Sign In »
Register Now!
Help
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, November 02, 2004 1:39:46 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R16 28.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):42 total references
Alexa(TAC index:5):1 total references
BlazeFind(TAC index:5):5 total references
BookedSpace(TAC index:10):19 total references
CoolWebSearch(TAC index:10):40 total references
Ebates MoneyMaker(TAC index:4):1 total references
Elitum.ElitebarBHO(TAC index:5):85 total references
istbar.dotcomToolbar(TAC index:5):4 total references
Possible Browser Hijack attempt(TAC index:3):111 total references
Powerscan(TAC index:5):2 total references
Search Miracle(TAC index:5):1 total references
Tracking Cookie(TAC index:3):3 total references
Win32.Backdoor.Agobot(TAC index:8):1 total references
WinAD(TAC index:7):1 total references
WindUpdates(TAC index:8):4 total references
VX2(TAC index:10):79 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11-2-2004 1:39:46 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 11-2-2004 4:41:35 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 176
ThreadCreationTime : 11-2-2004 4:41:38 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 11-2-2004 4:41:40 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 11-2-2004 4:41:41 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 11-2-2004 4:41:41 AM
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 372
ThreadCreationTime : 11-2-2004 4:41:43 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 420
ThreadCreationTime : 11-2-2004 4:41:44 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 476
ThreadCreationTime : 11-2-2004 4:41:45 AM
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:9 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 500
ThreadCreationTime : 11-2-2004 4:41:45 AM
BasePriority : Normal
FileVersion : 7,0,0,270
ProductVersion : 7.0.0.270
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:10 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 516
ThreadCreationTime : 11-2-2004 4:41:45 AM
BasePriority : Normal
FileVersion : 7,0,0,280
ProductVersion : 7.0.0.280
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:11 [hidserv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 544
ThreadCreationTime : 11-2-2004 4:41:46 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : HIDSERV.EXE
#:12 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 560
ThreadCreationTime : 11-2-2004 4:41:46 AM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT
#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 592
ThreadCreationTime : 11-2-2004 4:41:47 AM
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 608
ThreadCreationTime : 11-2-2004 4:41:47 AM
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 668
ThreadCreationTime : 11-2-2004 4:41:48 AM
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:16 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 684
ThreadCreationTime : 11-2-2004 4:41:49 AM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:17 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 856
ThreadCreationTime : 11-2-2004 4:42:00 AM
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:18 [adusermon.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 1048
ThreadCreationTime : 11-2-2004 4:42:26 AM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe
#:19 [imgicon.exe]
FilePath : C:\Program Files\Iomega\DriveIcons\
ProcessID : 1056
ThreadCreationTime : 11-2-2004 4:42:26 AM
BasePriority : Normal
#:20 [loadqm.exe]
FilePath : C:\WINNT\
ProcessID : 1084
ThreadCreationTime : 11-2-2004 4:42:27 AM
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:21 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1124
ThreadCreationTime : 11-2-2004 4:42:29 AM
BasePriority : Normal
#:22 [winadtools.exe]
FilePath : C:\Program Files\Windows AdTools\
ProcessID : 1092
ThreadCreationTime : 11-2-2004 4:42:30 AM
BasePriority : Normal
WindUpdates Object Recognized!
Type : Process
Data : WinAdTools.exe
Category : Data Miner
Comment : full-search IE hijacker
Object : C:\Program Files\Windows AdTools\
Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdTools\WinAdTools.exe)
Warning! "C:\Program Files\Windows AdTools\WinAdTools.exe"Process could not be terminated!
Warning! "C:\Program Files\Windows AdTools\WinAdTools.exe"Process could not be terminated!
#:23 [winratchet.exe]
FilePath : C:\Program Files\Windows AdTools\
ProcessID : 1160
ThreadCreationTime : 11-2-2004 4:42:31 AM
BasePriority : Normal
#:24 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1176
ThreadCreationTime : 11-2-2004 4:42:31 AM
BasePriority : Normal
FileVersion : 7,0,0,260
ProductVersion : 7.0.0.260
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:25 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 1184
ThreadCreationTime : 11-2-2004 4:42:32 AM
BasePriority : Normal
FileVersion : 7,0,0,279
ProductVersion : 7.0.0.279
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1212
ThreadCreationTime : 11-2-2004 4:42:34 AM
BasePriority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:27 [netscp.exe]
FilePath : C:\Program Files\Netscape\Netscape\
ProcessID : 1116
ThreadCreationTime : 11-2-2004 5:03:04 AM
BasePriority : Normal
#:28 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ProcessID : 1244
ThreadCreationTime : 11-2-2004 5:39:07 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:29 [hh.exe]
FilePath : C:\WINNT\
ProcessID : 1304
ThreadCreationTime : 11-2-2004 5:39:07 AM
BasePriority : Normal
FileVersion : 4.74.8702
ProductVersion : 4.74.8702
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.3
LegalCopyright : Copyright © Microsoft Corp.
OriginalFilename : HH.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{00a322e2-7d50-4dba-bea4-5c8078d47269}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{18e6c36a-c45f-4b60-a1a4-5c0bb16d4cc2}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{18e6c36a-c45f-4b60-a1a4-5c0bb16d4cc2}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wer1306.wer1306
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wer1306.wer1306
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wer1306.wer1306.1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wer1306.wer1306.1
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo.1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo.1
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}
Value :
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Value :
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : UninstallString
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayName
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayIcon
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : AccountNumber
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : CountryCode
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : axparam
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : uninstalled
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : _show
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : FirstTimeStarted
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : SearchIndex
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : AutoComplete
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : ac1
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : adult.tbr
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : default.tbr
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : search.mnu
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : version
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : path
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : UpdateDate
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : searchkeys
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : errorreport
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : excluded
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : keywords
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : city
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : state
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : country
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : Activated
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\backup\elitetoolbar
Value : guid
Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AccountNumber
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : CountryCode
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : axparam
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : uninstalled
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : _show
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : FirstTimeStarted
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : SearchIndex
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AutoComplete
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : ac1
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : adult.tbr
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : default.tbr
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : search.mnu
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : version
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : path
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : UpdateDate
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : searchkeys
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : errorreport
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : excluded
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : keywords
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : city
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : state
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : country
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : Activated
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : guid
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2
Value :
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
Value :
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}
Value :
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\main
Value : HOMEOldSP
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-1677128483-839522115-500\software\lq
Value : AC
Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}
Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum
Win32.Backdoor.Agobot Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sys29"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sys29
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 89
Objects found so far: 90
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Page\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchSearchAssistant\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINNT\TEMP\sp.html"
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINNT\System32\wer1306.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{CF021F40-3E14-23A5-CBA2-717765721306}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : C:\WINNT\System32\wer1306.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{CF021F40-3E14-23A5-CBA2-717765721306}
Value :
CoolWebSearch Object Recognized!
Type : File
Data : wer1306.dll
Category : Malware
Comment :
Object : c:\winnt\system32\
CoolWebSearch Object Recognized!
Type : Regkey
Data : C:\WINNT\System32\wer1306.dll
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{CF021F32-3E14-23A5-CBA2-717765721306}
Trusted zone presumably compromised : blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Value : *
Trusted zone presumably compromised : flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Value : *
Trusted zone presumably compromised : xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Value : *
Trusted zone presumably compromised : blazefind.com
Trusted zone presumably compromised : clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : slotch.com
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 115
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@jdownloadacc.cjt1.net/HTM/461/0
Expires : 7-16-2005 3:36:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@promo.match[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:administrator@promo.match.com/
Expires : 7-26-2004 1:38:44 PM
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@j.2004cms.com/HTM/461/0
Expires : 7-16-2005 3:37:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 118
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINNT\system32\
VX2 Object Recognized!
Type : File
Data : twaintec.ini
Category : Malware
Comment :
Object : C:\WINNT\
VX2 Object Recognized!
Type : File
Data : multimpp.dll
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
ProductName : multimpp
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
LegalCopyright : Copyright © 2003
OriginalFilename : multimpp.dll
Comments : www.multimpp.com
BlazeFind Object Recognized!
Type : File
Data : Key2.txt
Category : Malware
Comment :
Object : C:\WINNT\
180Solutions Object Recognized!
Type : File
Data : msbbhook.dll
Category : Data Miner
Comment :
Object : C:\WINNT\
VX2 Object Recognized!
Type : File
Data : localNRD.dll
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 0, 4, 4, 30
ProductVersion : 0, 4, 4, 30
ProductName : localnrd
CompanyName : LocalNRD
FileDescription : www.localnrd.com
InternalName : localnrd
LegalCopyright : Copyright © 2004
OriginalFilename : localnrd.dll
Comments : www.localnrd.com
180Solutions Object Recognized!
Type : File
Data : msbb.exe_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINNT\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Elitum.ElitebarBHO Object Recognized!
Type : File
Data : preInsln.exe
Category : Data Miner
Comment :
Object : C:\WINNT\
VX2 Object Recognized!
Type : File
Data : preInMPP.exe
Category : Malware
Comment :
Object : C:\WINNT\
Search Miracle Object Recognized!
Type : File
Data : silent_install[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\I3M7YXEN\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Object "mxTarget.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data
Recommended Software
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
"stat Exec Missing" Log From Hijackthis
#2
hawkeye 
- Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 04
Posted 02 November 2004 - 02:13 AM
Logfile of HijackThis v1.98.2
Scan saved at 3:09:37 PM, on 11/2/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\Temp for Z\HijackThis19802.exe
F3 - REG:win.ini: run=C:\WINNT\System32\services\stat.exe
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/
user_pref(".aim.session.autologin", false);
user_pref(".aim.session.password", "0");
user_pref(".aim.session.storepassword", false);
user_pref("Pauline.aim.session.autologin", false);
user_pref("Pauline.aim.session.connectionname", "AIM");
user_pref("Pauline.aim.session.password", "0");
user_pref("Pauline.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "Pauline");
user_pref("aim.session.userconnectionname", "ICQ");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pre
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll (file missing)
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Sys29] C:\winnt\system32\winynl32.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
I have also deleted 2 other items which i cannot restore, please help me.Thank you.
Regards
Hawkeye.
Scan saved at 3:09:37 PM, on 11/2/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\loadqm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\Temp for Z\HijackThis19802.exe
F3 - REG:win.ini: run=C:\WINNT\System32\services\stat.exe
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/
user_pref(".aim.session.autologin", false);
user_pref(".aim.session.password", "0");
user_pref(".aim.session.storepassword", false);
user_pref("Pauline.aim.session.autologin", false);
user_pref("Pauline.aim.session.connectionname", "AIM");
user_pref("Pauline.aim.session.password", "0");
user_pref("Pauline.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "Pauline");
user_pref("aim.session.userconnectionname", "ICQ");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pre
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINNT\System32\services\2.01.00.dll (file missing)
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Sys29] C:\winnt\system32\winynl32.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
I have also deleted 2 other items which i cannot restore, please help me.Thank you.
Regards
Hawkeye.
#4
hawkeye
- Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 04
Posted 11 November 2004 - 09:01 AM
Hello Robroy,
Thank you,i've not been able to get to the the computer the last few days.Sadly i cannot seen any solutions for my problems yet or maybe i'm too new to this and don't know the right way to view the forum? well i hope someone will give me some help soon.Nice chatting with you and have a good day.
Regards
Hawkeye
Thank you,i've not been able to get to the the computer the last few days.Sadly i cannot seen any solutions for my problems yet or maybe i'm too new to this and don't know the right way to view the forum? well i hope someone will give me some help soon.Nice chatting with you and have a good day.
Regards
Hawkeye
#6
Besttechie
- Mr. President
-
- Group: Admin
- Posts: 2903
- Joined: 23-August 04
- Location:New York
- Operating System:Mac OSX, Windows 7, Windows Vista, Windows XP, Ubuntu, Debian
Posted 11 November 2004 - 10:26 AM
Hi,
First off, you don't have HJT in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.
Then open the task manager (Ctrl + Alt + Del)
Stop these two processes.
WinRatchet.exe
WinAdTools.exe
Then in close all explorer windows except HijackThis. Then have HijackThis fix these entries.
F3 - REG:win.ini: run=C:\WINNT\System32\services\stat.exe
........
O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Sys29] C:\winnt\system32\winynl32.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
.......
Then boot into Safe Mode and delete the following files and folders.
Once in Safe Mode make sure you show all hidden files and folders.
How to unhide hidden files and folders
C:\WINNT\System32\twink64.exe
Delete the twink64.exe file.
C:\Program Files\Windows AdTools\WinAdTools.exe
Delete the Windows AdTools folder.
C:\winnt\system32\winynl32.exe
Delete the winynl32.exe file.
C:\WINNT\System32\services\stat.exe
Delete the stat.exe file.
Then once your done reboot and run:
Housecall Virus Scan
Select the auto clean option. After that's done post a new HijackThis logfile, and we will check to make sure you are clean.
B
First off, you don't have HJT in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.
Then open the task manager (Ctrl + Alt + Del)
Stop these two processes.
WinRatchet.exe
WinAdTools.exe
Then in close all explorer windows except HijackThis. Then have HijackThis fix these entries.
F3 - REG:win.ini: run=C:\WINNT\System32\services\stat.exe
........
O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Sys29] C:\winnt\system32\winynl32.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINNT\System32\services\stat.exe
.......
Then boot into Safe Mode and delete the following files and folders.
Once in Safe Mode make sure you show all hidden files and folders.
How to unhide hidden files and folders
C:\WINNT\System32\twink64.exe
Delete the twink64.exe file.
C:\Program Files\Windows AdTools\WinAdTools.exe
Delete the Windows AdTools folder.
C:\winnt\system32\winynl32.exe
Delete the winynl32.exe file.
C:\WINNT\System32\services\stat.exe
Delete the stat.exe file.
Then once your done reboot and run:
Housecall Virus Scan
Select the auto clean option. After that's done post a new HijackThis logfile, and we will check to make sure you are clean.
B
#7
hawkeye
- Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 04
Posted 11 November 2004 - 11:53 AM
Hello BestTechie,
Thank you so much for all the info, sorry to tell you that i'm really an idiot when it comes to stuff like this so it will take some time for me to understand your whole explanation. I will try my best to do exactly as told and hope you can guide me again when anymore problems come up.Before i read your post i did a scan with Ad Aware and have saved the log, please take a look at it and see if there are any problems i'm having.Its posted right below. Thank you very much again for all the help and time taken,have a wonderful day.
Regards
Hawkeye
Ad-Aware SE Build 1.05
Logfile Created on:Friday, November 12, 2004 12:28:04 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R16 28.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):35 total references
Alexa(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
MRU List(TAC index:0):20 total references
Possible Browser Hijack attempt(TAC index:3):111 total references
TopMoxie(TAC index:3):1 total references
Tracking Cookie(TAC index:3):3 total references
Win32.Backdoor.Agobot(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11/12/2004 12:28:04 AM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 11/11/2004 4:25:37 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 176
ThreadCreationTime : 11/11/2004 4:25:48 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 11/11/2004 4:25:50 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 11/11/2004 4:25:51 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 11/11/2004 4:25:51 PM
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 372
ThreadCreationTime : 11/11/2004 4:25:53 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 420
ThreadCreationTime : 11/11/2004 4:25:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 468
ThreadCreationTime : 11/11/2004 4:25:54 PM
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:9 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 500
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 7,0,0,270
ProductVersion : 7.0.0.270
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:10 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 516
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 7,0,0,280
ProductVersion : 7.0.0.280
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:11 [hidserv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 544
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : HIDSERV.EXE
#:12 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 556
ThreadCreationTime : 11/11/2004 4:25:56 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT
#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 596
ThreadCreationTime : 11/11/2004 4:25:56 PM
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 616
ThreadCreationTime : 11/11/2004 4:25:57 PM
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 672
ThreadCreationTime : 11/11/2004 4:25:58 PM
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:16 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 688
ThreadCreationTime : 11/11/2004 4:25:59 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:17 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 892
ThreadCreationTime : 11/11/2004 4:26:11 PM
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 868
ThreadCreationTime : 11/11/2004 4:26:18 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "WebRebates0"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WebRebates0
Win32.Backdoor.Agobot Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sys29"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sys29
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Page\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchSearchAssistant\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINNT\TEMP\sp.html"
Trusted zone presumably compromised : blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Value : *
Trusted zone presumably compromised : flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Value : *
Trusted zone presumably compromised : xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Value : *
Trusted zone presumably compromised : blazefind.com
Trusted zone presumably compromised : clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : slotch.com
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 26
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@jdownloadacc.cjt1.net/HTM/461/0
Expires : 7/16/2005 3:36:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@promo.match[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:administrator@promo.match.com/
Expires : 7/26/2004 1:38:44 PM
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@j.2004cms.com/HTM/461/0
Expires : 7/16/2005 3:37:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 29
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : File
Data : msbbhook.dll
Category : Data Miner
Comment :
Object : C:\WINNT\
180Solutions Object Recognized!
Type : File
Data : msbb.exe_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINNT\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Disk Scan Result for C:\WINNT\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\FLEOK\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : ncmyb.dll
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\
180Solutions Object Recognized!
Type : File
Data : msbb.exe_tobedeleted
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : 11
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\
180Solutions Object Recognized!
Type : File
Data : 12
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Elitum.ElitebarBHO Object Recognized!
Type : File
Data : 1289263.dll
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileVersion : 1, 0, 0, 53
ProductVersion : 1, 0, 0, 53
ProductName : EliteToolBar Dynamic Link Library
FileDescription : EliteToolBar DLL
InternalName : EliteToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : EliteToolBar.DLL
Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
54 entries scanned.
New critical objects:0
Objects found so far: 37
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Pornosphere.url
Category : Misc
Comment : Problematic URL discovered: searchmiracle.com/links/?account=waveflow&domain=cb&cat=www.pornosphere.com/index.html?23
Object : C:\Documents and Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Casinos.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Casinos
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sport Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Sport+Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sportsbooks.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Sportsbooks
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Online+Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Blackjack.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Blackjack
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Baccarat.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Baccarat
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Gaming.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Gaming
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Poker.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Poker
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bingo.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Bingo
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Horse Racing.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Horse Racing
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Slot Machines.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Slot Machines
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Roulette.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Roulette
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adult.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Adult
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Escorts.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Escorts
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Dating.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Online+Dating
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Penis Enlargement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nis+Enlargement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Teen Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Teen Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Single Girls.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Single+Girls
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Lesbian Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Lesbian+Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Hardcore Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Hardcore Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Free Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Free Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sexual Enhancement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Sexual Enhancement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xxx Video.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Video
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xxx Movie.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Movie
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Breast Enlargement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Breast Enlargement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Debt Consolidation.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Debt Consolidation
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Credit.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Credit
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Credit Reports.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Credit+Reports
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Refinance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Refinance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Mortgages.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Home+Mortgages
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Loans.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Loans
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Asset Protection.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...sset+Protection
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Insurance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bad Credit.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Bad Credit
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bankruptcy.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Bankruptcy
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cash Advance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Cash+Advance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Debt Relief.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Debt+Relief
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Business.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Business
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Small business.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=small+business
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Work At Home.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=work+at+home
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Marketing.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Marketing
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : e commerce.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=e+commerce
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Advertising.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Advertising
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Project Management.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ject+Management
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Business opportunity.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ess+opportunity
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Human Resources.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...Human+Resources
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Weight loss.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Weight+loss
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Viagra.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=viagra
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Diet pills.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Diet+pills
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Phentermine.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Phentermine
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adipex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Adipex
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Prozac.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Prozac
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xenical.url
Category : Misc
Comment : Problematic URL discovered:
Back to top
Reply
Thank you so much for all the info, sorry to tell you that i'm really an idiot when it comes to stuff like this so it will take some time for me to understand your whole explanation. I will try my best to do exactly as told and hope you can guide me again when anymore problems come up.Before i read your post i did a scan with Ad Aware and have saved the log, please take a look at it and see if there are any problems i'm having.Its posted right below. Thank you very much again for all the help and time taken,have a wonderful day.
Regards
Hawkeye
Ad-Aware SE Build 1.05
Logfile Created on:Friday, November 12, 2004 12:28:04 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R16 28.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):35 total references
Alexa(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
MRU List(TAC index:0):20 total references
Possible Browser Hijack attempt(TAC index:3):111 total references
TopMoxie(TAC index:3):1 total references
Tracking Cookie(TAC index:3):3 total references
Win32.Backdoor.Agobot(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
11/12/2004 12:28:04 AM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 11/11/2004 4:25:37 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 176
ThreadCreationTime : 11/11/2004 4:25:48 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 11/11/2004 4:25:50 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 11/11/2004 4:25:51 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 11/11/2004 4:25:51 PM
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 372
ThreadCreationTime : 11/11/2004 4:25:53 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 420
ThreadCreationTime : 11/11/2004 4:25:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 468
ThreadCreationTime : 11/11/2004 4:25:54 PM
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:9 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 500
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 7,0,0,270
ProductVersion : 7.0.0.270
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:10 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 516
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 7,0,0,280
ProductVersion : 7.0.0.280
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:11 [hidserv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 544
ThreadCreationTime : 11/11/2004 4:25:55 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : HIDSERV.EXE
#:12 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 556
ThreadCreationTime : 11/11/2004 4:25:56 PM
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT
#:13 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 596
ThreadCreationTime : 11/11/2004 4:25:56 PM
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:14 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 616
ThreadCreationTime : 11/11/2004 4:25:57 PM
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:15 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 672
ThreadCreationTime : 11/11/2004 4:25:58 PM
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:16 [adservice.exe]
FilePath : C:\Program Files\Iomega\AutoDisk\
ProcessID : 688
ThreadCreationTime : 11/11/2004 4:25:59 PM
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:17 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 892
ThreadCreationTime : 11/11/2004 4:26:11 PM
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 868
ThreadCreationTime : 11/11/2004 4:26:18 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-1677128483-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "WebRebates0"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WebRebates0
Win32.Backdoor.Agobot Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sys29"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sys29
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Page\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINNT\TEMP\sp.html"
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\SearchSearchAssistant\temp\sp.html
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "file://C:\WINNT\TEMP\sp.html"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINNT\TEMP\sp.html"
Trusted zone presumably compromised : blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com
Value : *
Trusted zone presumably compromised : flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
Value : *
Trusted zone presumably compromised : searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com
Value : *
Trusted zone presumably compromised : searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmiracle.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
Value : *
Trusted zone presumably compromised : slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com
Value : *
Trusted zone presumably compromised : xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
Value : *
Trusted zone presumably compromised : blazefind.com
Trusted zone presumably compromised : clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : clickspring.net
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net
Value : *
Trusted zone presumably compromised : flingstone.com
Trusted zone presumably compromised : mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : mt-download.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com
Value : *
Trusted zone presumably compromised : my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : my-internet.info
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info
Value : *
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : searchmiracle.com
Trusted zone presumably compromised : slotch.com
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 26
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@jdownloadacc.cjt1.net/HTM/461/0
Expires : 7/16/2005 3:36:48 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@promo.match[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:administrator@promo.match.com/
Expires : 7/26/2004 1:38:44 PM
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@0[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:administrator@j.2004cms.com/HTM/461/0
Expires : 7/16/2005 3:37:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 29
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions Object Recognized!
Type : File
Data : msbbhook.dll
Category : Data Miner
Comment :
Object : C:\WINNT\
180Solutions Object Recognized!
Type : File
Data : msbb.exe_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINNT\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Disk Scan Result for C:\WINNT\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\FLEOK\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : ncmyb.dll
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\
180Solutions Object Recognized!
Type : File
Data : msbb.exe_tobedeleted
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\5\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
180Solutions Object Recognized!
Type : File
Data : 11
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\
180Solutions Object Recognized!
Type : File
Data : 12
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\XoftSpyBackup\
FileVersion : 5, 9, 0, 7
ProductVersion : 5, 9, 0, 7
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Elitum.ElitebarBHO Object Recognized!
Type : File
Data : 1289263.dll
Category : Data Miner
Comment :
Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileVersion : 1, 0, 0, 53
ProductVersion : 1, 0, 0, 53
ProductName : EliteToolBar Dynamic Link Library
FileDescription : EliteToolBar DLL
InternalName : EliteToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : EliteToolBar.DLL
Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
54 entries scanned.
New critical objects:0
Objects found so far: 37
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Pornosphere.url
Category : Misc
Comment : Problematic URL discovered: searchmiracle.com/links/?account=waveflow&domain=cb&cat=www.pornosphere.com/index.html?23
Object : C:\Documents and Settings\Administrator\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Casinos.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Casinos
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sport Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Sport+Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sportsbooks.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Sportsbooks
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Online+Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Blackjack.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Blackjack
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Baccarat.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Baccarat
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Gaming.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Online Gaming
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Poker.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Poker
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bingo.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Bingo
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Horse Racing.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Horse Racing
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Slot Machines.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Slot Machines
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Betting.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Betting
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Roulette.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Roulette
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adult.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Adult
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Escorts.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...edia&qq=Escorts
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Dating.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...q=Online+Dating
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Penis Enlargement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nis+Enlargement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Teen Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Teen Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Single Girls.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Single+Girls
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Lesbian Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Lesbian+Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Hardcore Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Hardcore Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Free Sex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Free Sex
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Sexual Enhancement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Sexual Enhancement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xxx Video.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Video
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xxx Movie.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Xxx Movie
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Breast Enlargement.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Breast Enlargement
Object : C:\Documents and Settings\Administrator\Favorites\Casino & Adult\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Debt Consolidation.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...nemedia&qq=Debt Consolidation
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Credit.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Credit
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Credit Reports.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Credit+Reports
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Refinance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Refinance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Home Mortgages.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=Home+Mortgages
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Loans.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...emedia&qq=Loans
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Asset Protection.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...sset+Protection
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Insurance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Insurance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bad Credit.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...anemedia&qq=Bad Credit
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Bankruptcy.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Bankruptcy
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cash Advance.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=Cash+Advance
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Debt Relief.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Debt+Relief
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Business.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...dia&qq=Business
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Small business.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...=small+business
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Work At Home.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...qq=work+at+home
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Marketing.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ia&qq=Marketing
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : e commerce.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=e+commerce
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Advertising.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Advertising
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Project Management.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ject+Management
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Business opportunity.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...ess+opportunity
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Human Resources.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...Human+Resources
Object : C:\Documents and Settings\Administrator\Favorites\Finances & Business\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Weight loss.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Weight+loss
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Viagra.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=viagra
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Diet pills.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...a&qq=Diet+pills
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Phentermine.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...&qq=Phentermine
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Adipex.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Adipex
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Prozac.url
Category : Misc
Comment : Problematic URL discovered: http://searchmiracle.com/search/search.php...media&qq=Prozac
Object : C:\Documents and Settings\Administrator\Favorites\Health & Insurance\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Xenical.url
Category : Misc
Comment : Problematic URL discovered:
Back to top Reply
#9
Dragon
- The Spyware Killing Dragon
-
- Group: Trusted Helpers
- Posts: 974
- Joined: 28-September 04
- Location:Iowa USA
- Operating System:Windows Vista Home Premium & Ubuntu--Vanilla Kernel
Posted 12 November 2004 - 11:10 AM
please don't start two seperate topics on the same issue I am merging this topic and the other one that you started together.
Thanks.
Thanks.
#10
hawkeye
- Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 04
Posted 12 November 2004 - 02:40 PM
Efwis, on Nov 12 2004, 04:10 PM, said:
please don't start two seperate topics on the same issue I am merging this topic and the other one that you started together.
Thanks.
Thanks.
Hello Efwis,
Forgive me for merging the 2 topics together. Thank you for taking the time to look into the matter. Hope to hear from you real soon.Have a nice day.
Regards
Hawkeye
Page 1 of 1
- You cannot start a new topic
-
This topic is locked