Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log


  • Please log in to reply

#1
The_New_Guy

The_New_Guy

    New Member

  • Member
  • Pip
  • 2 posts
This is my hijack log I hope everything is right because this is the 1st time ever for me and thank you for any help.

Logfile of HijackThis v1.99.1
Scan saved at 10:41:53 AM, on 03/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\CSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\WMP11CFG.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www/
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITEBNR32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?315
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - AppInit_DLLs: apitrap.dll;
  • 0

Advertisements


#2
The_New_Guy

The_New_Guy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I added Ad-Aware logfile if it is any help. Also I think Elitum.EliteBar is what I need to fix, I just don't know how. Every time I restart my PC Ad-Aware picks up the same stuff you see at the bottom. I also get and Error message.
"Updlog355
Updlog355 has caused an error in UPDLOG355.EXE
Updlog will now close"

Also Can anyone tell me if I got every thing I need for you guys or do I still need to post more info?











Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, March 15, 2005 1:10:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):1 total references
Elitum.ElitebarBHO(TAC index:5):48 total references
MRU List(TAC index:0):6 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


03-15-2005 1:10:57 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291773235
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294936151
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294847995
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294868143
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [SYMTRAY.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294858271
Threads : 1
Priority : Normal
FileVersion : 2004.7.81
ProductVersion : 2004.7.81
ProductName : Norton SystemWorks
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : SymTray.exe

#:6 [NPROTECT.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\
ProcessID : 4294869351
Threads : 3
Priority : Normal
FileVersion : 17.0.0.82
ProductVersion : 17.0.0.82
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:7 [CSINJECT.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294894355
Threads : 1
Priority : Normal
FileVersion : 8.0.00.79
ProductVersion : 8.0
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : csinject
InternalName : CSInject
LegalCopyright : Copyright © 1992-2002 Symantec Corporation
OriginalFilename : CSInject.exe

#:8 [GHOSTSTARTSERVICE.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\
ProcessID : 4294890303
Threads : 1
Priority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:9 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294772835
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294882235
Threads : 20
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:11 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294868455
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294792947
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294795223
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:14 [APTEZBP.EXE]
FilePath : C:\IBMTOOLS\APTEZBTN\
ProcessID : 4294742311
Threads : 1
Priority : Normal


#:15 [AUTOCHK.EXE]
FilePath : C:\CSAFE\
ProcessID : 4294758635
Threads : 1
Priority : Normal
FileVersion : 1.05.03
CompanyName : imagine LAN, Inc.
FileDescription : ConfigSafe Auto Check Program
InternalName : AUTOCHK
LegalCopyright : Copyright © 1995-1996
OriginalFilename : AUTOCHK.EXE

#:16 [DIRECTCD.EXE]
FilePath : C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\
ProcessID : 4294642739
Threads : 1
Priority : Normal
FileVersion : 3.0 (85)
ProductVersion : 3.0 (85)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-1999 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:17 [SYMLCSVC.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\
ProcessID : 4294681467
Threads : 1
Priority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:18 [GHOSTSTARTTRAYAPP.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\
ProcessID : 4294674715
Threads : 1
Priority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:19 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294703255
Threads : 5
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:20 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294704883
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:21 [ELITEBNR32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294693643
Threads : 5
Priority : Normal


Elitum.ElitebarBHO Object Recognized!
Type : Process
Data : ELITEBNR32.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! Elitum.ElitebarBHO Object found in memory(C:\WINDOWS\SYSTEM\ELITEBNR32.EXE)

"C:\WINDOWS\SYSTEM\ELITEBNR32.EXE"Process terminated successfully

#:22 [WMP11CFG.EXE]
FilePath : C:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\
ProcessID : 4294593163
Threads : 1
Priority : Normal
FileVersion : 1.0.5.107
ProductVersion : 1.0.5.0
ProductName : Linksys Instant WLAN Monitor
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
LegalCopyright : Copyright © 2003, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WLANMonitor.EXE
Comments : Linksys Instant WLAN Monitor

#:23 [CSINSM32.EXE]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294853975
Threads : 4
Priority : Normal
FileVersion : 8.0.00.79
ProductVersion : 8.0
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton CleanSweep Install Monitor
InternalName : CSINSM
LegalCopyright : Copyright © 1992-2002 Symantec Corporation
LegalTrademarks : SmartSweep is a trademark of Symantec Corporation.
OriginalFilename : CSINSM*.EXE

#:24 [Monwow.exe]
FilePath : C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\
ProcessID : 4294514503
Threads : 1
Priority : Normal
FileVersion : 7.00.0004
ProductVersion : 7.00
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton SmartSweep for NT WOW monitor
InternalName : MONWOW
LegalCopyright : Copyright © 2001-2002 Symantec Corporation
OriginalFilename : MonWOW.EXE

#:25 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294685335
Threads : 5
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:26 [SPYBOTSD.EXE]
FilePath : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\
ProcessID : 4294549167
Threads : 3
Priority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:27 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294641375
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dbf33e89-1784-42ac-ade4-a428f56550a3}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dbf33e89-1784-42ac-ade4-a428f56550a3}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : UninstallString

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayName

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayIcon

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}
Value :

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : uninstalled

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : FirstTimeStarted

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : SearchIndex

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AutoComplete

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : ac1

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : adult.tbr

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : popupblocker

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : default.tbr

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : search.mnu

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : version

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : path

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : UpdateDate

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 33
Objects found so far: 34


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 03-13-2010 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@mediaplex[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 06-21-2009 4:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/cgi-bin
Expires : 03-13-2015 11:07:32 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 01-01-2038
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 03-06-2006 8:10:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ibm@revenue[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 06-09-2022 9:05:40 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 40



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TM

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AM

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : TR

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : country

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : city

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : state

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum

Elitum.ElitebarBHO Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\EliteToolBar

Elitum.ElitebarBHO Object Recognized!
Type : File
Data : EliteToolBar.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\elitetoolbar\
FileVersion : 1, 0, 0, 59
ProductVersion : 1, 0, 0, 59
ProductName : EliteToolBar Dynamic Link Library
FileDescription : EliteToolBar DLL
InternalName : EliteToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : EliteToolBar.DLL


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 61

1:12:51 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:54.130
Objects scanned:33128
Objects identified:55
Objects ignored:0
New critical objects:55
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP