Ok, im a regular spyware freak. I know exactly what everything is in my task manager and know what my copmuter does when it starts up. I also check my registry all the time for new or other anomolous strings.
I found some file in under c: called GatorPdpPlg.log, naturally, this got me interested into what is going on.
here's what the log had to say:
__________________________________________________________
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PdpPlugin.dll v4.0.9.4 starts Mon Jan 06 20:29:45 2003
(Loaded by C:\Program Files\Internet Explorer\iexplore.exe v6.0.240.82)
ATTACH PdpPlugin 0x092E0000
CPdpPlg(i=0x09330CE0): (active instance)
OS is "Windows XP"
OnCreate(i=0x09330CE0, w=0x000A0644)
Fire_OnPluginCreated() returned 7 (0x00000007)
Parent BrowserType=IE
params="&fcn=hd&bgcolor=FFFFFF&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_Adtegrity&pidel=this&email=&fname=&country=&zip=&wuid=PhotJgr6AhgAABuOFmU&rs=1&hdeulaurl=http/www.gatorcorporation.com/help/hd-post-yes-p1f.html&did=0&apprq="
(param-delimiter char is '&')
src = "webpdp.gator.com/v3/download/trickler_4010.ex_"
aic = "HIC_Adtegrity"
wuid = "PhotJgr6AhgAABuOFmU"
did = "0"
hdeulaurl = "http/www.gatorcorporation.com/help/hd-post-yes-p1f.html"
apprq = ""
rs = "1"
Plugin function is "hd (OK)"
TID = "3e1a2d89"
Validating domain for "webpdp.gator.com/v3/download/trickler_4010.ex_"... OK
Validating domain for "http/www.gatorcorporation.com/help/hd-post-yes-p1f.html"... OK
Performing HD run-ability checks:
1 secs since Registration... OK.
IE's ActiveX security level is 0 (enable)...Set AxValue: "BAD(SecLvl=0)"
DoInternalVsDlg:
SecurityDlg was displayed for 1 seconds.
Set AxValue: "REJECT"
Set end-msg: IEAXNOVS (AxeDlg(1,"REJECT"))
CWorkerThread ends.
LogGS: 200 [MID_IEGATOR|START|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity||SAR_OK|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogGS: 200 [MID_IEGATOR|END|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity|hd (OK)|0|IEAXNOVS|AxeDlg(1,"REJECT")|0|UNKNOWN|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogRS: 200 [event=END&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=hd (OK)&data2=0&data3=IEAXNOVS&data4=AxeDlg(1,"REJECT")&data5=0&data6=UNKNOWN&data7=PhotJgr6AhgAABuOFmU&data8=3e1a2d89&data9=0&]
LogRS: 200 [event=START&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=&data2=SAR_OK&data3=PhotJgr6AhgAABuOFmU&data4=3e1a2d89&data5=0&data6=&data7=&data8=&data9=&]
** All stats processed **
OnDestroy(i=0x09330CE0, w=0x000A0644)
~CPdpPlg(i=0x09330CE0)
Clearing Trust DB... OK.
Unregistering plugin... DllUnregisterServer()
OK.
Waiting for log threads to complete...
DETACH PdpPlugin 0x092E0000
Log closes Mon Jan 06 20:32:55 2003
___________________________________________________________
Now i looked through my my downloaded programs directory and there is no CONFLICT.2 directory and i can't find the dll file anywhere. I looked through my registry and under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731918D2-517A-47E2-886A-3BC1380C591D} and some other strings that had the word gator in it. I also found an attachment to a file called pdpplugin.inf
here is what the .inf file says
________________________________________________
; CAB INF file for PdpPlugin.dll
[version]
; version signature (same for all Win32 platforms)
signature="$CHICAGO$"
AdvancedINF=2.0
[Add.Code]
PdpPlugin.dll=PdpPlugin.dll
; needed DLL
[PdpPlugin.dll]
file-win32-x86=thiscab
clsid={731918D2-517A-47e2-886A-3BC1380C591D}
FileVersion=4,0,9,4
RegisterServer=yes
; Nonstandard stuff for Gator.com CAB management
[_VerisignInfo_]
text=(after accepting our agreements) Precision Time/Date Manager, free 10 second downloads that display exact time/date and offers based on websites you view? Click here to read our agreements. Click Yes to accept
url=http/www.gatorcorporation.com/help/privacystatement-3.html?HDID=DM_PTE=3.1
[_CabMaker_]
Version=4.0.1.2
__________________________________________
I just wanna know if anyone else has this and if it is indeed anything to be concerned about. If it is then im gonna clean it, if not then ok. but anything attached to gator worries me.
who ever has the most ram when they die wins!
I found some file in under c: called GatorPdpPlg.log, naturally, this got me interested into what is going on.
here's what the log had to say:
__________________________________________________________
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PdpPlugin.dll v4.0.9.4 starts Mon Jan 06 20:29:45 2003
(Loaded by C:\Program Files\Internet Explorer\iexplore.exe v6.0.240.82)
ATTACH PdpPlugin 0x092E0000
CPdpPlg(i=0x09330CE0): (active instance)
OS is "Windows XP"
OnCreate(i=0x09330CE0, w=0x000A0644)
Fire_OnPluginCreated() returned 7 (0x00000007)
Parent BrowserType=IE
params="&fcn=hd&bgcolor=FFFFFF&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_Adtegrity&pidel=this&email=&fname=&country=&zip=&wuid=PhotJgr6AhgAABuOFmU&rs=1&hdeulaurl=http/www.gatorcorporation.com/help/hd-post-yes-p1f.html&did=0&apprq="
(param-delimiter char is '&')
src = "webpdp.gator.com/v3/download/trickler_4010.ex_"
aic = "HIC_Adtegrity"
wuid = "PhotJgr6AhgAABuOFmU"
did = "0"
hdeulaurl = "http/www.gatorcorporation.com/help/hd-post-yes-p1f.html"
apprq = ""
rs = "1"
Plugin function is "hd (OK)"
TID = "3e1a2d89"
Validating domain for "webpdp.gator.com/v3/download/trickler_4010.ex_"... OK
Validating domain for "http/www.gatorcorporation.com/help/hd-post-yes-p1f.html"... OK
Performing HD run-ability checks:
1 secs since Registration... OK.
IE's ActiveX security level is 0 (enable)...Set AxValue: "BAD(SecLvl=0)"
DoInternalVsDlg:
SecurityDlg was displayed for 1 seconds.
Set AxValue: "REJECT"
Set end-msg: IEAXNOVS (AxeDlg(1,"REJECT"))
CWorkerThread ends.
LogGS: 200 [MID_IEGATOR|START|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity||SAR_OK|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogGS: 200 [MID_IEGATOR|END|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity|hd (OK)|0|IEAXNOVS|AxeDlg(1,"REJECT")|0|UNKNOWN|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogRS: 200 [event=END&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=hd (OK)&data2=0&data3=IEAXNOVS&data4=AxeDlg(1,"REJECT")&data5=0&data6=UNKNOWN&data7=PhotJgr6AhgAABuOFmU&data8=3e1a2d89&data9=0&]
LogRS: 200 [event=START&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=&data2=SAR_OK&data3=PhotJgr6AhgAABuOFmU&data4=3e1a2d89&data5=0&data6=&data7=&data8=&data9=&]
** All stats processed **
OnDestroy(i=0x09330CE0, w=0x000A0644)
~CPdpPlg(i=0x09330CE0)
Clearing Trust DB... OK.
Unregistering plugin... DllUnregisterServer()
OK.
Waiting for log threads to complete...
DETACH PdpPlugin 0x092E0000
Log closes Mon Jan 06 20:32:55 2003
___________________________________________________________
Now i looked through my my downloaded programs directory and there is no CONFLICT.2 directory and i can't find the dll file anywhere. I looked through my registry and under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731918D2-517A-47E2-886A-3BC1380C591D} and some other strings that had the word gator in it. I also found an attachment to a file called pdpplugin.inf
here is what the .inf file says
________________________________________________
; CAB INF file for PdpPlugin.dll
[version]
; version signature (same for all Win32 platforms)
signature="$CHICAGO$"
AdvancedINF=2.0
[Add.Code]
PdpPlugin.dll=PdpPlugin.dll
; needed DLL
[PdpPlugin.dll]
file-win32-x86=thiscab
clsid={731918D2-517A-47e2-886A-3BC1380C591D}
FileVersion=4,0,9,4
RegisterServer=yes
; Nonstandard stuff for Gator.com CAB management
[_VerisignInfo_]
text=(after accepting our agreements) Precision Time/Date Manager, free 10 second downloads that display exact time/date and offers based on websites you view? Click here to read our agreements. Click Yes to accept
url=http/www.gatorcorporation.com/help/privacystatement-3.html?HDID=DM_PTE=3.1
[_CabMaker_]
Version=4.0.1.2
__________________________________________
I just wanna know if anyone else has this and if it is indeed anything to be concerned about. If it is then im gonna clean it, if not then ok. but anything attached to gator worries me.
who ever has the most ram when they die wins!