Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)  
Forum Quick Jump
 
New Topic Post reply to : Help! Can't delete TROJ_IMISERV.C (A0051166.CPY) Printable version of : Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
[ << Previous Thread | Next Thread >> ]

Q-BA
New Member


Date Joined Oct 2004
Total Posts : 2
  		   Posted 11-1-2004 12:08 (GMT +1)    Quote: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)Alert an admin about: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
I'm having trouble trying to delete this virus called TROJ_IMISERV.C (A0051166.CPY).
 
Can someone please help me!
 
Here's my Ad-Aware logfile:
 
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, October 31, 2004 5:02:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R16 28.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):3 total references
BargainBuddy(TAC index:8):8 total references
BlazeFind(TAC index:5):10 total references
BookedSpace(TAC index:10):5 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
EzuLa(TAC index:6):1 total references
ImIServer IEPlugin(TAC index:5):2 total references
MRU List(TAC index:0):14 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):9 total references
Roings(TAC index:5):4 total references
SpyDeleter(TAC index:5):8 total references
Tracking Cookie(TAC index:3):82 total references
WinAD(TAC index:7):1 total references
WindUpdates(TAC index:8):20 total references
VX2(TAC index:10):75 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-31-2004 5:02:09 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293868925
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294932105
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294956361
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294955781
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294960021
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294844821
Threads : 4
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:7 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294872189
Threads : 13
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:8 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294839877
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:9 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294887105
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:10 [WINCOMM.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294801065
Threads : 4
Priority : Normal


WindUpdates Object Recognized!
Type : Process
Data : WINCOMM.EXE
Category : Data Miner
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WIN COMM\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE)
"C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE"Process terminated successfully
#:11 [VXMHKYEJ.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294799309
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe
BookedSpace Object Recognized!
Type : Process
Data : VXMHKYEJ.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe
Warning! BookedSpace Object found in memory(C:\WINDOWS\SYSTEM\VXMHKYEJ.EXE)
"C:\WINDOWS\SYSTEM\VXMHKYEJ.EXE"Process terminated successfully
#:12 [REALSCHED.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294771389
Threads : 2
Priority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:13 [WINLOCK.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294827929
Threads : 2
Priority : Normal


WindUpdates Object Recognized!
Type : Process
Data : WINLOCK.EXE
Category : Data Miner
Comment : full-search IE hijacker
Object : C:\PROGRAM FILES\WIN COMM\


Warning! WindUpdates Object found in memory(C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE)
"C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE"Process terminated successfully
#:14 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294831669
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:15 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294891137
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:16 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294737553
Threads : 6
Priority : Realtime
FileVersion : 4.07.01.3000
ProductVersion : 4.07.01.3000
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2000
OriginalFilename : DDHelp.exe
#:17 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294640145
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server
#:18 [IEXPLORE.EXE]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4294663037
Threads : 16
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : IEXPLORE.EXE
#:19 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294571373
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 17


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
Value :
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows syncroad
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows syncroad
Value : UninstallString
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows syncroad
Value : DisplayName
SpyDeleter Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : ButtonText
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : clsid
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : Default Visible
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : Exec
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : HotIcon
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fb74c951-aca1-4e33-a94c-a9261eb2ccb7}
Value : Icon
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : multimppdll.multimppdllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : multimppdll.multimppdllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec}
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{002eb272-2590-4693-b166-fbd5d9b6fea6}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{002eb272-2590-4693-b166-fbd5d9b6fea6}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{002eb272-2590-4693-b166-fbd5d9b6fea6}
Other Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Win Server Updt"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Server Updt
Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\intexp
Value : Date
SpyDeleter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7}
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "LastUpdate"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
Value : LastUpdate
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 37
Objects found so far: 54


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id="
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "wmhztb"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : wmhztb
VX2 Object Recognized!
Type : File
Data : vxmhkyej.exe
Category : Malware
Comment :
Object : c:\windows\system\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 63


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@specificclick.net/
Expires : 10-28-2014 9:52:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@gator[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:default@gator.com/
Expires : 12-29-2004 10:22:04 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:default@realmedia.com/
Expires : 12-31-2010 6:59:58 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@centrport.net/
Expires : 12-31-2029 7:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@a.as-us.falkag[1].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:default@a.as-us.falkag.net/
Expires : 10-31-2005 9:29:46 AM
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:default@zedo.com/
Expires : 10-28-2014 10:21:52 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@valueclick.com/
Expires : 10-21-2029 7:59:52 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[3].txt
Category : Data Miner
Comment : Hits:32
Value : Cookie:default@servedby.advertising.com/
Expires : 11-30-2004 11:41:38 AM
LastSync : Hits:32
UseCount : 0
Hits : 32
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:default@edge.ru4.com/
Expires : 12-30-2004 2:03:50 PM
LastSync : Hits:14
UseCount : 0
Hits : 14
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:default@mediaplex.com/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[3].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:default@2o7.net/
Expires : 10-30-2009 2:02:52 PM
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:default@atdmt.com/
Expires : 10-26-2009 7:00:00 PM
LastSync : Hits:20
UseCount : 0
Hits : 20
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@statcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@statcounter.com/
Expires : 10-30-2009 4:05:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@maxserving[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@maxserving.com/
Expires : 10-29-2014 9:57:38 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@clickagents[1].txt
Category : Data Miner
Comment : Hits:41
Value : Cookie:default@clickagents.com/
Expires : 10-25-2029 4:30:54 PM
LastSync : Hits:41
UseCount : 0
Hits : 41
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@data.coremetrics[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@data.coremetrics.com/
Expires : 10-28-2019 5:16:16 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@bluestreak.com/
Expires : 10-29-2014 6:41:36 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hotlog[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@hotlog.ru/
Expires : 10-27-2005 3:19:14 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[3].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:default@fastclick.net/
Expires : 10-18-2006 6:25:46 PM
LastSync : Hits:40
UseCount : 0
Hits : 40
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[3].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:default@casalemedia.com/
Expires : 10-22-2005 11:21:16 AM
LastSync : Hits:28
UseCount : 0
Hits : 28
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-foxsports.hitbox[2].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:default@ehg-foxsports.hitbox.com/
Expires : 10-27-2005 9:30:22 PM
LastSync : Hits:23
UseCount : 0
Hits : 23
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[3].txt
Category : Data Miner
Comment : Hits:70
Value : Cookie:default@z1.adserver.com/
Expires : 10-31-2005 2:05:22 PM
LastSync : Hits:70
UseCount : 0
Hits : 70
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@tripod.com/
Expires : 10-30-2005 9:52:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[3].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:default@trafficmp.com/
Expires : 10-27-2005 8:10:42 PM
LastSync : Hits:26
UseCount : 0
Hits : 26
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@partners.webmasterplan.com/
Expires : 11-29-2004 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[3].txt
Category : Data Miner
Comment : Hits:45
Value : Cookie:default@advertising.com/
Expires : 10-30-2009 11:15:12 AM
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-mtv.hitbox[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:default@ehg-mtv.hitbox.com/
Expires : 10-31-2005 2:02:58 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:default@doubleclick.net/
Expires : 12-31-2030 6:59:58 PM
LastSync : Hits:20
UseCount : 0
Hits : 20
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment : Hits:62
Value : Cookie:default@hitbox.com/
Expires : 10-31-2005 2:02:58 PM
LastSync : Hits:62
UseCount : 0
Hits : 62
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@valueclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@fastclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@edge.ru4[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@servedby.advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@clickagents[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@clickagents[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\default@trafficmp[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 41
Objects found so far: 104




Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : File
Data : A0055092.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
ProductName : multimpp
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
LegalCopyright : Copyright © 2003
OriginalFilename : multimpp.dll
Comments : www.multimpp.com


VX2 Object Recognized!
Type : File
Data : A0055096.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\


Object "W0054738.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS277.CAB
Category : Malware
Comment : Object "W0054738.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\


Object "A0048636.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS296.CAB
Category : Malware
Comment : Object "A0048636.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\


Object "A0049574.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS297.CAB
Category : Malware
Comment : Object "A0049574.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\


Object "A0049578.CPY" found in this archive.
VX2 Object Recognized!
Type : File
Data : FS297.CAB
Category : Malware
Comment : Object "A0049578.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\


Object "A0051166.CPY" found in this archive.
ImIServer IEPlugin Object Recognized!
Type : File
Data : FS311.CAB
Category : Data Miner
Comment : Object "A0051166.CPY" found in this archive.
Object : c:\_RESTORE\ARCHIVE\




WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\




VX2 Object Recognized!
Type : File
Data : localNrd.cab
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI5A10.TMP\




VX2 Object Recognized!
Type : File
Data : localNRD.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI5A10.TMP\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : preInsln.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\TEMP\THI5A10.TMP\




VX2 Object Recognized!
Type : File
Data : polall1l.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI5A10.TMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe


VX2 Object Recognized!
Type : File
Data : conscorr.cab
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\




VX2 Object Recognized!
Type : File
Data : conscorr.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 0, 3, 1, 3
ProductVersion : 0, 3, 1, 3
CompanyName : ConsCorr
FileDescription : www.conscorr.com
LegalCopyright : Copyright © 2002


VX2 Object Recognized!
Type : File
Data : ln_reco.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


VX2 Object Recognized!
Type : File
Data : randreco.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
Object "multimpp.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "multimpp.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI1499.TMP\


Object "preInMPP.exe" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "preInMPP.exe" found in this archive.
Object : c:\WINDOWS\TEMP\THI1499.TMP\




VX2 Object Recognized!
Type : File
Data : multimpp.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI1499.TMP\
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
ProductName : multimpp
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
LegalCopyright : Copyright © 2003
OriginalFilename : multimpp.dll
Comments : www.multimpp.com


VX2 Object Recognized!
Type : File
Data : preInMPP.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI1499.TMP\


Object "multimpp.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "multimpp.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI4D61.TMP\


Object "preInMPP.exe" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "preInMPP.exe" found in this archive.
Object : c:\WINDOWS\TEMP\THI4D61.TMP\




VX2 Object Recognized!
Type : File
Data : multimpp.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI4D61.TMP\
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
ProductName : multimpp
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
LegalCopyright : Copyright © 2003
OriginalFilename : multimpp.dll
Comments : www.multimpp.com


VX2 Object Recognized!
Type : File
Data : preInMPP.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI4D61.TMP\


Object "multimpp.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "multimpp.dll" found in this archive.
Object : c:\WINDOWS\TEMP\THI36BC.TMP\


Object "preInMPP.exe" found in this archive.
VX2 Object Recognized!
Type : File
Data : multimpp.cab
Category : Malware
Comment : Object "preInMPP.exe" found in this archive.
Object : c:\WINDOWS\TEMP\THI36BC.TMP\




VX2 Object Recognized!
Type : File
Data : multimpp.dll
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI36BC.TMP\
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
ProductName : multimpp
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
LegalCopyright : Copyright © 2003
OriginalFilename : multimpp.dll
Comments : www.multimpp.com


VX2 Object Recognized!
Type : File
Data : preInMPP.exe
Category : Malware
Comment :
Object : c:\WINDOWS\TEMP\THI36BC.TMP\




VX2 Object Recognized!
Type : File
Data : thnall1l[1].exe
Category : Malware
Comment :
Object : c:\WINDOWS\Temporary Internet Files\Content.IE5\WHU8DFXE\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@valueclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hotlog[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@hotlog[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-foxsports.hitbox[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ehg-foxsports.hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@realmedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@realmedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@data.coremetrics[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@data.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@fastclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@edge.ru4[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@servedby.advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@clickagents[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@clickagents[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@casalemedia[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tripod[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@tripod[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@partners.webmasterplan[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@partners.webmasterplan[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@trafficmp[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@gator[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@gator[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@specificclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@specificclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@zedo[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@a.as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@a.as-us.falkag[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@edge.ru4[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@clickagents[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@clickagents[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@maxserving[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@maxserving[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@fastclick[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@trafficmp[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@trafficmp[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@2o7[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bluestreak[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@advertising[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@servedby.advertising[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@valueclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-mtv.hitbox[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@ehg-mtv.hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[3].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@casalemedia[3].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@statcounter[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@statcounter[1].txt
VX2 Object Recognized!
Type : File
Data : LOCALNRD.DLL
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com


Elitum.ElitebarBHO Object Recognized!
Type : File
Data : PREINSLN.EXE
Category : Data Miner
Comment :
Object : c:\WINDOWS\




VX2 Object Recognized!
Type : File
Data : PREINMPP.EXE
Category : Malware
Comment :
Object : c:\WINDOWS\




EzuLa Object Recognized!
Type : File
Data : woinstall.exe
Category : Data Miner
Comment :
Object : c:\WINDOWS\




BlazeFind Object Recognized!
Type : File
Data : Key2.txt
Category : Malware
Comment :
Object : c:\WINDOWS\




BlazeFind Object Recognized!
Type : File
Data : UnstSA2.exe
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.


180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : c:\temp\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


VX2 Object Recognized!
Type : File
Data : lc.exe
Category : Malware
Comment :
Object : c:\temp\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 182
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CarsDirect.com -- America's #1 way to buy cars online!.url
Category : Misc
Comment : Problematic URL discovered: http://www.carsdirect.com/used_cars/listings/vehicle_detail_prem?listing_id=10950523&search=e605d218100b8807cadf3bc3d2a8ed59-130473445-10950523-dealer_referral_vehicle&zipcode=30214
Object : C:\WINDOWS\Favorites\






Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CarsDirect.com -- America's #1 way to buy cars online!1.url
Category : Misc
Comment : Problematic URL discovered: http://www.carsdirect.com/used_cars/listings/vehicle_detail_prem?zipcode=30214&listing_id=10959680&rvlid=84370
Object : C:\WINDOWS\Favorites\






Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
Value : param
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
Value : DownloadPath
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
Value : Language
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\win comm
Value : SoftwareTable
WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\win comm
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\win comm
Value : UninstallString
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\win comm
Value : DisplayName
WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Win Comm
WindUpdates Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Win Comm
WindUpdates Object Recognized!
Type : File
Data : WinLock.exe
Category : Data Miner
Comment :
Object : C:\Program Files\win comm\




WindUpdates Object Recognized!
Type : File
Data : WinDat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\win comm\




WindUpdates Object Recognized!
Type : File
Data : Info.txt
Category : Data Miner
Comment :
Object : C:\Program Files\win comm\




WindUpdates Object Recognized!
Type : File
Data : WinComm.exe
Category : Data Miner
Comment :
Object : C:\Program Files\win comm\




BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\media
Value : data
180Solutions Object Recognized!
Type : File
Data : didduid.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\




BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : DisplayName
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : UninstallString
BlazeFind Object Recognized!
Type : File
Data : ActiveX.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\




VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3d4OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC3n4trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3d4OfSDist
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3o4pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3n4ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3n4ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3n4ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC3n4trSEvnt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC3S4Insur
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MML3a4stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MM3C4ntrSTransac
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC3u4rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC3n4tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMM3o4deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3h4rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3h4rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3h4rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3h4rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMI3g4noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMs3t4icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMs3t4icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMs3t4i5cky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMs3t4icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MM3N4a5tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMD3s4tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMD3s4tSCHost
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMD3s4tSCPath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MML3a4stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMS3t4atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMC1o3d4eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\multimpp
Value : MMT3i4m5eOfSFinalAd
VX2 Object Recognized!
Type : File
Data : dummy.htm
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\




VX2 Object Recognized!
Type : File
Data : LOCALNRD.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\




Roings Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date
Roings Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version
ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\




Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 61
Objects found so far: 245
5:14:33 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:24.510
Objects scanned:61663
Objects identified:232
Objects ignored:0
New critical objects:232
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14295
  		   Posted 11-1-2004 6:01 (GMT +1)    Quote: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)Alert an admin about: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
Heycool
If you still have it:
Download Hijackthis
http://www.download.com/3001-8022_4-10307556.html?idl=n
Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT. Scan, scan button change to-save log. Post log here: http://www.bullguard.com/forum/10/
as- New Topic;-)

Touch
Back to Top
 

Q-BA
New Member


Date Joined Oct 2004
Total Posts : 2
  		   Posted 11-8-2004 3:38 (GMT +1)    Quote: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)Alert an admin about: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
Hey Touch, thanx for all da help, but my computer was giving me a BIG headache, so I just re-installed the whole operating system, but I think I got another little problemmad, so here's my HijackThis Log, I would appreciate it if you could tell me what to delete.  Thanx again.rolleyes
Logfile of HijackThis v1.97.7
Scan saved at 9:38:36 PM, on 11/7/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=ff3132c1f1165ed87c5eb83386157f48ff902b60e6761397d62d367e7e25fc73023f21ef98dd5d11facc77917e4b6421e4b1f7feb4:b26d5d59881e3d3ce8ab2292e6aa4d79
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB


Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14295
  		   Posted 11-8-2004 9:49 (GMT +1)    Quote: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)Alert an admin about: Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
Ok;-)
 
Scan with Hijacktis, close all other windows, put a checkmark to these, and fix:
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=ff3132c1f1165ed87c5eb83386157f48ff902b60e6761397d62d367e7e25fc73023f21ef98dd5d11facc77917e4b6421e4b1f7feb4:b26d5d59881e3d3ce8ab2292e6aa4d79
 

Show hidden files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339?Open&src=ent&docid=2002092514302348&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=
 
Reboot into Safe Mode (hit F8 key until menu shows up).
Find and delete:
C:\WINDOWS\System32\msbe.dll
 
Reboot.
Install these for safer surfing:
http://www.javacoolsoftware.com/spywareblaster.html
http://www.javacoolsoftware.com/spywareguard.html
https://netfiles.uiuc.edu/ehowes/www/resource.htm
http://www.unhsolutions.net/IEPK/index.shtml
 
 
I suggest you install these and update/run them  at least thre times a week:

Download Spybot Search and Destroy here : http://www.safer-networking.org/index.php?page=mirrors if it is not already installed on your computer
Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red
Adware: http://fileforum.betanews.com/detail/965718306/1
Perform full System Scan.
 
Update XP: Check for updates for Windows and Internet Explorer every week or so. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available"

http://windowsupdate.microsoft.com/
 

Touch
Back to Top
 
New Topic Post reply to : Help! Can't delete TROJ_IMISERV.C (A0051166.CPY) Printable version of : Help! Can't delete TROJ_IMISERV.C (A0051166.CPY)
 
Forum Information
Currently it is Tuesday, January 06, 2009 4:02 PM (GMT +1)
There are a total of 65.870 posts in 16.165 threads.
In the last 3 days there were 21 new threads and 93 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
51 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cannot remove malware (6)06-01-2009 14:30:24 (phill)
Error message (1)06-01-2009 14:23:27 (Touch)
Virus stopping AVG and spybot from running (7)06-01-2009 14:17:45 (Touch)
Have I a machine infection? (9)06-01-2009 14:14:36 (Touch)
How to restore missing control panel and properties (1)06-01-2009 14:07:24 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard