Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URL Logic


  • This topic is locked This topic is locked

#1
twjackson

twjackson

    New Member

  • Member
  • Pip
  • 2 posts
Thanks in advance for your help. I have to wonder if there is not an additional way to combat these clowns economically. Similar to economic sanctions by the UN. Thoughts?

Anyway, here's my log file.

tj

Logfile of HijackThis v1.99.1
Scan saved at 8:55:10 AM, on 2/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\vriykk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJB.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJB.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUMENTS AND SETTINGS\ABERTOMBIE\DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alexa.com/?p=home
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://google.com"); (C:\Documents and Settings\Abertombie\Application Data\Mozilla\Profiles\default\ca1psk56.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Abertombie\Application Data\Mozilla\Profiles\default\ca1psk56.slt\prefs.js)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [odeqsvmefx] C:\WINDOWS\System32\pzeuumk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...1613117fb4ea0f9
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instants...erxsigned42.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.bearvalle...sCamControl.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webe...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B8EDBE-1D04-4E63-B6AE-300F17715752}: NameServer = 206.13.28.12 206.13.29.12
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

:tazz:
  • 0

Advertisements


#2
twjackson

twjackson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Downloaded new version of Ad-Aware SE and here is the logfile now.
Any takers? :tazz:
thx,
tj

Ad-Aware SE Build 1.05
Logfile Created on:Friday, February 25, 2005 8:47:23 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
AltnetBDE(TAC index:4):5 total references
BargainBuddy(TAC index:8):14 total references
BlazeFind(TAC index:5):8 total references
BookedSpace(TAC index:10):7 total references
BrilliantDigital(TAC index:6):22 total references
Claria(TAC index:7):4 total references
CoolWebSearch(TAC index:10):4 total references
DealHelper(TAC index:7):13 total references
DownloadWare(TAC index:8):8 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
eUniverse(TAC index:10):1 total references
ExactSearchBar(TAC index:5):2 total references
Favoriteman(TAC index:8):3 total references
IBIS Toolbar(TAC index:5):21 total references
IGetNet(TAC index:8):3 total references
ImIServer IEPlugin(TAC index:5):4 total references
Lop(TAC index:7):1 total references
MSView(TAC index:10):3 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
SahAgent(TAC index:9):10 total references
Softomate Toolbar(TAC index:9):6 total references
TopMoxie(TAC index:3):6 total references
Tracking Cookie(TAC index:3):463 total references
WindUpdates(TAC index:8):3 total references
VX2(TAC index:10):49 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

2-25-2005 8:41:00 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R28 16.02.2005
Internal build : 33
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 411893 Bytes
Total size : 1300934 Bytes
Signature data size : 1271214 Bytes
Reference data size : 29208 Bytes
Signatures total : 36156
Fingerprints total : 620
Fingerprints size : 23479 Bytes
Target categories : 15
Target families : 632


2-25-2005 8:41:06 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:261132 kb
Available physical memory:74232 kb
Total page file size:630976 kb
Available on page file:263096 kb
Total virtual memory:2097024 kb
Available virtual memory:2037508 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2-25-2005 8:47:23 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 2-24-2005 8:43:41 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 2-24-2005 8:43:48 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 2-24-2005 8:43:49 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 2-24-2005 8:43:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 2-24-2005 8:43:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 2-24-2005 8:43:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1008
ThreadCreationTime : 2-24-2005 8:43:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 2-24-2005 8:43:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1620
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal


#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1632
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1704
ThreadCreationTime : 2-24-2005 8:45:02 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:15 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1808
ThreadCreationTime : 2-24-2005 8:45:03 PM
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1936
ThreadCreationTime : 2-24-2005 8:45:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1968
ThreadCreationTime : 2-24-2005 8:45:07 PM
BasePriority : Normal
FileVersion : 1, 8, 50, 196
ProductVersion : 1, 8, 50, 196
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:18 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1988
ThreadCreationTime : 2-24-2005 8:45:07 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 248
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 280
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:21 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 316
ThreadCreationTime : 2-24-2005 8:45:08 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 2-24-2005 8:45:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1552
ThreadCreationTime : 2-25-2005 3:06:28 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 3112
ThreadCreationTime : 2-25-2005 3:06:38 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:25 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 3780
ThreadCreationTime : 2-25-2005 3:06:44 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:26 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 3344
ThreadCreationTime : 2-25-2005 3:06:44 PM
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\ipoqaa.dll)

CoolWebSearch Object Recognized!
Type : Process
Data : ipoqaa.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1764
ThreadCreationTime : 2-25-2005 3:06:45 PM
BasePriority : Normal
FileVersion : 2.1.5.1
ProductVersion : 2.1.5.1
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:28 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 3892
ThreadCreationTime : 2-25-2005 3:06:45 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:29 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 184
ThreadCreationTime : 2-25-2005 3:06:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:30 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2472
ThreadCreationTime : 2-25-2005 3:06:48 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:31 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3204
ThreadCreationTime : 2-25-2005 3:06:52 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [hpoant07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\
ProcessID : 972
ThreadCreationTime : 2-25-2005 3:06:58 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOANT07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOANT07.EXE
Comments : HP OfficeJet V Series COM Device Objects

#:33 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2504
ThreadCreationTime : 2-25-2005 3:07:01 PM
BasePriority : Normal


#:34 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2976
ThreadCreationTime : 2-25-2005 3:07:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:35 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ProcessID : 3732
ThreadCreationTime : 2-25-2005 3:07:25 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager

#:36 [hpoipm07.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3384
ThreadCreationTime : 2-25-2005 3:07:30 PM
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:37 [hposts07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 916
ThreadCreationTime : 2-25-2005 3:07:59 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status

#:38 [hpofxm07.exe]
FilePath : C:\Program Files\Hewlett-Packard\AiO\Shared\bin\
ProcessID : 4052
ThreadCreationTime : 2-25-2005 3:08:00 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.04.06
ProductName : hp officejet v series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet G Series Fax Manager
InternalName : HPOFXM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOFXM07.EXE
Comments : HP OfficeJet G Series Fax Manager

#:39 [outlook.exe]
FilePath : C:\PROGRA~1\MICROS~2\Office\
ProcessID : 988
ThreadCreationTime : 2-25-2005 3:11:53 PM
BasePriority : Normal


#:40 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 3820
ThreadCreationTime : 2-25-2005 3:12:12 PM
BasePriority : Normal


#:41 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 880
ThreadCreationTime : 2-25-2005 4:40:51 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:42 [opscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 2708
ThreadCreationTime : 2-25-2005 4:46:08 PM
BasePriority : Normal
FileVersion : 10.0.2.610
ProductVersion : 10.0.2.610
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Out of Process Scan Server
InternalName : OPScan
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : OPScan.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback
Value : BuildNumber

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer
Value :

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b16b278-b2e3-4cbf-85b5-e058878f728f}
Value :

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81739076-56b7-42ec-a0aa-692794fded1a}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81739076-56b7-42ec-a0aa-692794fded1a}
Value :

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3d89a731-9f4a-418f-a997-2d633c7c404c}
Value :

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf9ee3a0-1a02-4265-a65f-ac4d4447f6bf}
Value :

DealHelper Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{06e53101-654c-45eb-bff6-e37e13b5972a}

DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{06e53101-654c-45eb-bff6-e37e13b5972a}
Value :

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00d6a7e7-4a97-456f-848a-3b75bf7554d7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar.1
Value :

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar

Softomate Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : softomate.ietoolbar
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : SystemComponent

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
Value : Installer

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3fa866ac-40d7-4fe6-babf-78ee854a4325}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1757981266-920026266-682003330-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LNI0d1OfSInst"
Rootkey : HKEY_USERS
Object : S-1-5-21-1757981266-920026266-682003330-1004\software\localnrd
Value : LNI0d1OfSInst

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 54
Objects found so far: 55


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@questionmarket[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:abertombie@questionmarket.com/
Expires : 2-16-2006 1:20:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@ads.addynamix[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@ads.addynamix[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@ads.pointroll[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@ads.pointroll[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@clickagents[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@clickagents[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@euniverseads[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@euniverseads[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@perf.overture[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@perf.overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@targetnet[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@targetnet[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@tickle[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@tickle[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@valueclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@www.ppctracking[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@www.ppctracking[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : abertombie@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Abertombie\Cookies\abertombie@z1.adserver[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 79



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : localNrd.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Abertombie\Local Settings\Temp\THI6BEF.tmp\



Elitum.ElitebarBHO Object Recognized!
Type : File
Data : preInsln.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Abertombie\Local Settings\Temp\THI6BEF.tmp\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@adserving.autotrader[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@adserving.autotrader[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@citi.bridgetrack[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@citi.bridgetrack[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@edge.ru4[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@edge.ru4[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@servedby.advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@www10.paypopup[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@www10.paypopup[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@www2.yesadvertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@www2.yesadvertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@www6.paypopup[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@www6.paypopup[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@www8.paypopup[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@www8.paypopup[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ash@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Ash\Cookies\ash@zedo[1].txt

VX2 Object Recognized!
Type : File
Data : conscorr.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\Ash\Local Settings\Temp\



VX2 Object Recognized!
Type : File
Data : conscorr.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Ash\Local Settings\Temp\
FileVersion : 0, 3, 1, 3
ProductVersion : 0, 3, 1, 3
CompanyName : ConsCorr
FileDescription : www.conscorr.com
LegalCopyright : Copyright © 2002


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@276[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@276[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@a.as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@a.as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@adnetintads.valuead[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@adnetintads.valuead[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@adrevolver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@ads.addynamix[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@ads.addynamix[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@ads.enliven[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Chelsea\Cookies\chelsea@ads.enliven[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : chelsea@ads.pointroll[2].txt
Category : Data Miner
Comment
  • 0

#3
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:

C:\WINDOWS\system32\vriykk.exe

Exit the Task Manager when finished

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alexa.com/?p=home

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll (file missing)
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [odeqsvmefx] C:\WINDOWS\System32\pzeuumk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {15AD478
9-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...1613117fb4ea0f9


Click on Fix Checked and exit HijackThis.

Reboot into safe mode and make sure all files are showing.

C:\WINDOWS\System32\pzeuumk.exe
C:\Program Files\Ebates_MoeMoneyMaker
C:\WINDOWS\localNRD.dll

Post back a fresh HijackThis log and we'll take another look.

[edit] As there has been no response from the original poster, this topic is now closed. If you have any other problems, please post a new topic.

Edited by bananafanafo, 15 April 2005 - 01:09 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP