• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Crunch

DSO Exploit - cannot get rid?

2 posts in this topic

Hi there, lately I’ve been having a lot of problems with popups on my computer when using any website. I have to run both spybot and ad-aware daily to just limit it and even when I do the scan before I shutdown the computer, spybot finds something called ‘DSO Exploit’ (shown in the logs below). I mainly use the website www.ebay.co.uk and for emailing. I never open attachments from emails I don’t recognise with them usually going straight to the bin. Any help?

 

* This is the log from Spybot before shutting the computer down:

 

DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

 

 

Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

 

 

Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

 

 

Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

 

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-3699524586-3866767467-3757752560-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

* Ad-aware Log before shut down:

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :20 July 2004 10:56:10

Created with Ad-aware Personal, free for private use.

Using reference-file :01R325 27.06.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

 

 

20-07-2004 10:56:10 - Scan started. (Smart mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 20-07-2004 09:46:48

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 20-07-2004 09:46:51

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 20-07-2004 09:46:51

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 01/01/2003 08:34:55

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 16:56:00

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 20-07-2004 09:46:51

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 01/01/2003 08:34:14

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 17:21:00

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 20-07-2004 09:46:51

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 01/01/2003 08:35:04

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 17:32:00

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 20-07-2004 09:46:51

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 01/01/2003 08:35:04

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 17:32:00

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 20-07-2004 09:46:55

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 01/01/2003 08:35:02

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 17:01:00

 

#:8 [ccevtmgr.exe]

FilePath : c:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 20-07-2004 09:46:55

BasePriority : Normal

FileSize : 309 KB

FileVersion : 1.03.4

ProductVersion : 1.03.4

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

ProductName : Event Manager

Created on : 14/11/2002 06:44:02

Last accessed : 20/07/2004 09:46:46

Last modified : 14/11/2002 06:44:02

 

#:9 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 20-07-2004 09:46:55

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 01/01/2003 08:33:21

Last accessed : 20/07/2004 09:51:28

Last modified : 20/01/2003 17:21:00

 

#:10 [nisum.exe]

FilePath : c:\Program Files\Norton Personal Firewall\

ThreadCreationTime : 20-07-2004 09:46:55

BasePriority : Normal

FileSize : 137 KB

FileVersion : 6.02.2003

ProductVersion : 6.02.2003

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton Internet Security NISUM

InternalName : NISUM

OriginalFilename : NISUM.exe

ProductName : Norton Internet Security

Created on : 08/02/2004 15:22:02

Last accessed : 20/07/2004 09:46:46

Last modified : 03/03/2003 13:06:36

 

#:11 [services.exe]

FilePath : C:\WINDOWS\System32\services\

ThreadCreationTime : 20-07-2004 09:46:56

BasePriority : Normal

FileSize : 48 KB

Created on : 30/06/2004 08:49:55

Last accessed : 20/07/2004 09:46:59

Last modified : 30/06/2004 08:49:55

 

#:12 [hpsysdrv.exe]

FilePath : C:\windows\system\

ThreadCreationTime : 20-07-2004 09:46:57

BasePriority : Normal

FileSize : 51 KB

FileVersion : 1, 7, 0, 0

ProductVersion : 1, 7, 0, 0

Copyright : Copyright

CompanyName : Hewlett-Packard Company

FileDescription : hpsysdrv

InternalName : hpsysdrv

OriginalFilename : hpsysdrv.exe

ProductName : hpsysdrv

Created on : 01/01/2003 18:07:56

Last accessed : 20/07/2004 09:46:46

Last modified : 07/05/1998 23:04:38

 

#:13 [ccpxysvc.exe]

FilePath : c:\Program Files\Norton Personal Firewall\

ThreadCreationTime : 20-07-2004 09:46:57

BasePriority : Normal

FileSize : 33 KB

FileVersion : 6.02.2003

ProductVersion : 6.02.2003

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton Internet Security Proxy Service

InternalName : ccPxySvc

OriginalFilename : ccPxySvc.exe

ProductName : Norton Internet Security

Created on : 08/02/2004 15:22:01

Last accessed : 20/07/2004 09:46:46

Last modified : 03/03/2003 13:05:18

 

#:14 [kbd.exe]

FilePath : C:\HP\KBD\

ThreadCreationTime : 20-07-2004 09:46:57

BasePriority : High

FileSize : 60 KB

FileVersion : 1.0.2.0

ProductVersion : 1.0.2.0

Copyright : Copyright

CompanyName : Hewlett-Packard Company

FileDescription : KBD EXE

InternalName : KBD EXE

OriginalFilename : Kbd.exe

ProductName : Hewlett-Packard Company KBD EXE

Created on : 01/01/2003 18:30:55

Last accessed : 20/07/2004 09:46:46

Last modified : 12/02/2003 03:02:48

 

#:15 [navapsvc.exe]

FilePath : c:\Program Files\Norton AntiVirus\

ThreadCreationTime : 20-07-2004 09:46:57

BasePriority : Normal

FileSize : 113 KB

FileVersion : 9.05.1015

ProductVersion : 9.05.1015

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 15/11/2002 09:41:26

Last accessed : 20/07/2004 09:46:46

Last modified : 15/11/2002 09:41:26

 

#:16 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 53 KB

FileVersion : 1.0.10.006

ProductVersion : 1.0.10.006

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client CC App

InternalName : ccApp

OriginalFilename : ccApp.exe

ProductName : Common Client

Created on : 04/01/2004 23:14:48

Last accessed : 20/07/2004 09:52:32

Last modified : 02/12/2003 16:11:04

 

#:17 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 01/01/2003 08:35:04

Last accessed : 20/07/2004 09:46:46

Last modified : 20/01/2003 17:32:00

 

#:18 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 328 KB

FileVersion : 6.14.10.5024

ProductVersion : 6.14.10.5024

Copyright : Copyright © 1998-2002 ATI Technologies Inc.

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

OriginalFilename : Atiptaxx.exe

ProductName : ATI Desktop Component

Created on : 29/11/2003 18:40:41

Last accessed : 20/07/2004 09:46:46

Last modified : 19/07/2003 21:10:00

 

#:19 [hpwuschd.exe]

FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 48 KB

Created on : 17/12/2002 11:40:22

Last accessed : 20/07/2004 09:46:46

Last modified : 17/12/2002 11:40:22

 

#:20 [hpotdd01.exe]

FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 40 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright

CompanyName : Hewlett-Packard

FileDescription : hpotdd01

InternalName : hpotdd01

OriginalFilename : hpotdd01.exe

ProductName : Hewlett-Packard hpotdd01

Created on : 02/12/2002 20:56:10

Last accessed : 20/07/2004 09:46:46

Last modified : 02/12/2002 20:56:10

 

#:21 [mounter.exe]

FilePath : C:\WINDOWS\SYSTEM32\

ThreadCreationTime : 20-07-2004 09:46:58

BasePriority : Normal

FileSize : 56 KB

FileVersion : 2.0.0.1

ProductVersion : 2.0.0.1

Copyright : Copyright © 2001

CompanyName : Mustek System Inc.

FileDescription : MDC3000

InternalName : Mounter

OriginalFilename : Mounter.exe

ProductName : Mustek MDC 3000 Mounter

Created on : 13/01/2004 17:50:40

Last accessed : 20/07/2004 09:46:46

Last modified : 23/01/2002 10:59:54

 

#:22 [ru2.exe]

FilePath : C:\documents and settings\owner\local settings\temp\

ThreadCreationTime : 20-07-2004 09:46:59

BasePriority : Normal

FileSize : 228 KB

Created on : 30/06/2004 18:13:43

Last accessed : 20/07/2004 09:46:46

Last modified : 30/06/2004 18:13:43

 

#:23 [dvsl.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 20-07-2004 09:46:59

BasePriority : Normal

FileSize : 344 KB

Created on : 06/07/2004 07:24:04

Last accessed : 20/07/2004 09:46:46

Last modified : 01/07/2004 16:23:07

 

#:24 [eber.exe]

FilePath : C:\Documents and Settings\Owner\Application Data\

ThreadCreationTime : 20-07-2004 09:46:59

BasePriority : Normal

FileSize : 74 KB

Created on : 07/07/2004 15:24:43

Last accessed : 20/07/2004 09:46:46

Last modified : 07/07/2004 15:24:43

 

#:25 [quickdcf.exe]

FilePath : C:\Program Files\FinePixViewer\

ThreadCreationTime : 20-07-2004 09:47:00

BasePriority : Normal

FileSize : 196 KB

FileVersion : 4, 0, 0, 0

ProductVersion : 4, 0, 0, 0

Copyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.

CompanyName : FUJI PHOTO FILM CO., LTD.

FileDescription : Exif Launcher

InternalName : QuickDCF

OriginalFilename : QuickDCF.exe

ProductName : FinePixViewer

Created on : 29/11/2003 19:08:20

Last accessed : 20/07/2004 09:47:00

Last modified : 20/12/2002 16:18:40

 

#:26 [atdialler1.exe]

FilePath : C:\freeserve\freeserveconnectionkit\

ThreadCreationTime : 20-07-2004 09:47:00

BasePriority : Normal

FileSize : 152 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright

CompanyName : Hewlett Packard

FileDescription : Micro Dialler for Freeserve

InternalName : RasApp

OriginalFilename : RasApp.exe

ProductName : Micro Dialler

Created on : 28/05/2003 13:48:10

Last accessed : 20/07/2004 09:47:03

Last modified : 28/05/2003 13:48:10

 

#:27 [wuauclt.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 20-07-2004 09:48:06

BasePriority : Normal

FileSize : 145 KB

FileVersion : 5.4.3790.20 built by: lab04_n

ProductVersion : 5.4.3790.20

CompanyName : Microsoft Corporation

FileDescription : Windows Update AutoUpdate Client

InternalName : wuauclt.exe

OriginalFilename : wuauclt.exe

ProductName : Microsoft

Created on : 01/01/2003 08:36:16

Last accessed : 20/07/2004 09:48:06

Last modified : 09/02/2004 21:09:02

 

#:28 [winword.exe]

FilePath : C:\Program Files\Microsoft Office\Office\

ThreadCreationTime : 20-07-2004 09:55:13

BasePriority : Normal

FileSize : 8592 KB

FileVersion : 9.0.2717

ProductVersion : 9.0.2717

Copyright : Copyright

CompanyName : Microsoft Corporation

FileDescription : Microsoft Word for Windows

InternalName : WinWord

OriginalFilename : WinWord.exe

ProductName : Microsoft Office 2000

Created on : 18/03/1999 05:38:10

Last accessed : 20/07/2004 09:55:13

Last modified : 18/03/1999 05:38:10

 

#:29 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ThreadCreationTime : 20-07-2004 09:55:39

BasePriority : Normal

FileSize : 1456 KB

FileVersion : 4.7.2009

ProductVersion : Version 4.7

Copyright : Copyright © Microsoft Corporation 1997-2003

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

OriginalFilename : msmsgs.exe

ProductName : Messenger

Created on : 14/04/2003 19:30:14

Last accessed : 20/07/2004 09:46:46

Last modified : 14/04/2003 19:30:14

 

#:30 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 20-07-2004 09:55:57

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 12/12/2003 17:59:12

Last accessed : 20/07/2004 09:55:57

Last modified : 12/07/2003 22:00:20

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{5321e378-ffad-4999-8c62-03ca8155f0b3}

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : replace.hbo

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : replace.hbo.1

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : amateur

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : anal

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : ass

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : fuck

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : hardcore

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : incest

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : lolita

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : pissing

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : porn

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : porno

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : sex

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : tgp

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : thumb

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : underage

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 17

Objects found so far: 17

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 17

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : owner@bluestreak[1].txt

Object : C:\Documents and Settings\Owner\Cookies\

 

Created on : 19/07/2004 21:59:46

Last accessed : 20/07/2004 09:57:47

Last modified : 19/07/2004 21:59:46

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Windows\CurrentVersion\Run

Value : xpsystem

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Titles

Value : {not_found}

 

 

CoolWebSearch Object recognized!

Type : File

Data : 2.01.00.dll

Object : c:\windows\system32\services\

FileSize : 136 KB

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

Copyright : Copyright 2003

FileDescription : Replace Module

InternalName : Replace

OriginalFilename : Replace.DLL

ProductName : Replace Module

Created on : 19/07/2004 22:14:38

Last accessed : 20/07/2004 09:47:59

Last modified : 19/07/2004 22:14:38

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : crontab.ini

Object : c:\windows\system32\services\

FileSize : 1 KB

Created on : 19/07/2004 21:58:41

Last accessed : 20/07/2004 09:46:59

Last modified : 19/07/2004 22:14:39

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : keywords.ini

Object : c:\windows\system32\services\

 

Created on : 19/07/2004 21:58:42

Last accessed : 20/07/2004 09:58:25

Last modified : 19/07/2004 22:14:40

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : sl.ini

Object : c:\windows\system32\services\

 

Created on : 19/07/2004 21:58:43

Last accessed : 20/07/2004 09:58:25

Last modified : 19/07/2004 22:14:41

 

 

 

CoolWebSearch Object recognized!

Type : File

Data : titles.ini

Object : c:\windows\system32\services\

 

Created on : 19/07/2004 21:58:43

Last accessed : 20/07/2004 09:46:59

Last modified : 19/07/2004 22:14:41

 

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 8

Objects found so far: 26

 

 

10:58:26 Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:02:14:859

Objects scanned :47704

Objects identified :26

Objects ignored :0

New objects :26

 

Spybot after restart:

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-3699524586-3866767467-3757752560-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Any help would be greatly received. Thankyou :]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0