Help - Search - Members - Calendar
Full Version: partypascall own topic: VirusBurst Problem
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
partypascall
Sep 28 2006, 10:31 AM
hi everyone,

i have the same problem as post #1 and i want to get rid of this adware here is my logfile for my ad-aware

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, 28 September 2006 12:37:36 p.m.
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R124 19.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DSSAgent(TAC index:8):1 total references
MRU List(TAC index:0):42 total references
Other(TAC index:5):1 total references
Tracking Cookie(TAC index:3):48 total references
Win32.Trojandownloader.Zlob(TAC index:10):5 total references
WinAntiVirusPro(TAC index:10):89 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


28-09-2006 12:37:36 p.m. - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\USER\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\USER\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\common\search\last query
Description : last query in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\office\10.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-160225841-1163644386-2469798093-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 552
ThreadCreationTime : 27-09-2006 11:59:42 p.m.
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 27-09-2006 11:59:44 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 27-09-2006 11:59:45 p.m.
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 27-09-2006 11:59:45 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 27-09-2006 11:59:45 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 848
ThreadCreationTime : 27-09-2006 11:59:46 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 928
ThreadCreationTime : 27-09-2006 11:59:47 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 968
ThreadCreationTime : 27-09-2006 11:59:47 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 27-09-2006 11:59:48 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1164
ThreadCreationTime : 27-09-2006 11:59:48 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1324
ThreadCreationTime : 27-09-2006 11:59:50 p.m.
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1484
ThreadCreationTime : 27-09-2006 11:59:51 p.m.
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1500
ThreadCreationTime : 27-09-2006 11:59:52 p.m.
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [rrpcsb.exe]
FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
ProcessID : 1560
ThreadCreationTime : 27-09-2006 11:59:52 p.m.
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:15 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1596
ThreadCreationTime : 27-09-2006 11:59:52 p.m.
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:16 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1704
ThreadCreationTime : 27-09-2006 11:59:52 p.m.
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1760
ThreadCreationTime : 27-09-2006 11:59:53 p.m.
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1872
ThreadCreationTime : 27-09-2006 11:59:54 p.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

WinAntiVirusPro Object Recognized!
Type : Process
Data : winpgi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 1, 2, 0
ProductVersion : 2, 0, 149, 0
ProductName : WinAntiVirus 2006 Pro
CompanyName : WinSoftware, Inc.
FileDescription : WinAntiVirus 2006 Pro Intermediate Layer
InternalName : winpgi.dll
LegalCopyright : © 2006 WinSoftware, Inc. All rights reserved.
OriginalFilename : winpgi.dll


#:19 [isamonitor.exe]
FilePath : C:\Program Files\WinMediaCodec\
ProcessID : 204
ThreadCreationTime : 27-09-2006 11:59:57 p.m.
BasePriority : Normal


#:20 [pmsngr.exe]
FilePath : C:\Program Files\WinMediaCodec\
ProcessID : 212
ThreadCreationTime : 27-09-2006 11:59:57 p.m.
BasePriority : Normal


Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : pmsngr.exe
TAC Rating : 10
Category : Malware
Comment : pmsngr.exe.dmp
Object : C:\Program Files\WinMediaCodec\


Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Program Files\WinMediaCodec\pmsngr.exe)

"C:\Program Files\WinMediaCodec\pmsngr.exe"Process terminated successfully
"C:\Program Files\WinMediaCodec\pmsngr.exe"Process terminated successfully

#:21 [pptd40nt.exe]
FilePath : C:\Program Files\ScanSoft\PaperPort\
ProcessID : 228
ThreadCreationTime : 27-09-2006 11:59:57 p.m.
BasePriority : Normal
FileVersion : 9.0
ProductVersion : 9.0
ProductName : PaperPort
CompanyName : ScanSoft, Inc.
FileDescription : PaperPort Print to Desktop for NT
InternalName : PPTD40NT
LegalCopyright : Copyright © 1993-2004 ScanSoft, Inc.
OriginalFilename : PPTD40NT.EXE

#:22 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 324
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal


#:23 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 348
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:24 [pmmon.exe]
FilePath : C:\Program Files\WinMediaCodec\
ProcessID : 356
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal


#:25 [isamini.exe]
FilePath : C:\Program Files\WinMediaCodec\
ProcessID : 364
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal


#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 368
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [winav.exe]
FilePath : C:\Program Files\WinAntiVirus Pro 2006\
ProcessID : 392
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal
FileVersion : 2,1,237,0
ProductVersion : 2,1,237,0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Inc.
FileDescription : WinAntiVirus Pro 2006
InternalName : WinAntiVirusPro2006.exe
LegalCopyright : © 2006 WinSoftware Inc. All rights reserved.
OriginalFilename : WinAntiVirusPro2006.exe

WinAntiVirusPro Object Recognized!
Type : Process
Data : WinAV.exe
TAC Rating : 10
Category : Malware
Comment : winav.exe.dmp
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 2,1,237,0
ProductVersion : 2,1,237,0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Inc.
FileDescription : WinAntiVirus Pro 2006
InternalName : WinAntiVirusPro2006.exe
LegalCopyright : © 2006 WinSoftware Inc. All rights reserved.
OriginalFilename : WinAntiVirusPro2006.exe

Warning! WinAntiVirusPro Object found in memory(C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe)

Warning! "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe"Process could not be terminated!

WinAntiVirusPro Object Recognized!
Type : Process
Data : avkernel.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 2, 0, 20, 1
ProductVersion : 2, 0, 143, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : avkernel.dll
InternalName : avkernel
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : avkernel.dll


WinAntiVirusPro Object Recognized!
Type : Process
Data : asmngr.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 0, 0
ProductVersion : 2, 0, 147, 0
ProductName : WinAntiVirus 2006 Pro
CompanyName : WinSoftware, Inc.
FileDescription : WinAntiVirus 2006 Pro Assistant
InternalName : AVAssistant
LegalCopyright : © 2006 WinSoftware, Inc. All rights reserved.
OriginalFilename : ASMngr.dll


WinAntiVirusPro Object Recognized!
Type : Process
Data : rpt.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\



#:28 [memoptimizer.exe]
FilePath : C:\Program Files\TuneUp Utilities 2004\
ProcessID : 400
ThreadCreationTime : 27-09-2006 11:59:58 p.m.
BasePriority : Normal
FileVersion : 1.0.0.193
ProductVersion : 4.0.0.0
ProductName : TuneUp Utilities
CompanyName : TuneUp Software GmbH
FileDescription : TuneUp MemOptimizer
LegalCopyright : © 1996-2003 TuneUp Software GmbH
LegalTrademarks : TuneUp Utilities

#:29 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 432
ThreadCreationTime : 28-09-2006
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 28-09-2006
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [pareto_as.exe]
FilePath : C:\Program Files\ParetoLogic\Anti-Spyware\
ProcessID : 448
ThreadCreationTime : 28-09-2006
BasePriority : Normal
FileVersion : 5, 0, 35, 2571
ProductVersion : 5.0.1.1
ProductName : Paretologic Anti-Spyware Module
CompanyName : ParetoLogic Inc.

#:32 [fwsvc.exe]
FilePath : C:\Program Files\WinAntiVirus Pro 2006\
ProcessID : 1000
ThreadCreationTime : 28-09-2006 12:00:07 a.m.
BasePriority : Normal
FileVersion : 1, 0, 12, 0
ProductVersion : 1, 0, 12, 0
ProductName : WinAntivirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : WinAntiVirus Pro 2006 Firewall service
InternalName : WFSvc.exe
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : WFSvc.exe

WinAntiVirusPro Object Recognized!
Type : Process
Data : FWSvc.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 12, 0
ProductVersion : 1, 0, 12, 0
ProductName : WinAntivirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : WinAntiVirus Pro 2006 Firewall service
InternalName : WFSvc.exe
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : WFSvc.exe

Warning! "C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe"Process could not be terminated!

WinAntiVirusPro Object Recognized!
Type : Process
Data : RulSrv.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 12, 0
ProductVersion : 1, 0, 12, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : WinAntiVirus Pro 2006 Firewall service
InternalName : RulSrv.dll
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : RulSrv.dll

Warning! "C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe"Process could not be terminated!

#:33 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3044
ThreadCreationTime : 28-09-2006 12:06:03 a.m.
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : isaddon.dll
TAC Rating : 10
Category : Malware
Comment : isaddon.dll.dmp
Object : C:\Program Files\WinMediaCodec\


Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Program Files\WinMediaCodec\isaddon.dll)


#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1744
ThreadCreationTime : 28-09-2006 12:32:04 a.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 51


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{367a86a5-d048-4785-86be-4e2706aafdd9}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
Value : AppID

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
Value : AppID

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b2a3156e-3332-4b47-af5a-5b121503514f}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
Value : AppID

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{367a86a5-d048-4785-86be-4e2706aafdd9}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9}

DSSAgent Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\broderbund software\dss

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 71


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 71


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:163
Value : Cookie:user@statcounter.com/
Expires : 27-09-2011 9:58:00 a.m.
LastSync : Hits:163
UseCount : 0
Hits : 163

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:176
Value : Cookie:user@serving-sys.com/
Expires : 1-01-2038 10:00:00 a.m.
LastSync : Hits:176
UseCount : 0
Hits : 176

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.rampidads[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@ads.rampidads.com/
Expires : 9-06-2006 9:57:32 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@estat.com/
Expires : 31-05-2016 9:29:46 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:22
Value : Cookie:user@trafficmp.com/
Expires : 2-06-2007 10:12:16 p.m.
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@qsrch[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@qsrch.com/
Expires : 4-07-2006 9:27:00 a.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:163
Value : Cookie:user@2o7.net/
Expires : 13-08-2011 7:58:30 p.m.
LastSync : Hits:163
UseCount : 0
Hits : 163

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@ads.revsci.net/adserver
Expires : 26-08-2038 10:10:38 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@adtech.de/
Expires : 31-05-2016 5:17:34 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@trafic[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@trafic.ro/
Expires : 12-01-2037 2:00:00 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@apmebf.com/
Expires : 2-06-2011 8:42:08 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@revenue[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:user@revenue.net/
Expires : 10-06-2022 5:05:42 p.m.
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@weborama.fr/
Expires : 2-06-2008 9:29:46 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@perf.overture.com/
Expires : 1-06-2010 9:08:04 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:73
Value : Cookie:user@tribalfusion.com/
Expires : 1-01-2038 12:00:00 p.m.
LastSync : Hits:73
UseCount : 0
Hits : 73

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:user@tripod.com/
Expires : 2-06-2007 10:02:52 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:161
Value : Cookie:user@questionmarket.com/
Expires : 18-11-2007 2:12:44 a.m.
LastSync : Hits:161
UseCount : 0
Hits : 161

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.tripod.lycos[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@ads.tripod.lycos.de/
Expires : 12-06-2006 12:00:40 p.m.
LastSync : Hits:4
UseCount : 0
Hits : 4

i will continue on my next post
partypascall
Sep 28 2006, 10:36 AM
this is the rest of my ad-aware logfile

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1460
Value : Cookie:user@casalemedia.com/
Expires : 17-09-2007 2:32:42 p.m.
LastSync : Hits:1460
UseCount : 0
Hits : 1460

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@inl.adbureau[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@inl.adbureau.net/
Expires : 11-05-2010 12:00:00 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:user@realmedia.com/
Expires : 1-01-2021 12:00:00 p.m.
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.tibaco[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@adserver.tibaco.nl/
Expires : 27-09-2007 3:13:32 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@bluestreak.com/
Expires : 1-06-2016 8:10:04 a.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@xml.bravenetmedianetwork[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:user@xml.bravenetmedianetwork.com/
Expires : 3-07-2006 9:13:50 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:user@overture.com/
Expires : 10-08-2016 10:22:06 a.m.
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:40
Value : Cookie:user@as-us.falkag.net/
Expires : 2-06-2007 8:20:44 p.m.
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:60
Value : Cookie:user@ads.pointroll.com/
Expires : 1-01-2010 12:00:00 p.m.
LastSync : Hits:60
UseCount : 0
Hits : 60

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:user@maxserving.com/
Expires : 26-08-2016 5:32:18 p.m.
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:user@stat.onestat.com/
Expires : 5-08-2016 11:00:00 a.m.
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:25
Value : Cookie:user@tradedoubler.com/
Expires : 11-09-2026 10:04:32 a.m.
LastSync : Hits:25
UseCount : 0
Hits : 25

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:user@bs.serving-sys.com/
Expires : 1-01-2038 10:00:00 a.m.
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@landing.domainsponsor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:user@landing.domainsponsor.com/
Expires : 2-06-2008 9:32:52 p.m.
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@zedo.com/
Expires : 2-06-2007 10:02:24 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:user@bravenet.com/
Expires : 31-05-2016 6:04:02 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:user@as1.falkag.de/
Expires : 15-08-2006 5:34:40 p.m.
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@partners.webmasterplan[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@partners.webmasterplan.com/
Expires : 26-09-2016 10:00:00 a.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:user@citi.bridgetrack.com/
Expires : 21-07-2007 4:00:00 p.m.
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.adremedy[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@adserver.adremedy.com/
Expires : 23-09-2016 6:33:46 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@qksrv[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:user@qksrv.net/
Expires : 2-06-2011 8:42:14 p.m.
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:user@valuead.com/
Expires : 1-01-2021 12:00:00 p.m.
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:user@server.iad.liveperson.net/
Expires : 3-06-2007 6:20:40 p.m.
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@www.cibleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@www.cibleclick.com/
Expires : 11-07-2006 2:14:10 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@pro-market[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:user@pro-market.net/
Expires : 1-06-2030 12:00:00 p.m.
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@clickbank[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:user@clickbank.net/
Expires : 27-03-2007 10:34:02 a.m.
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@engage.everyone[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@engage.everyone.net/
Expires : 29-02-2008 12:00:00 p.m.
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@edge.ru4.com/
Expires : 3-09-2036 7:07:08 p.m.
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:user@ads.addynamix.com/
Expires : 28-09-2006 8:45:40 p.m.
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adserver.adreactor[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:user@adserver.adreactor.com/
Expires : 29-08-2007 5:38:54 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 48
Objects found so far: 119



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinAntiVirusPro Object Recognized!
Type : File
Data : B23E4567d01
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\yskvs47t.default\Cache\



WinAntiVirusPro Object Recognized!
Type : File
Data : WinAntiVirusPro2006FreeInstall.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\USER\Desktop\



WinAntiVirusPro Object Recognized!
Type : File
Data : asmngr.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 0, 0
ProductVersion : 2, 0, 147, 0
ProductName : WinAntiVirus 2006 Pro
CompanyName : WinSoftware, Inc.
FileDescription : WinAntiVirus 2006 Pro Assistant
InternalName : AVAssistant
LegalCopyright : © 2006 WinSoftware, Inc. All rights reserved.
OriginalFilename : ASMngr.dll


WinAntiVirusPro Object Recognized!
Type : File
Data : avkernel.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 2, 0, 20, 1
ProductVersion : 2, 0, 143, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : avkernel.dll
InternalName : avkernel
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : avkernel.dll


WinAntiVirusPro Object Recognized!
Type : File
Data : CompWiz.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 0, 1, 24, 0
ProductVersion : 0, 1, 24, 0
ProductName : Companion Wizard
CompanyName : WinSoftware
FileDescription : Companion Wizard
InternalName : CompanionWizard.exe
LegalCopyright : © WinSoftware. All rights reserved.
OriginalFilename : CompanionWizard.exe


WinAntiVirusPro Object Recognized!
Type : File
Data : fat.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\



WinAntiVirusPro Object Recognized!
Type : File
Data : fopn.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 0.1.28.0
ProductVersion : 0.1.28.0
ProductName : FOPN.SYS
CompanyName : WinSofrware, Ltd.
FileDescription : File System Filter Driver
InternalName : FOPN
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : FOPN.SYS


WinAntiVirusPro Object Recognized!
Type : File
Data : FWSvc.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 12, 0
ProductVersion : 1, 0, 12, 0
ProductName : WinAntivirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : WinAntiVirus Pro 2006 Firewall service
InternalName : WFSvc.exe
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : WFSvc.exe


WinAntiVirusPro Object Recognized!
Type : File
Data : install.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 10, 0
ProductVersion : 1, 0, 10, 0
ProductName : Install Application
CompanyName : WinSoftware, Ltd.
FileDescription : Install Application
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : Install.exe


WinAntiVirusPro Object Recognized!
Type : File
Data : rpt.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\



WinAntiVirusPro Object Recognized!
Type : File
Data : RulSrv.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1, 0, 12, 0
ProductVersion : 1, 0, 12, 0
ProductName : WinAntiVirus Pro 2006
CompanyName : WinSoftware, Ltd.
FileDescription : WinAntiVirus Pro 2006 Firewall service
InternalName : RulSrv.dll
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : RulSrv.dll


WinAntiVirusPro Object Recognized!
Type : File
Data : Updater.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1.2.60.0
ProductVersion : 1.2.60.0
CompanyName : WinSoftware
FileDescription : Updater
InternalName : Updater
LegalCopyright : © 2004, 2005 WinSoftware, Ltd. All rights reserved.


WinAntiVirusPro Object Recognized!
Type : File
Data : VAExt.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\WinAntiVirus Pro 2006\
FileVersion : 1,0,5,0
ProductVersion : 1,0,5,0
ProductName : WinAntiVirus Pro Pro
FileDescription : WinAntiVirus Pro 2006
InternalName : VAExt.exe
LegalCopyright : Copyright © 2005 WinSoftware, Ltd. All rights reserved.
OriginalFilename : VAExt.exe


WinAntiVirusPro Object Recognized!
Type : File
Data : FOPN.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\
FileVersion : 0.1.28.0
ProductVersion : 0.1.28.0
ProductName : FOPN.SYS
CompanyName : WinSofrware, Ltd.
FileDescription : File System Filter Driver
InternalName : FOPN
LegalCopyright : © 2005 WinSoftware. All rights reserved.
OriginalFilename : FOPN.SYS


WinAntiVirusPro Object Recognized!
Type : File
Data : vspf5.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\
FileVersion : 1.0.62.4
ProductVersion : 1.0.62.4
ProductName : WinAntiVirus 2006 Pro
CompanyName : WinSoftware, Inc.
LegalCopyright : Copyright © 2006 WinSoftware, Inc
OriginalFilename : vspf.sys


WinAntiVirusPro Object Recognized!
Type : File
Data : vspf_hk5.sys
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\drivers\
FileVersion : 1.0.62.4
ProductVersion : 1.0.62.4
ProductName : WinAntiVirus 2006 Pro
CompanyName : WinSoftware, Inc.
LegalCopyright : Copyright © 2006 WinSoftware, Inc
OriginalFilename : vspf_hk.sys


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 135


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 135




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : antiviruscom.avofficeprotect

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : antiviruscom.avofficeprotect.1

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avexplorer.shellextension

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avexplorer.shellextension.2

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iefwbho.iefw

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iefwbho.iefw.2

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wap6.pcheck

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wap6.pcheck.1

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winpgintegrator.ieintegrator

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winpgintegrator.ieintegrator.1

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : Active

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : BlockDomainOnPopups

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : BlockDomainPopupLimit

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : StartBlockOnTimedPopups

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : TimedPopupLimit

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : NormalizeAddMenuAndToolbar

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : NormalizeFitToDesktop

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : NormalizeAddBorders

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : NormalizeOpenedPopups

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : AllowPopupClickType

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : StoreHistory

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : IEPage

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\winantivirus pro 2006
Value : MozillaPage

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : Inno Setup: App Path

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : InstallLocation

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : Inno Setup: Icon Group

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : Inno Setup: User

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : DisplayName

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : UninstallString

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : QuietUninstallString

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : Publisher

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : URLInfoAbout

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : HelpLink

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : URLUpdateInfo

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : NoModify

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wa6p_is1
Value : NoRepair

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winantivirus pro 2006

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winantivirus pro 2006
Value : ProductCode

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winantivirus pro 2006
Value : InstallPath

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winantivirus pro 2006
Value : Abbr

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winantivirus pro 2006
Value : ActivationCode

WinAntiVirusPro Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll

WinAntiVirusPro Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : WinAntiVirusPro
Object : C:\Program Files\Common Files\WinAntiVirus Pro 2006

WinAntiVirusPro Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : WinAntiVirusPro
Object : C:\Program Files\WinAntiVirus Pro 2006

WinAntiVirusPro Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : WinAntiVirusPro
Object : C:\Documents and Settings\USER\Application Data\WinAntiVirus Pro 2006

WinAntiVirusPro Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : WinAntiVirusPro
Object : C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiVirus Pro 2006

WinAntiVirusPro Object Recognized!
Type : File
Data : WinAntiVirus Pro 2006.lnk
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\All Users\Desktop\



Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vsenchancer.chl

Other Object Recognized!
Type : File
Data : VAEXT.EXE-335FBDDE.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 51
Objects found so far: 186

12:50:01 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:24.906
Objects scanned:171357
Objects identified:139
Objects ignored:0
New critical objects:139

and this is my hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 9:19:09 p.m., on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinMediaCodec\isamonitor.exe
C:\Program Files\WinMediaCodec\pmsngr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
C:\Program Files\WinMediaCodec\isamini.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\WinMediaCodec\pmmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vlc.ac.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vlc.ac.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\WinMediaCodec\isaddon.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\WinMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6281061-E8BA-4F9B-80FB-05B779081268}: NameServer = 203.96.152.4 203.96.152.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
LS CalamityJane
Oct 4 2006, 10:53 PM
Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

If you still need help, please follow these steps

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Fresh HijackThis log
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.