:17 [HMXFRR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278400609
Threads : 2
Priority : Normal
#:18 [AIM.EXE]
FilePath : C:\PROGRAM FILES\AIM\
ProcessID : 4278470677
Threads : 11
Priority : Normal
FileVersion : 5.9.3797
ProductVersion : 5.9.3797
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:19 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278570017
Threads : 8
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:20 [SWDOCTOR.EXE]
FilePath : C:\PROGRAM FILES\SPYWARE DOCTOR\
ProcessID : 4278528509
Threads : 23
Priority : Normal
FileVersion : 3.8.0.1557
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2005. Distributed by PC Tools Research Pty Ltd
OriginalFilename : swdoctor.exe
#:21 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278625609
Threads : 3
Priority : Normal
#:22 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278638689
Threads : 3
Priority : Normal
#:23 [WKCALREM.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4278608765
Threads : 3
Priority : Normal
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:24 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278610445
Threads : 3
Priority : Normal
#:25 [IOWATCH.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4278666209
Threads : 2
Priority : Normal
FileVersion : 6, 1, 0, 0
ProductVersion : 6, 1, 0, 0
ProductName : IOWATCH
FileDescription : IOWATCH
InternalName : IOWATCH
LegalCopyright : 6.1, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IOWATCH.exe
#:26 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278761117
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:27 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4278820741
Threads : 2
Priority : Normal
FileVersion : 6, 1, 1, 1
ProductVersion : 6, 1, 1, 1
ProductName : Iomega Corp. IMGICON 6.1p
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
LegalCopyright : 6.1p, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IMGICON.exe
#:28 [GBMENU.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4278880577
Threads : 3
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Main Menu
InternalName : GoBack Main Menu
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBMenu.exe
Comments : Patents Pending.
#:29 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278786557
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:30 [IEXPLORE.EXE]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4279129489
Threads : 10
Priority : Normal
FileVersion : 6.00.2600.0000
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278878821
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Value : AppID
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller
FilePath : C:\WINDOWS\
ProcessID : 4278281413
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278285001
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:12 [NAVAPW32.EXE]
FilePath : C:\PROGRAM FILES\NORTON ANTIVIRUS\
ProcessID : 4278356525
Threads : 7
Priority : Normal
FileVersion : 6.1.0.05
ProductVersion : 6.1.0.05
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © Symantec Corporation 1991-1999
OriginalFilename : NAVAPW32.DLL
#:13 [TGCMD.EXE]
FilePath : C:\PROGRAM FILES\SUPPORT.COM\BIN\
ProcessID : 4278378189
Threads : 5
Priority : Normal
FileVersion : 5,5,402,0
ProductVersion : 5,5,402,0
ProductName : Support.com Scheduler and Command Dispatcher
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
LegalCopyright : Copyright 1997-2069 Support.com
OriginalFilename : TGCMD.EXE
#:14 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278321877
Threads : 6
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:15 [VIEWMGR.EXE]
FilePath : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\
ProcessID : 4278348149
Threads : 2
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:16 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278400281
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:17 [HMXFRR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278400609
Threads : 2
Priority : Normal
#:18 [AIM.EXE]
FilePath : C:\PROGRAM FILES\AIM\
ProcessID : 4278470677
Threads : 11
Priority : Normal
FileVersion : 5.9.3797
ProductVersion : 5.9.3797
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:19 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278570017
Threads : 8
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:20 [SWDOCTOR.EXE]
FilePath : C:\PROGRAM FILES\SPYWARE DOCTOR\
ProcessID : 4278528509
Threads : 23
Priority : Normal
FileVersion : 3.8.0.1557
ProductVersion : 3.6
ProductName : Spyware Doctor
CompanyName : PC Tools Research Pty Ltd
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2005. Distributed by PC Tools Research Pty Ltd
OriginalFilename : swdoctor.exe
#:21 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278625609
Threads : 3
Priority : Normal
#:22 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278638689
Threads : 3
Priority : Normal
#:23 [WKCALREM.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4278608765
Threads : 3
Priority : Normal
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:24 [XVPJR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278610445
Threads : 3
Priority : Normal
#:25 [IOWATCH.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4278666209
Threads : 2
Priority : Normal
FileVersion : 6, 1, 0, 0
ProductVersion : 6, 1, 0, 0
ProductName : IOWATCH
FileDescription : IOWATCH
InternalName : IOWATCH
LegalCopyright : 6.1, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IOWATCH.exe
#:26 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278761117
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:27 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4278820741
Threads : 2
Priority : Normal
FileVersion : 6, 1, 1, 1
ProductVersion : 6, 1, 1, 1
ProductName : Iomega Corp. IMGICON 6.1p
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
LegalCopyright : 6.1p, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IMGICON.exe
#:28 [GBMENU.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4278880577
Threads : 3
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Main Menu
InternalName : GoBack Main Menu
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBMenu.exe
Comments : Patents Pending.
#:29 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278786557
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:30 [IEXPLORE.EXE]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4279129489
Threads : 10
Priority : Normal
FileVersion : 6.00.2600.0000
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278878821
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}
FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Value : AppID
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent.1
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6c092742-10fe-4db2-988d-fc71948de70c}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7fa8976f-d00c-4e98-8729-a66569233fb5}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8be3faba-7468-4851-b97c-0750af2b908e}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zangohook.sabho
lexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment : "BrowserUpdateSched"
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.clientinstaller.1
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clientax.requiredcomponent.1
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6c092742-10fe-4db2-988d-fc71948de70c}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7fa8976f-d00c-4e98-8729-a66569233fb5}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8be3faba-7468-4851-b97c-0750af2b908e}
Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : zangohook.sabho
lexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Adware.ZenoSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment : "BrowserUpdateSched"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : BrowserUpdateSched
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 38
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (http://static.zangocash.com/cab/seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b550c9fbe341f06435b5679f367af25f7d532a4ca9c2ed59d9
dc488aec24dcc5a5ba1e1fb10f8e34f82eba6f77b8d60c7f73d695c54c:584e34bcf0567f47bece5
b5b666353a7)
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/seekmo/ie/...ece5b5b666353a7
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/seekmo/ie/...ece5b5b666353a7
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Value : Installer
Targetsaver Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "RUWO"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : RUWO
Targetsaver Object Recognized!
Type : File
Data : ruwom.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\common files\ruwo\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 42
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@atdmt[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:blandshaw@atdmt.com/
Expires : 4/27/11 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@questionmarket[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:blandshaw@questionmarket.com/
Expires : 6/8/06 10:47:22 AM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@doubleclick[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:blandshaw@doubleclick.net/
Expires : 4/27/09 8:27:06 PM
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@perf.overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@perf.overture.com/
Expires : 4/27/10 7:35:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@as1.falkag.de/
Expires : 4/29/06 7:19:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@realmedia[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:blandshaw@realmedia.com/
Expires : 12/31/20 7:59:58 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@2o7[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:blandshaw@2o7.net/
Expires : 4/27/11 7:35:48 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@zedo[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:blandshaw@zedo.com/
Expires : 4/25/16 7:35:08 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@maxserving[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@maxserving.com/
Expires : 4/25/16 8:26:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Object : software\microsoft\windows\currentversion\run
Value : BrowserUpdateSched
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 36
Objects found so far: 38
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (http://static.zangocash.com/cab/seekmo/ie/bridge-c18.cab?21595a55bcee9e87edbc49d34614c0b550c9fbe341f06435b5679f367af25f7d532a4ca9c2ed59d9
dc488aec24dcc5a5ba1e1fb10f8e34f82eba6f77b8d60c7f73d695c54c:584e34bcf0567f47bece5
b5b666353a7)
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/seekmo/ie/...ece5b5b666353a7
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/seekmo/ie/...ece5b5b666353a7
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
Value : Installer
Targetsaver Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "RUWO"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : RUWO
Targetsaver Object Recognized!
Type : File
Data : ruwom.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\program files\common files\ruwo\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 42
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@atdmt[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:blandshaw@atdmt.com/
Expires : 4/27/11 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@questionmarket[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:blandshaw@questionmarket.com/
Expires : 6/8/06 10:47:22 AM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@doubleclick[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:blandshaw@doubleclick.net/
Expires : 4/27/09 8:27:06 PM
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@perf.overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@perf.overture.com/
Expires : 4/27/10 7:35:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@as1.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@as1.falkag.de/
Expires : 4/29/06 7:19:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@realmedia[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:blandshaw@realmedia.com/
Expires : 12/31/20 7:59:58 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@2o7[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:blandshaw@2o7.net/
Expires : 4/27/11 7:35:48 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@zedo[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:blandshaw@zedo.com/
Expires : 4/25/16 7:35:08 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : blandshaw@maxserving[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:blandshaw@maxserving.com/
Expires : 4/25/16 8:26:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
This is what I have so far, the log is so big, I will use 2 pages to post it all, but hopefully this helps some...
thanks..
thanks..
Hi, DOB. See if you can get a bit of control with CCleaner and removing just a couple things at a time.
Please launch Ad-Aware SE and check for updates. Next click on the gear to access the Configuration Menu. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion". Then, please follow the steps listed below.
A. Download CCleaner from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html .
Instructions for using CCleaner:
That should work for you. If you still have problems, however, follow the instructions linked below and post a HijackThis log.
http://www.lavasoftsupport.com/index.php?s...=findpost&p=623
Please launch Ad-Aware SE and check for updates. Next click on the gear to access the Configuration Menu. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion". Then, please follow the steps listed below.
A. Download CCleaner from the link at the upper right of this page: http://www.filehippo.com/download_ccleaner.html .
Instructions for using CCleaner:
- Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
- A pop up box will appear advising this process will permanently delete files from your system.
- To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
- Then select the items you wish to clean up.
- In the Windows Tab:
- Clean all entries in the "Internet Explorer" section.
- Clean all the entries in the "Windows Explorer" section.
- Clean all entries in the "System" section.
- Clean all entries in the "Advanced" section.
- Clean any others that you choose.
- In the Applications Tab:
- Clean all in the Firefox/Mozilla section if you use it.
- Clean all in the Opera section if you use it.
- Clean Sun Java in the Internet Section.
- Clean any others that you choose.
- In the Windows Tab:
- Click the "Run Cleaner" button and it will scan and clean your system.
- Click exit.
- Shutdown/restart the computer.
- Launch Ad-Aware SE and run a Full Scan.
- When the scan has completed, select Next.
- In the Scanning Results window, select the "Scan Summary" tab.
- Check the box next to ONE "target family" you wish to remove.
- Click next, Click OK.
- Shutdown/restart.
That should work for you. If you still have problems, however, follow the instructions linked below and post a HijackThis log.
http://www.lavasoftsupport.com/index.php?s...=findpost&p=623
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.