Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 02, 2006 4:25:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R84 28.12.2005


References detected during the scan:

Adware.DollarRevenue(TAC index:3):5 total references
Adware.Z-Quest(TAC index:4):6 total references
CoolWebSearch(TAC index:10):7 total references
Possible Browser Hijack attempt(TAC index:3):5 total references
Targetsavers(TAC index:8):13 total references
Win32.TrojanDownloader.Qoologic(TAC index:10):9 total references
Windows (TAC index:3):1 total references
VX2(TAC index:10):2 total references


#:23 [newfrn.exe]
FilePath : C:\WINDOWS\
ProcessID : 3216
ThreadCreationTime : 1-2-2006 9:24:01 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : URLBrowserNew
InternalName : URLBrowserNew
OriginalFilename : URLBrowserNew.exe

Adware.Z-Quest Object Recognized!
Type : Process
Data : newfrn.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : URLBrowserNew
InternalName : URLBrowserNew
OriginalFilename : URLBrowserNew.exe


Started registry scan

Win32.TrojanDownloader.Qoologic Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

Windows Object Recognized!
Type : RegData
Data : explorer.exe "c:\program files\common files\microsoft shared\web folders\ibm00001.exe"
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe "c:\program files\common files\microsoft shared\web folders\ibm00001.exe"




Started deep registry scan


Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\MainSearch Bar.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchbar.findthewebsiteyouneed.com"
Possible Browser Hijack attempt : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\MainDefault_Search_URL.findthewebsiteyouneed.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1547161642-113007714-854245398-1003\Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://searchbar.findthewebsiteyouneed.com"

Targetsavers Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "uqio"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : uqio

Targetsavers Object Recognized!
Type : File
Data : uqiom.exe
TAC Rating : 8
Category : Malware
Comment :
Object : c:\progra~1\common~1\uqio\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005


Adware.Z-Quest Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment : "NewFrn"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : NewFrn

Adware.Z-Quest Object Recognized!
Type : File
Data : newfrn.exe
TAC Rating : 4
Category : Adware
Comment :
Object : c:\windows\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : URLBrowserNew
InternalName : URLBrowserNew
OriginalFilename : URLBrowserNew.exe



Deep scanning and examining files (C:)
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗

CoolWebSearch Object Recognized!
Type : File
Data : BlackBox.class-4fbc14ee-6b2b1779.class
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\joeuser\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\


Targetsavers Object Recognized!
Type : File
Data : tsinstall_4_0_4_0_b4.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Documents and Settings\joeuser\Local Settings\Temp\

Adware.DollarRevenue Object Recognized!
Type : File
Data : adtech2006a[1].exe
TAC Rating : 3
Category : Adware
Comment :
Object : C:\Documents and Settings\joeuser\Local Settings\Temporary Internet Files\Content.IE5\LS4Z91OD\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : ─┬├╠└
InternalName : adtech2006a
OriginalFilename : adtech2006a.exe


Targetsavers Object Recognized!
Type : File
Data : stub_113_4_0_4_0[1].exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Documents and Settings\joeuser\Local Settings\Temporary Internet Files\Content.IE5\LS4Z91OD\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005

Adware.DollarRevenue Object Recognized!
Type : File
Data : timessquare[1].exe
TAC Rating : 3
Category : Adware
Comment :
Object : C:\Documents and Settings\joeuser\Local Settings\Temporary Internet Files\Content.IE5\WVP76ABH\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : timessquare
InternalName : timessquare
OriginalFilename : timessquare.exe

Adware.Z-Quest Object Recognized!
Type : File
Data : newfrn[1].exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\Documents and Settings\joeuser\Local Settings\Temporary Internet Files\Content.IE5\YPLUZAHW\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : URLBrowserNew
InternalName : URLBrowserNew
OriginalFilename : URLBrowserNew.exe

Targetsavers Object Recognized!
Type : File
Data : uqioa.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Common Files\uqio\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005


Targetsavers Object Recognized!
Type : File
Data : uqioc.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Common Files\uqio\uqiod\

Targetsavers Object Recognized!
Type : File
Data : uqiol.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Common Files\uqio\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005


Targetsavers Object Recognized!
Type : File
Data : uqiom.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Common Files\uqio\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005


Targetsavers Object Recognized!
Type : File
Data : uqiop.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\Common Files\uqio\
FileVersion : 4.0.4.0
ProductVersion : 4.0.4.0
LegalCopyright : Copyright (C) 2005



Targetsavers Object Recognized!
Type : File
Data : stub_113_4_0_4_0.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright (C) 2005


Adware.Z-Quest Object Recognized!
Type : File
Data : A0011784.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{847E2194-5E8A-4131-9463-3EEFC4E28CBD}\RP101\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : URLBrowserNew
InternalName : URLBrowserNew
OriginalFilename : URLBrowserNew.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0011796.exe
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{847E2194-5E8A-4131-9463-3EEFC4E28CBD}\RP101\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : timessquare
InternalName : timessquare
OriginalFilename : timessquare.exe


Win32.TrojanDownloader.Qoologic Object Recognized!
Type : File
Data : wuauclt.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\


Targetsavers Object Recognized!
Type : File
Data : tsuninst.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\