hawkeye

Members
  • Content Count

    10
  • Joined

  • Last visited

About hawkeye

  • Rank
    Member
  1. Hello Besttechie, I have followed all the intsructions on the links given by you, each time i enter a command, the following appears: C:\>Destination is not a directory:Letter:\i386\config.nt_ I have tried several times and it didn't help, still i really appreciate your time taken to give me the links.Thank you and i hope i can hear some more instructions from you. Regards Hawkeye
  2. Hey guys, Firstly i really have to thank you for giving all the suggestions, i tried the firefox but there doesn't seem to have a home page,and when i tried to reboot and install netscape again it didn't help either.Wonder what went wrong? Please give me some more advice,thanks again.
  3. Hello Efwis, Forgive me for merging the 2 topics together. Thank you for taking the time to look into the matter. Hope to hear from you real soon.Have a nice day. Regards Hawkeye
  4. Hello guys, There seems to be another problem with my netscape, from my shortcut i cannot get started straight away, once i click on it there will be an icon that says: Configuration warning An error occurred reading the startup configuration file.Please contact your administrator. prefs.js,line46 syntaxError:illegal character. Then i have to click on the cancel button and a netscape registeration page pops up and i have to click cancel again to get to the netscape home page.Why is this happening? Please advise me on what to do with this problem,thank you very much. Regards Hawkeye.
  5. Hello guys, I have this problem after i got some virus and scanning, each time i put in a CD rom game to play it just shows this: C:\WINNT\SYSTEM32\AUTOEXEC.NT. The system file is not suitable fo running MS-DOS and Microsoft Windos applications.Choose 'close' to terminate application. There is also an ignore button which i use to hit and the game can be played but not anymore.Can anyone please help me with this.Thank you very much. Regards Hawkeye.
  6. Hello JD, Thank you for getting help for me,talk to you soon..have a good day. Regards Hawkeye
  7. Hello BestTechie, Thank you so much for all the info, sorry to tell you that i'm really an idiot when it comes to stuff like this so it will take some time for me to understand your whole explanation. I will try my best to do exactly as told and hope you can guide me again when anymore problems come up.Before i read your post i did a scan with Ad Aware and have saved the log, please take a look at it and see if there are any problems i'm having.Its posted right below. Thank you very much again for all the help and time taken,have a wonderful day. Regards Hawkeye Ad-Aware SE Build 1.05 Logfile Created on:Friday, November 12, 2004 12:28:04 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R16 28.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):35 total references Alexa(TAC index:5):1 total references Elitum.ElitebarBHO(TAC index:5):1 total references MRU List(TAC index:0):20 total references Possible Browser Hijack attempt(TAC index:3):111 total references TopMoxie(TAC index:3):1 total references Tracking Cookie(TAC index:3):3 total references Win32.Backdoor.Agobot(TAC index:8):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11/12/2004 12:28:04 AM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 152 ThreadCreationTime : 11/11/2004 4:25:37 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 176 ThreadCreationTime : 11/11/2004 4:25:48 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 172 ThreadCreationTime : 11/11/2004 4:25:50 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINNT\system32\ ProcessID : 224 ThreadCreationTime : 11/11/2004 4:25:51 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINNT\system32\ ProcessID : 236 ThreadCreationTime : 11/11/2004 4:25:51 PM BasePriority : Normal FileVersion : 5.00.2184.1 ProductVersion : 5.00.2184.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : LSA Executable and Server DLL (Export Version) InternalName : lsasrv.dll and lsass.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : lsasrv.dll and lsass.exe #:6 [svchost.exe] FilePath : C:\WINNT\system32\ ProcessID : 372 ThreadCreationTime : 11/11/2004 4:25:53 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINNT\System32\ ProcessID : 420 ThreadCreationTime : 11/11/2004 4:25:54 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:8 [spoolsv.exe] FilePath : C:\WINNT\system32\ ProcessID : 468 ThreadCreationTime : 11/11/2004 4:25:54 PM BasePriority : Normal FileVersion : 5.00.2161.1 ProductVersion : 5.00.2161.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolss.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : spoolss.exe #:9 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 500 ThreadCreationTime : 11/11/2004 4:25:55 PM BasePriority : Normal FileVersion : 7,0,0,270 ProductVersion : 7.0.0.270 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:10 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 516 ThreadCreationTime : 11/11/2004 4:25:55 PM BasePriority : Normal FileVersion : 7,0,0,280 ProductVersion : 7.0.0.280 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:11 [hidserv.exe] FilePath : C:\WINNT\system32\ ProcessID : 544 ThreadCreationTime : 11/11/2004 4:25:55 PM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : HID Audio Service InternalName : hidserv LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : HIDSERV.EXE #:12 [appservices.exe] FilePath : C:\PROGRA~1\Iomega\System32\ ProcessID : 556 ThreadCreationTime : 11/11/2004 4:25:56 PM BasePriority : Normal FileVersion : 2, 0, 2, 5 ProductVersion : 2, 0, 2, 5 ProductName : Iomega App Services CompanyName : Iomega Corporation FileDescription : AppServices InternalName : AppServices LegalCopyright : Copyright © 2000 OriginalFilename : AppService.exe Comments : Iomega App Services For Windows 2000/NT #:13 [regsvc.exe] FilePath : C:\WINNT\system32\ ProcessID : 596 ThreadCreationTime : 11/11/2004 4:25:56 PM BasePriority : Normal FileVersion : 5.00.2155.1 ProductVersion : 5.00.2155.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Remote Registry Service InternalName : regsvc LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : REGSVC.EXE #:14 [mstask.exe] FilePath : C:\WINNT\system32\ ProcessID : 616 ThreadCreationTime : 11/11/2004 4:25:57 PM BasePriority : Normal FileVersion : 4.71.2137.1 ProductVersion : 4.71.2137.1 ProductName : Microsoft® Windows® Task Scheduler CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler LegalCopyright : Copyright © Microsoft Corp. 1997 OriginalFilename : mstask.exe #:15 [winmgmt.exe] FilePath : C:\WINNT\System32\WBEM\ ProcessID : 672 ThreadCreationTime : 11/11/2004 4:25:58 PM BasePriority : Normal FileVersion : 1.50.1085.0001 ProductVersion : 1.50.1085.0001 ProductName : Windows Management Instrumentation CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT LegalCopyright : Copyright © Microsoft Corp. 1995-1999 #:16 [adservice.exe] FilePath : C:\Program Files\Iomega\AutoDisk\ ProcessID : 688 ThreadCreationTime : 11/11/2004 4:25:59 PM BasePriority : Normal FileVersion : 3, 2, 1, 5 ProductVersion : 3, 2, 1, 5 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk Service InternalName : ADService LegalCopyright : Copyright © 2002 OriginalFilename : ADService.exe #:17 [explorer.exe] FilePath : C:\WINNT\ ProcessID : 892 ThreadCreationTime : 11/11/2004 4:26:11 PM BasePriority : Normal FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : EXPLORER.EXE #:18 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 868 ThreadCreationTime : 11/11/2004 4:26:18 PM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "partner_id" Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : partner_id Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "WebRebates0" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : WebRebates0 Win32.Backdoor.Agobot Object Recognized! Type : RegValue Data : Category : Malware Comment : "sys29" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : sys29 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 5 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Page\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "file://C:\WINNT\TEMP\sp.html" Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "file://C:\WINNT\TEMP\sp.html" Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchSearchAssistant\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "file://C:\WINNT\TEMP\sp.html" Trusted zone presumably compromised : blazefind.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Value : * Trusted zone presumably compromised : flingstone.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Value : * Trusted zone presumably compromised : searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Value : * Trusted zone presumably compromised : searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Value : * Trusted zone presumably compromised : slotch.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Value : * Trusted zone presumably compromised : xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Value : * Trusted zone presumably compromised : blazefind.com Trusted zone presumably compromised : clickspring.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Value : * Trusted zone presumably compromised : flingstone.com Trusted zone presumably compromised : mt-download.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Value : * Trusted zone presumably compromised : my-internet.info Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Value : * Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchmiracle.com Trusted zone presumably compromised : slotch.com Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 21 Objects found so far: 26 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/HTM/461/0 Expires : 7/16/2005 3:36:48 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt Category : Data Miner Comment : Hits:17 Value : Cookie:[email protected]/ Expires : 7/26/2004 1:38:44 PM LastSync : Hits:17 UseCount : 0 Hits : 17 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][3].txt Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/HTM/461/0 Expires : 7/16/2005 3:37:02 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 29 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : File Data : msbbhook.dll Category : Data Miner Comment : Object : C:\WINNT\ 180Solutions Object Recognized! Type : File Data : msbb.exe_tobedeleted Category : Data Miner Comment : Object : C:\WINNT\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. Disk Scan Result for C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Disk Scan Result for C:\WINNT\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 180Solutions Object Recognized! Type : File Data : msbb.exe Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\FLEOK\ FileVersion : 5, 9, 0, 7 ProductVersion : 5, 9, 0, 7 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : File Data : ncmyb.dll Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\ 180Solutions Object Recognized! Type : File Data : msbb.exe_tobedeleted Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\ FileVersion : 5, 9, 0, 7 ProductVersion : 5, 9, 0, 7 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : File Data : 11 Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\ 180Solutions Object Recognized! Type : File Data : 12 Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\ FileVersion : 5, 9, 0, 7 ProductVersion : 5, 9, 0, 7 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. Elitum.ElitebarBHO Object Recognized! Type : File Data : 1289263.dll Category : Data Miner Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ FileVersion : 1, 0, 0, 53 ProductVersion : 1, 0, 0, 53 ProductName : EliteToolBar Dynamic Link Library FileDescription : EliteToolBar DLL InternalName : EliteToolBar LegalCopyright : Copyright © 2004 OriginalFilename : EliteToolBar.DLL Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 37 Scanning Hosts file...... Hosts file location:"C:\WINNT\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 54 entries scanned. New critical objects:0 Objects found so far: 37 Possible Browser Hijack attempt Object Recognized! Type : File Data : Pornosphere.url Category : Misc Comment : Problematic URL discovered: searchmiracle.com/links/?account=waveflow&domain=cb&cat=www.pornosphere.com/index.html?23 Object : C:\Documents and Settings\Administrator\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Online Casinos.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Casinos Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Sport Betting.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Sport+Betting Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Sportsbooks.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Sportsbooks Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Online Betting.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Online+Betting Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Blackjack.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Blackjack Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Baccarat.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Baccarat Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Online Gaming.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Gaming Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Poker.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Poker Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Bingo.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Bingo Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Horse Racing.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Horse Racing Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Slot Machines.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Slot Machines Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Betting.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Betting Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Roulette.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Roulette Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Adult.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Adult Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Escorts.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Escorts Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Online Dating.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Online+Dating Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Sex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Sex Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Penis Enlargement.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nis+Enlargement Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Teen Sex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Teen Sex Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Single Girls.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Single+Girls Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Lesbian Sex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Lesbian+Sex Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Hardcore Sex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Hardcore Sex Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Free Sex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Free Sex Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Sexual Enhancement.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Sexual Enhancement Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Xxx Video.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Video Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Xxx Movie.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Movie Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Breast Enlargement.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Breast Enlargement Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Debt Consolidation.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Debt Consolidation Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Credit.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Credit Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Credit Reports.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Credit+Reports Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Refinance.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Refinance Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Home Mortgages.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Home+Mortgages Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Loans.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Loans Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Asset Protection.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...sset+Protection Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Insurance.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Insurance Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Bad Credit.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Bad Credit Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Bankruptcy.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Bankruptcy Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Cash Advance.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Cash+Advance Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Debt Relief.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Debt+Relief Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Business.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Business Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Small business.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=small+business Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Work At Home.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=work+at+home Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Marketing.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Marketing Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : e commerce.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=e+commerce Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Advertising.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Advertising Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Project Management.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ject+Management Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Business opportunity.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ess+opportunity Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Human Resources.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...Human+Resources Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Weight loss.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Weight+loss Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Viagra.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=viagra Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Diet pills.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Diet+pills Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Phentermine.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Phentermine Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Adipex.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Adipex Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Prozac.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Prozac Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Xenical.url Category : Misc Comment : Problematic URL discovered: http://searchmiracle.com/
  8. Hello Robroy, Thank you,i've not been able to get to the the computer the last few days.Sadly i cannot seen any solutions for my problems yet or maybe i'm too new to this and don't know the right way to view the forum? well i hope someone will give me some help soon.Nice chatting with you and have a good day. Regards Hawkeye
  9. Logfile of HijackThis v1.98.2 Scan saved at 3:09:37 PM, on 11/2/2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINNT\system32\hidserv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINNT\Explorer.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINNT\loadqm.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Windows AdTools\WinRatchet.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE C:\Program Files\Windows AdTools\WinAdTools.exe C:\WINNT\system32\NOTEPAD.EXE C:\Documents and Settings\Administrator\Desktop\Temp for Z\HijackThis19802.exe F3 - REG:win.ini: run=C:\WINNT\System32\services\stat.exe N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref(".aim.session.autologin", false); user_pref(".aim.session.password", "0"); user_pref(".aim.session.storepassword", false); user_pref("Pauline.aim.session.autologin", false); user_pref("Pauline.aim.session.connectionname", "AIM"); user_pref("Pauline.aim.session.password", "0"); user_pref("Pauline.aim.session.storepassword", false); user_pref("aim.session.finishedwizard", true); user_pref("aim.session.firsttime", false); user_pref("aim.session.latestaimscreenname", "Pauline"); user_pref("aim.session.userconnectionname", "ICQ"); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pre O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll (file missing) O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKLM\..\Run: [sys29] C:\winnt\system32\winynl32.exe O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe I have also deleted 2 other items which i cannot restore, please help me.Thank you. Regards Hawkeye.
  10. Ad-Aware SE Build 1.05 Logfile Created on:Tuesday, November 02, 2004 1:39:46 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R16 28.10.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):42 total references Alexa(TAC index:5):1 total references BlazeFind(TAC index:5):5 total references BookedSpace(TAC index:10):19 total references CoolWebSearch(TAC index:10):40 total references Ebates MoneyMaker(TAC index:4):1 total references Elitum.ElitebarBHO(TAC index:5):85 total references istbar.dotcomToolbar(TAC index:5):4 total references Possible Browser Hijack attempt(TAC index:3):111 total references Powerscan(TAC index:5):2 total references Search Miracle(TAC index:5):1 total references Tracking Cookie(TAC index:3):3 total references Win32.Backdoor.Agobot(TAC index:8):1 total references WinAD(TAC index:7):1 total references WindUpdates(TAC index:8):4 total references VX2(TAC index:10):79 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-2-2004 1:39:46 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 152 ThreadCreationTime : 11-2-2004 4:41:35 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 176 ThreadCreationTime : 11-2-2004 4:41:38 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 172 ThreadCreationTime : 11-2-2004 4:41:40 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINNT\system32\ ProcessID : 224 ThreadCreationTime : 11-2-2004 4:41:41 AM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINNT\system32\ ProcessID : 236 ThreadCreationTime : 11-2-2004 4:41:41 AM BasePriority : Normal FileVersion : 5.00.2184.1 ProductVersion : 5.00.2184.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : LSA Executable and Server DLL (Export Version) InternalName : lsasrv.dll and lsass.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : lsasrv.dll and lsass.exe #:6 [svchost.exe] FilePath : C:\WINNT\system32\ ProcessID : 372 ThreadCreationTime : 11-2-2004 4:41:43 AM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINNT\System32\ ProcessID : 420 ThreadCreationTime : 11-2-2004 4:41:44 AM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:8 [spoolsv.exe] FilePath : C:\WINNT\system32\ ProcessID : 476 ThreadCreationTime : 11-2-2004 4:41:45 AM BasePriority : Normal FileVersion : 5.00.2161.1 ProductVersion : 5.00.2161.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolss.exe LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : spoolss.exe #:9 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 500 ThreadCreationTime : 11-2-2004 4:41:45 AM BasePriority : Normal FileVersion : 7,0,0,270 ProductVersion : 7.0.0.270 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:10 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 516 ThreadCreationTime : 11-2-2004 4:41:45 AM BasePriority : Normal FileVersion : 7,0,0,280 ProductVersion : 7.0.0.280 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:11 [hidserv.exe] FilePath : C:\WINNT\system32\ ProcessID : 544 ThreadCreationTime : 11-2-2004 4:41:46 AM BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : HID Audio Service InternalName : hidserv LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : HIDSERV.EXE #:12 [appservices.exe] FilePath : C:\PROGRA~1\Iomega\System32\ ProcessID : 560 ThreadCreationTime : 11-2-2004 4:41:46 AM BasePriority : Normal FileVersion : 2, 0, 2, 5 ProductVersion : 2, 0, 2, 5 ProductName : Iomega App Services CompanyName : Iomega Corporation FileDescription : AppServices InternalName : AppServices LegalCopyright : Copyright © 2000 OriginalFilename : AppService.exe Comments : Iomega App Services For Windows 2000/NT #:13 [regsvc.exe] FilePath : C:\WINNT\system32\ ProcessID : 592 ThreadCreationTime : 11-2-2004 4:41:47 AM BasePriority : Normal FileVersion : 5.00.2155.1 ProductVersion : 5.00.2155.1 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Remote Registry Service InternalName : regsvc LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : REGSVC.EXE #:14 [mstask.exe] FilePath : C:\WINNT\system32\ ProcessID : 608 ThreadCreationTime : 11-2-2004 4:41:47 AM BasePriority : Normal FileVersion : 4.71.2137.1 ProductVersion : 4.71.2137.1 ProductName : Microsoft® Windows® Task Scheduler CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler LegalCopyright : Copyright © Microsoft Corp. 1997 OriginalFilename : mstask.exe #:15 [winmgmt.exe] FilePath : C:\WINNT\System32\WBEM\ ProcessID : 668 ThreadCreationTime : 11-2-2004 4:41:48 AM BasePriority : Normal FileVersion : 1.50.1085.0001 ProductVersion : 1.50.1085.0001 ProductName : Windows Management Instrumentation CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT LegalCopyright : Copyright © Microsoft Corp. 1995-1999 #:16 [adservice.exe] FilePath : C:\Program Files\Iomega\AutoDisk\ ProcessID : 684 ThreadCreationTime : 11-2-2004 4:41:49 AM BasePriority : Normal FileVersion : 3, 2, 1, 5 ProductVersion : 3, 2, 1, 5 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk Service InternalName : ADService LegalCopyright : Copyright © 2002 OriginalFilename : ADService.exe #:17 [explorer.exe] FilePath : C:\WINNT\ ProcessID : 856 ThreadCreationTime : 11-2-2004 4:42:00 AM BasePriority : Normal FileVersion : 5.00.2920.0000 ProductVersion : 5.00.2920.0000 ProductName : Microsoft® Windows ® 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : EXPLORER.EXE #:18 [adusermon.exe] FilePath : C:\Program Files\Iomega\AutoDisk\ ProcessID : 1048 ThreadCreationTime : 11-2-2004 4:42:26 AM BasePriority : Normal FileVersion : 3, 2, 1, 5 ProductVersion : 3, 2, 1, 5 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk User Monitor InternalName : ADUserMon LegalCopyright : Copyright © 2002 OriginalFilename : ADUserMon.exe #:19 [imgicon.exe] FilePath : C:\Program Files\Iomega\DriveIcons\ ProcessID : 1056 ThreadCreationTime : 11-2-2004 4:42:26 AM BasePriority : Normal #:20 [loadqm.exe] FilePath : C:\WINNT\ ProcessID : 1084 ThreadCreationTime : 11-2-2004 4:42:27 AM BasePriority : Normal FileVersion : 5.4.1103.3 ProductVersion : 5.4.1103.3 ProductName : QMgr Loader CompanyName : Microsoft Corporation FileDescription : Microsoft QMgr InternalName : LOADQM.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-1999 OriginalFilename : LOADQM.EXE #:21 [winampa.exe] FilePath : C:\Program Files\Winamp\ ProcessID : 1124 ThreadCreationTime : 11-2-2004 4:42:29 AM BasePriority : Normal #:22 [winadtools.exe] FilePath : C:\Program Files\Windows AdTools\ ProcessID : 1092 ThreadCreationTime : 11-2-2004 4:42:30 AM BasePriority : Normal WindUpdates Object Recognized! Type : Process Data : WinAdTools.exe Category : Data Miner Comment : full-search IE hijacker Object : C:\Program Files\Windows AdTools\ Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdTools\WinAdTools.exe) Warning! "C:\Program Files\Windows AdTools\WinAdTools.exe"Process could not be terminated! Warning! "C:\Program Files\Windows AdTools\WinAdTools.exe"Process could not be terminated! #:23 [winratchet.exe] FilePath : C:\Program Files\Windows AdTools\ ProcessID : 1160 ThreadCreationTime : 11-2-2004 4:42:31 AM BasePriority : Normal #:24 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1176 ThreadCreationTime : 11-2-2004 4:42:31 AM BasePriority : Normal FileVersion : 7,0,0,260 ProductVersion : 7.0.0.260 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:25 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVG7\ ProcessID : 1184 ThreadCreationTime : 11-2-2004 4:42:32 AM BasePriority : Normal FileVersion : 7,0,0,279 ProductVersion : 7.0.0.279 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2004, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:26 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1212 ThreadCreationTime : 11-2-2004 4:42:34 AM BasePriority : Normal FileVersion : 6.2.0137 ProductVersion : Version 6.2 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:27 [netscp.exe] FilePath : C:\Program Files\Netscape\Netscape\ ProcessID : 1116 ThreadCreationTime : 11-2-2004 5:03:04 AM BasePriority : Normal #:28 [ad-aware.exe] FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\ ProcessID : 1244 ThreadCreationTime : 11-2-2004 5:39:07 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:29 [hh.exe] FilePath : C:\WINNT\ ProcessID : 1304 ThreadCreationTime : 11-2-2004 5:39:07 AM BasePriority : Normal FileVersion : 4.74.8702 ProductVersion : 4.74.8702 ProductName : HTML Help CompanyName : Microsoft Corporation FileDescription : Microsoft® HTML Help Executable InternalName : HH 1.3 LegalCopyright : Copyright © Microsoft Corp. OriginalFilename : HH.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{00a322e2-7d50-4dba-bea4-5c8078d47269} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{18e6c36a-c45f-4b60-a1a4-5c0bb16d4cc2} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{18e6c36a-c45f-4b60-a1a4-5c0bb16d4cc2} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wer1306.wer1306 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wer1306.wer1306 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wer1306.wer1306.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wer1306.wer1306.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo.1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo.1 Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} Value : Elitum.ElitebarBHO Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def} Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def} Value : Elitum.ElitebarBHO Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : UninstallString Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : DisplayName Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar Value : DisplayIcon Elitum.ElitebarBHO Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : AccountNumber Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : CountryCode Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : axparam Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : uninstalled Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : _show Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : FirstTimeStarted Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : SearchIndex Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : AutoComplete Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : ac1 Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : adult.tbr Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : default.tbr Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : search.mnu Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : version Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : path Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : UpdateDate Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : searchkeys Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : errorreport Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : excluded Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : keywords Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : city Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : state Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : country Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : Activated Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\backup\elitetoolbar Value : guid Elitum.ElitebarBHO Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : AccountNumber Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : CountryCode Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : axparam Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : uninstalled Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : _show Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : FirstTimeStarted Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : SearchIndex Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : AutoComplete Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : ac1 Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : adult.tbr Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : default.tbr Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : search.mnu Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : version Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : path Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : UpdateDate Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : searchkeys Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : errorreport Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : excluded Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : keywords Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : city Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : state Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : country Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : Activated Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\elitum\elitetoolbar Value : guid istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer.2 istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer.2 Value : istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : istactivex.installer Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : localnrddll.localnrddllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : localnrddll.localnrddllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad} Value : 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "partner_id" Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : partner_id Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\main Value : HOMEOldSP Ebates MoneyMaker Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "AC" Rootkey : HKEY_USERS Object : S-1-5-21-1214440339-1677128483-839522115-500\software\lq Value : AC Elitum.ElitebarBHO Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}" Rootkey : HKEY_USERS Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\toolbar\webbrowser Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF} Powerscan Object Recognized! Type : RegValue Data : Category : Malware Comment : "LoadNum" Rootkey : HKEY_LOCAL_MACHINE Object : software\powerscan Value : LoadNum Win32.Backdoor.Agobot Object Recognized! Type : RegValue Data : Category : Malware Comment : "sys29" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : sys29 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 89 Objects found so far: 90 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Page\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "file://C:\WINNT\TEMP\sp.html" Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "file://C:\WINNT\TEMP\sp.html" Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchSearchAssistant\temp\sp.html Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "file://C:\WINNT\TEMP\sp.html" Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "file://C:\WINNT\TEMP\sp.html" CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : C:\WINNT\System32\wer1306.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{CF021F40-3E14-23A5-CBA2-717765721306} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : C:\WINNT\System32\wer1306.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{CF021F40-3E14-23A5-CBA2-717765721306} Value : CoolWebSearch Object Recognized! Type : File Data : wer1306.dll Category : Malware Comment : Object : c:\winnt\system32\ CoolWebSearch Object Recognized! Type : Regkey Data : C:\WINNT\System32\wer1306.dll Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TYPELIB\{CF021F32-3E14-23A5-CBA2-717765721306} Trusted zone presumably compromised : blazefind.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Value : * Trusted zone presumably compromised : flingstone.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Value : * Trusted zone presumably compromised : searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Value : * Trusted zone presumably compromised : searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Value : * Trusted zone presumably compromised : slotch.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Value : * Trusted zone presumably compromised : xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Value : * Trusted zone presumably compromised : blazefind.com Trusted zone presumably compromised : clickspring.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Value : * Trusted zone presumably compromised : flingstone.com Trusted zone presumably compromised : mt-download.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Value : * Trusted zone presumably compromised : my-internet.info Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Value : * Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchmiracle.com Trusted zone presumably compromised : slotch.com Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 24 Objects found so far: 115 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/HTM/461/0 Expires : 7-16-2005 3:36:48 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt Category : Data Miner Comment : Hits:17 Value : Cookie:[email protected]/ Expires : 7-26-2004 1:38:44 PM LastSync : Hits:17 UseCount : 0 Hits : 17 Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][3].txt Category : Data Miner Comment : Hits:2 Value : Cookie:[email protected]/HTM/461/0 Expires : 7-16-2005 3:37:02 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 118 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinAD Object Recognized! Type : File Data : ide21201.vxd Category : Malware Comment : Object : C:\WINNT\system32\ VX2 Object Recognized! Type : File Data : twaintec.ini Category : Malware Comment : Object : C:\WINNT\ VX2 Object Recognized! Type : File Data : multimpp.dll Category : Malware Comment : Object : C:\WINNT\ FileVersion : 0, 5, 4, 35 ProductVersion : 0, 5, 4, 35 ProductName : multimpp CompanyName : Multimpp FileDescription : www.multimpp.com InternalName : multimpp LegalCopyright : Copyright © 2003 OriginalFilename : multimpp.dll Comments : www.multimpp.com BlazeFind Object Recognized! Type : File Data : Key2.txt Category : Malware Comment : Object : C:\WINNT\ 180Solutions Object Recognized! Type : File Data : msbbhook.dll Category : Data Miner Comment : Object : C:\WINNT\ VX2 Object Recognized! Type : File Data : localNRD.dll Category : Malware Comment : Object : C:\WINNT\ FileVersion : 0, 4, 4, 30 ProductVersion : 0, 4, 4, 30 ProductName : localnrd CompanyName : LocalNRD FileDescription : www.localnrd.com InternalName : localnrd LegalCopyright : Copyright © 2004 OriginalFilename : localnrd.dll Comments : www.localnrd.com 180Solutions Object Recognized! Type : File Data : msbb.exe_tobedeleted Category : Data Miner Comment : Object : C:\WINNT\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. Elitum.ElitebarBHO Object Recognized! Type : File Data : preInsln.exe Category : Data Miner Comment : Object : C:\WINNT\ VX2 Object Recognized! Type : File Data : preInMPP.exe Category : Malware Comment : Object : C:\WINNT\ Search Miracle Object Recognized! Type : File Data : silent_install[1].exe Category : Malware Comment : Object : C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\I3M7YXEN\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Object "mxTarget.dll" found in this archive. VX2 Object Recognized! Type : File Data