Vx2.better internet - can't get rid of this

Discussion in 'adware, spyware & hijack cleaning' started by emosty, Dec 19, 2003.

Thread Status:
Not open for further replies.
  1. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Hi there, I recently got a bunch of junk trying to download some free software from download.com. I have run Ad-Aware, Spybot S&D, and HijackThis, and was able to remove everything but Vx2.Better Internet, which only shows up in an Ad-Aware scan. However, after I quarantine it, it is still there on reboot. Any ideas? If it is helpful, go to this link in another forum so you can see what others have tried so far:

    http://www.spywareinfoforum.com/index.php?showtopic=22366&st=15

    Here's the Ad-Aware log (I didn't post the clean stuff):


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Thursday, December 18, 2003 3:02:50 PM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R217 08.09.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    12-18-2003 3:02:50 PM - Scan started. (Smart mode)




    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\InprocServer32


    VX2.BetterInternet Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 3


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 3


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 3


    3:08:06 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:05:15:650
    Objects scanned :29057
    Objects identified :3
    Objects ignored :0
    New objects :3
     
  2. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Just realized Tony is a moderator here... If you view the link -- I can't post on the Ad-Aware support forum for some reason!!!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    And you won't get better help then Tony's anywhere. :)
    So it would only seem logical to continue in the thread at SpywareInfo.

    Regards,

    Pieter
     
  4. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    I don't doubt it. I'm trying to follow his advice on posting at Lavasoft support, but after a day and a half I'm still not allowed to post.

    Going to keep trying...

    Thanks
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    I'll ask if they can look into that.

    Regards,

    Pieter
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Oops, just noticed. The first thing they will tell you to do is to get the latest updates. 01R239 as opposed to your 01R217

    Regards,

    Pieter
     
  7. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Yeah, I tried to update by saving to disk, but my computer doesn't recognize the extension .ref, so it won't open. Do you have any suggestions?
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    Is the WebUpdate not working for you?

    Then close AdAware, then please rightclick this link: http://www.lavasoft.de/update/refs/reflist.zip and save the file to the C:\Program Files\Lavasoft folder (that is the default location, yours could be different) and let it overwrite the old file.

    Then start AdAware and it should show that it has loaded the new Reffile.

    HTH,

    Pieter
     
  9. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    No, I'm at work so the system in question is not online. I have the update saved on a floppy... can I get it from that? Otherwise, I'll just have to wait until next week when I get home.
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    You can use the one from floppy as well. No problem. As long as you replace the old reflist.ref with the new one and then open AdAware, you should be fine.

    I noticed you were online at the Lavasoft forums?

    Regards,

    Pieter
     
  11. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Great, thanks. Yes, I'm logged in on the Lavasoft forum, but can't post. I have installed the update, and am rescanning now. Then I'll try to post again.

    Actually, this updated version is finding a lot more stuff. uh oh.
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hey, as long as it gets rid of it, that's a good sign. ;)

    Pieter
     
  13. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Alright, should I post this new log here or should I keep it all straight and revisit my SpywareInfo thread? I have a question about one of the objects it's pulling up.
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    Your choice. I'll be happy to have a look and I have asked someone from Lavasoft to have a look at this thread. Mainly to help you with the posting problem there, but I'm sure they will have some thoughts on your log as well.

    Regards,

    Pieter
     
  15. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Thanks so much. I haven't tried to post on Lavasoft since the update, so I suppose that could have been the problem. Here is the log I haven't quarantined because I wanted to make sure this Win32.key... was something to get rid of.


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Friday, December 19, 2003 10:14:18 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R239 18.12.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    12-19-2003 10:14:18 AM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293913573
    Threads : 4
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294958197
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294912773
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:4 [rtvscn95.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294925461
    Threads : 35
    Priority : Normal
    FileSize : 572 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright (C) Symantec Corporation 1991-2003
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    ProductName : Symantec AntiVirus
    Created on : 05/21/2003 7:29:40 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 05/21/2003 7:29:40 AM

    #:5 [defwatch.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294876341
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    OriginalFilename : DefWatch.exe
    ProductName : Norton AntiVirus
    Created on : 05/21/2003 7:22:36 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 05/21/2003 7:22:36 AM

    #:6 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294893381
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294844001
    Threads : 19
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:8 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294775345
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:9 [gwhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294750017
    Threads : 1
    Priority : Normal
    FileSize : 55 KB
    FileVersion : 5, 7, 0, 2
    ProductVersion : 5.7
    Copyright : Copyright
    CompanyName : BillP Studios
    FileDescription : Multi-function Keyboard By Bill Pytlovany
    ProductName : Gateway Multi-function Keyboard Utility
    Created on : 05/02/2001 3:40:13 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 10/19/1999 2:21:36 PM

    #:10 [9x8start.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294752345
    Threads : 1
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 4.05.1139.3140
    ProductVersion : 4.05.1139.3140
    Copyright : Copyright
    CompanyName : Creative Technology, Ltd.
    FileDescription : This program launches the mixer and configurator.
    InternalName : 9x8start
    OriginalFilename : 9x8start.exe
    ProductName : 9x8start
    Created on : 05/02/2001 3:33:44 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 07/12/1999 9:14:58 PM

    #:11 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294751725
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 05/19/2001 5:13:00 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:12 [vptray.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294764569
    Threads : 2
    Priority : Normal
    FileSize : 88 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright (C) Symantec Corporation 1991-2003
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    ProductName : Symantec AntiVirus
    Created on : 05/21/2003 7:21:18 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 05/21/2003 7:21:18 AM

    #:13 [psfree.exe]
    FilePath : C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\
    ProcessID : 4294749261
    Threads : 1
    Priority : Normal
    FileSize : 512 KB
    FileVersion : 3, 1, 0, 1010
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2002-2003
    CompanyName : Panicware, Inc.
    FileDescription : Pop-Up Stopper Free Edition
    InternalName : Pop-Up Stopper Free Edition
    OriginalFilename : PSFree.exe
    ProductName : Pop-Up Stopper Free Edition
    Created on : 05/22/2003 12:12:14 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/29/2003 4:40:10 PM

    #:14 [wmiexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294736761
    Threads : 3
    Priority : Normal
    FileSize : 16 KB
    FileVersion : 5.00.1755.1
    ProductVersion : 5.00.1755.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : WMI service exe housing
    InternalName : wmiexe
    OriginalFilename : wmiexe.exe
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:15 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4294644629
    Threads : 2
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 12/11/2003 4:02:52 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 07/13/2003 4:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : urllauncher.urllaunchercontrol.1


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : urllauncher.urllaunchercontrol


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TYPELIB\{eac42c32-1fe3-4fd0-9f27-e7f9ccf5fcd9}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : TypeLib\{3CD9D85E-1FF2-4BF7-A113-6669B8D1E676}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\slmss


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Mwsvm


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{E9D8697E-BEA9-4170-84F3-509AD2A11951}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{39341EB6-C340-4F68-AB9D-EE4917309828}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : defaultsearch.seekseek.1


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : defaultsearch.seekseek


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{3E7145B1-EA07-42CE-9299-11DF39FF54BD}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{34EF5B1C-52CB-400b-8B7C-F787018B3826}


    AdRotator Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : AdRotator.Application


    eUniverse_IncrediFind BHO Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : bho.incredifindbho.1


    eUniverse_IncrediFind BHO Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : bho.incredifindbho


    eUniverse_KeenValue Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : toolbar.ResProtocol


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : PROTOCOLS\Handler\tpro


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA}


    IBIS Toolbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}


    New.Net Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : software\new.net


    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Win32.KeyHost Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\redirectkey


    IBIS Toolbar Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    Value : {339BB23F-A864-48C0-A59F-29EA915965EC}


    SCBAR Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Internet Explorer\URLSearchHooks
    Value : {9368D063-44BE-49B9-BD14-BB9663FD38FC}


    VX2.BetterInternet Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 28
    Objects found so far: 28


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Possible Browser Hijack attempt Object recognized!
    Type : RegKey
    Data : homepage="HTTP://www.zestyfind.com/"
    Rootkey : HKEY_CURRENT_USER
    Object : Software\adtomi


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 29


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : anyuser@excite[2].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 05/15/2001 7:01:29 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 05/15/2001 7:01:30 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : default@excitestores[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 08/16/2001 11:31:31 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 08/16/2001 11:31:32 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : default@2o7[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 10/25/2001 11:15:46 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 10/25/2001 11:15:48 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : default@excite[1].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 10/02/2001 11:38:33 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 10/02/2001 11:38:34 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : default@excite[3].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 03/23/2003 3:33:10 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 03/23/2003 3:33:12 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : default@excite[4].txt
    Object : C:\WINDOWS\Cookies\

    Created on : 10/13/2001 6:55:50 PM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 10/13/2001 6:55:52 PM


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    TurboDownload Object recognized!
    Type : File
    Data : td.exe
    Object : C:\WINDOWS\SYSTEM\
    FileSize : 48 KB
    Copyright : 
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    Everything in there is accounted for in the first HijackThis log you posted at SpywareInfo. So they all should go. Hit the Quarantine button before you click Next and a backup will be created.

    Regards,

    Pieter
     
  17. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Alright, well it got rid of all the new stuff it pulled up, but the old Vx2 thing is still there:


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Friday, December 19, 2003 11:09:52 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R239 18.12.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    12-19-2003 11:09:52 AM - Scan started. (Smart mode)


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    VX2.BetterInternet Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 2


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : File
    Data : msg{81b6c660-e430-11d5-8736-0020e0626331}0115.dll
    Object : c:\windows\system\
    FileSize : 320 KB
    FileVersion : 1, 1, 5, 0
    ProductVersion : 1.15
    Copyright : Copyright
    CompanyName : TURBODOWNLOAD.com
    FileDescription : TURBODOWNLOAD.com
    InternalName : TURBODOWNLOAD.com
    OriginalFilename : TURBODOWNLOAD.com
    ProductName : TURBODOWNLOAD.com
    Created on : 11/29/2001 12:48:27 AM
    Last accessed : 12/19/2003 6:00:00 AM
    Last modified : 11/29/2001 12:48:28 AM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 3


    11:16:47 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:06:53:590
    Objects scanned :32565
    Objects identified :3
    Objects ignored :0
    New objects :3
     
  18. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Just for information... I still can't post at Lavasoft.

    VX2 - "seek and destroy"!! Arrrrggghh!
     
  19. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    It's this thing...

    C:\windows\system\msg{81B6C660-E430-11D5-8736-0020E0626331}0115.dll

    I'm trying to delete it, but it says "cannot delete (above) the specified file is being used by windows"
     
  20. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi emosty,

    Can you try deleting it in safe mode?

    That should work.

    Regards,

    Pieter
     
  21. IAMSKINZ

    IAMSKINZ Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    emosty

    You have been validated.

    If you have registered, after receiving your notification, we must still manually confirm the account, this usually takes from 1 hour to 1 day. You just happened to register during my monthly day off, sorry...

    You must login your username and password before posting.

    It has already been done, try again.

    Thanks...

    Have fun.......... :D
     
  22. IAMSKINZ

    IAMSKINZ Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    emosty...

    I have no idea where you are with this issue, if you wish you could either post at the Lavasoft Support Forums or continue on here or at SWI, the help that you receive on any of these boards is of the best available anywhere.
    Ok...
    Please...
    Run Ad-aware 6 with the Full Scan settings....
    How To: Perform a "Full Scan" With Ad-aware 6 Build 181
    http://www.lavahelp.com/howto/fullscan/index.html
    HTH
    Have fun......... :D
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi IAMSKINZ,

    Instead of opening several threads on several boards, and many people working on it - I would recommend having this thread coping with the issue. No offense intended ;)

    regards.

    paul
     
  24. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    okay here's the new log... 52 new objects...Going to quarantine now.

    Also, yes I tried deleting the above file in safe mode, but it still wouldn't let me.


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Monday, December 22, 2003 8:24:54 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R239 18.12.2003
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R239 18.12.2003
    Internal build : 165
    File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
    Total size : 748111 Bytes
    Signature data size : 733576 Bytes
    Reference data size : 14471 Bytes
    Signatures total : 16667
    Target categories : 10
    Target families : 388

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:14 %
    Total physical memory:64860 kb
    Available physical memory:920 kb
    Total page file size:1196480 kb
    Available on page file:1141624 kb
    Total virtual memory:2093056 kb
    Available virtual memory:2052160 kb
    OS:Windows (9:cool:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan within archives

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    12-22-2003 8:24:54 AM - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [kernel32.dll]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4293918671
    Threads : 5
    Priority : High
    FileSize : 460 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1991-1999
    CompanyName : Microsoft Corporation
    FileDescription : Win32 Kernel core component
    InternalName : KERNEL32
    OriginalFilename : KERNEL32.DLL
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:2 [msgsrv32.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294953055
    Threads : 1
    Priority : Normal
    FileSize : 11 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1992-1998
    CompanyName : Microsoft Corporation
    FileDescription : Windows 32-bit VxD Message Server
    InternalName : MSGSRV32
    OriginalFilename : MSGSRV32.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:3 [mprexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294917935
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : WIN32 Network Interface Service Process
    InternalName : MPREXE
    OriginalFilename : MPREXE.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:4 [rtvscn95.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294920383
    Threads : 35
    Priority : Normal
    FileSize : 572 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright (C) Symantec Corporation 1991-2003
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    ProductName : Symantec AntiVirus
    Created on : 05/21/2003 7:29:40 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 05/21/2003 7:29:40 AM

    #:5 [defwatch.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294871199
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    OriginalFilename : DefWatch.exe
    ProductName : Norton AntiVirus
    Created on : 05/21/2003 7:22:36 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 05/21/2003 7:22:36 AM

    #:6 [mmtask.tsk]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294847211
    Threads : 1
    Priority : Normal
    FileSize : 1 KB
    FileVersion : 4.03.1998
    ProductVersion : 4.03.1998
    Copyright : Copyright
    CompanyName : Microsoft Corporation
    FileDescription : Multimedia background task support module
    InternalName : mmtask.tsk
    OriginalFilename : mmtask.tsk
    ProductName : Microsoft Windows
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294844303
    Threads : 18
    Priority : Normal
    FileSize : 176 KB
    FileVersion : 4.72.3110.1
    ProductVersion : 4.72.3110.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1997
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:8 [systray.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294773463
    Threads : 2
    Priority : Normal
    FileSize : 32 KB
    FileVersion : 4.10.2222
    ProductVersion : 4.10.2222
    Copyright : Copyright (C) Microsoft Corp. 1993-1998
    CompanyName : Microsoft Corporation
    FileDescription : System Tray Applet
    InternalName : SYSTRAY
    OriginalFilename : SYSTRAY.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:9 [gwhotkey.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294753519
    Threads : 1
    Priority : Normal
    FileSize : 55 KB
    FileVersion : 5, 7, 0, 2
    ProductVersion : 5.7
    Copyright : Copyright
    CompanyName : BillP Studios
    FileDescription : Multi-function Keyboard By Bill Pytlovany
    ProductName : Gateway Multi-function Keyboard Utility
    Created on : 05/02/2001 3:40:13 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 10/19/1999 2:21:36 PM

    #:10 [9x8start.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294751167
    Threads : 1
    Priority : Normal
    FileSize : 22 KB
    FileVersion : 4.05.1139.3140
    ProductVersion : 4.05.1139.3140
    Copyright : Copyright
    CompanyName : Creative Technology, Ltd.
    FileDescription : This program launches the mixer and configurator.
    InternalName : 9x8start
    OriginalFilename : 9x8start.exe
    ProductName : 9x8start
    Created on : 05/02/2001 3:33:44 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 07/12/1999 9:14:58 PM

    #:11 [taskmon.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 4294746767
    Threads : 1
    Priority : Normal
    FileSize : 28 KB
    FileVersion : 4.10.1998
    ProductVersion : 4.10.1998
    Copyright : Copyright (C) Microsoft Corp. 1998
    CompanyName : Microsoft Corporation
    FileDescription : Task Monitor
    InternalName : TaskMon
    OriginalFilename : TASKMON.EXE
    ProductName : Microsoft(R) Windows(R) Operating System
    Created on : 05/19/2001 5:13:00 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:12 [vptray.exe]
    FilePath : C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\
    ProcessID : 4294770251
    Threads : 2
    Priority : Normal
    FileSize : 88 KB
    FileVersion : 8.1.0.825
    ProductVersion : 8.1.0.825
    Copyright : Copyright (C) Symantec Corporation 1991-2003
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    ProductName : Symantec AntiVirus
    Created on : 05/21/2003 7:21:18 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 05/21/2003 7:21:18 AM

    #:13 [psfree.exe]
    FilePath : C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\
    ProcessID : 4294787203
    Threads : 1
    Priority : Normal
    FileSize : 512 KB
    FileVersion : 3, 1, 0, 1010
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2002-2003
    CompanyName : Panicware, Inc.
    FileDescription : Pop-Up Stopper Free Edition
    InternalName : Pop-Up Stopper Free Edition
    OriginalFilename : PSFree.exe
    ProductName : Pop-Up Stopper Free Edition
    Created on : 05/22/2003 12:12:14 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/29/2003 4:40:10 PM

    #:14 [wmiexe.exe]
    FilePath : C:\WINDOWS\SYSTEM\
    ProcessID : 4294722211
    Threads : 3
    Priority : Normal
    FileSize : 16 KB
    FileVersion : 5.00.1755.1
    ProductVersion : 5.00.1755.1
    Copyright : Copyright (C) Microsoft Corp. 1981-1998
    CompanyName : Microsoft Corporation
    FileDescription : WMI service exe housing
    InternalName : wmiexe
    OriginalFilename : wmiexe.exe
    ProductName : Microsoft(R) Windows NT(R) Operating System
    Created on : 01/01/1601
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 04/24/1999 4:22:00 AM

    #:15 [ad-aware.exe]
    FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
    ProcessID : 4294721603
    Threads : 2
    Priority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 12/11/2003 4:02:52 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 07/13/2003 4:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    VX2.BetterInternet Object recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment : SimilarSingles
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 2


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    IGetNet Object recognized!
    Type : File
    Data : nlnp80.exe
    Category : Data Miner
    Comment :
    Object : C:\




    New.Net Object recognized!
    Type : File
    Data : nnntc485.exe
    Category : Misc
    Comment :
    Object : C:\




    Verticity Object recognized!
    Type : File
    Data : 3.exe
    Category : Malware
    Comment :
    Object : C:\WINDOWS\TEMP\ckz6b980\Files\
    FileSize : 44 KB
    Copyright :

    Created on : 03/10/2003 11:18:14 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 03/10/2003 11:18:14 PM



    Verticity Object recognized!
    Type : File
    Data : 5.exe
    Category : Malware
    Comment :
    Object : C:\WINDOWS\TEMP\ckz6b980\Files\
    FileSize : 20 KB
    Copyright : \SY
    Created on : 05/05/2003 5:42:54 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 05/05/2003 5:42:54 PM



    TurboDownload Object recognized!
    Type : File
    Data : iedriver.exe
    Category : Data Miner
    Comment :
    Object : C:\WINDOWS\TEMP\ckz6b980\Files\
    FileSize : 152 KB
    Copyright : iVi
    Created on : 09/18/2003 8:48:12 PM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 09/18/2003 8:48:12 PM



    Verticity Object recognized!
    Type : File
    Data : ieupdate.exe
    Category : Malware
    Comment :
    Object : C:\WINDOWS\TEMP\ckz6b980\Files\
    FileSize : 120 KB
    Copyright : rig
    Created on : 07/02/2003 12:19:32 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 07/02/2003 12:19:32 AM



    Verticity Object recognized!
    Type : File
    Data : 3.exe
    Category : Malware
    Comment :
    Object : C:\WINDOWS\TEMP\ckze7d35\Files\
    FileSize : 44 KB
    Copyright :
     
  25. emosty

    emosty Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    45
    Location:
    Austin, Texas
    Alright, all that new stuff is gone, but I still have the VX2. It says it couldn't remove it again....


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :Monday, December 22, 2003 9:16:27 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R239 18.12.2003
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R239 18.12.2003
    Internal build : 165
    File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
    Total size : 748111 Bytes
    Signature data size : 733576 Bytes
    Reference data size : 14471 Bytes
    Signatures total : 16667
    Target categories : 10
    Target families : 388

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:16 %
    Total physical memory:64860 kb
    Available physical memory:2660 kb
    Total page file size:1199968 kb
    Available on page file:1145512 kb
    Total virtual memory:2093056 kb
    Available virtual memory:2051136 kb
    OS:Windows (9:cool:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan within archives

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    12-22-2003 9:16:27 AM - Scan started. (Custom mode)



    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : RegKey
    Data :
    Category : Data Miner
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    VX2.BetterInternet Object recognized!
    Type : RegValue
    Data :
    Category : Data Miner
    Comment : SimilarSingles
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 2


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 2


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    VX2.BetterInternet Object recognized!
    Type : File
    Data : msg{81b6c660-e430-11d5-8736-0020e0626331}0115.dll
    Category : Data Miner
    Comment :
    Object : c:\windows\system\
    FileSize : 320 KB
    FileVersion : 1, 1, 5, 0
    ProductVersion : 1.15
    Copyright : Copyright
    CompanyName : TURBODOWNLOAD.com
    FileDescription : TURBODOWNLOAD.com
    InternalName : TURBODOWNLOAD.com
    OriginalFilename : TURBODOWNLOAD.com
    ProductName : TURBODOWNLOAD.com
    Created on : 11/29/2001 12:48:27 AM
    Last accessed : 12/22/2003 6:00:00 AM
    Last modified : 11/29/2001 12:48:28 AM



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 3


    9:34:58 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:18:30:970
    Objects scanned :115211
    Objects identified :3
    Objects ignored :0
    New objects :3
     
Thread Status:
Not open for further replies.