As requested, here are the log files:
From Panda -
-----
Adware:Adware/Xupiter No disinfected Windows Registry
Adware:Adware/ILookup No disinfected C:\WINDOWS\Favorites\Gambling
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.inf
-------
I've searched the registry for xupiter and it doesn't exist. Searched for these other files too and they do not exist on the drive. The Gator entries were present in the registry, but I'd already hacked them out earlier today.
There is no log for Housecall because it found nothing, not one thing wrong.
Here is the HJK log -
-----------
Logfile of HijackThis v1.99.1
Scan saved at 11:00:32 PM, on 3/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Access2000\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\INTERNET\YAHOOMESSENGER\MESSENGER\YHEXBMES0411.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\INTERNET\YAHOOMESSENGER\MESSENGER\YHEXBMES0411.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: Yahoo! Chat -
http://cs7.chat.sc5....m/c381/chat.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} (BHO Class) -
http://plugin.secure...servicepack.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab-------
There is one thing here that catches my eye - 016 entry, secureservicepack. I've found absolutely nothing online about this and it is newly installed on my system. Except for Spybot's Immunization and Browser Helper for IE (which it says is not installed, though I know it was at some point) and a Google Toolbar, I've not willingly installed any BHO's that I know of.
For kicks, here's what Spybot found -
----
IGetNet - Redirected host ieautosearch=69.20.16.183
Common Hijacker - Redirected host search.netscape.com=69.20.16.183
Common Hijacker - Redirected host auto.search.msn.com=69.20.16.183
-----
I did not 'fix' these entries, and the problems match what keeps appearing over and over in the host file. I change the IP to point internally and they're 'fixed' a minute later to the old IP.
Ad-Aware log (just for fun) -
---------
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, March 20, 2005 11:19:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Redirected hostfile entry(TAC index:4):3 total references
Tracking Cookie(TAC index:3):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R33 16.03.2005
Internal build : 38
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 431409 Bytes
Total size : 1357573 Bytes
Signature data size : 1327668 Bytes
Reference data size : 29393 Bytes
Signatures total : 37814
Fingerprints total : 720
Fingerprints size : 26761 Bytes
Target categories : 15
Target families : 641
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:17 %
Total physical memory:195872 kb
Available physical memory:5096 kb
Total page file size:1901276 kb
Available on page file:1772932 kb
Total virtual memory:2093056 kb
Available virtual memory:2042240 kb
OS:Microsoft Windows 98 SE
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-20-05 11:19:14 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293860667
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
Scanning Module:C:\WINDOWS\SYSTEM\USER32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\GDI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ADVAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\KERNEL32.DLL...
#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294912687
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
Scanning Module:C:\WINDOWS\SYSTEM\SFMAN32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\DEVCON32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WINMM.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VERSION.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLEAUT32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLE32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MPR.DLL...
#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294958559
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
Scanning Module:C:\WINDOWS\SYSTEM\MSNP32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSNET32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MPREXE.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\MPRSERV.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSPWL32.DLL...
#:4 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294965123
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
Scanning Module:C:\WINDOWS\SYSTEM\MSIDLE.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSTASK.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\SHELL32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\COMCTL32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHLWAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCRT.DLL...
#:5 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4294946567
Threads : 17
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
Scanning Module:C:\WINDOWS\SYSTEM\NETAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NETBIOS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\VSAVPRO.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RNR20.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHFOLDER.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\CAMUPD.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSAFD.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\VSVAULT.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\VSDB.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\VSRULEDB.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VSXML.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZLCOMMDB.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZLCOMM.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VSDATA.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\ZONELABS\SSLEAY32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VSUTIL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VSINIT.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RSABASE.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WSOCK32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSWSOCK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WS2_32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WININET.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\CRYPT32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RPCRT4.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSOSS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WS2HELP.DLL...
#:6 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294881571
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:7 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294890367
Threads : 3
Priority : Realtime
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2001
OriginalFilename : DDHelp.exe
Scanning Module:C:\WINDOWS\SYSTEM\DSOUND.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\DDHELP.EXE...
#:8 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294789723
Threads : 13
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\SYSTEM\SETUPAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\CFGMGR32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\LZ32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NTDLL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WEBCHECK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\LINKINFO.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MYDOCS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHD401LC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSG202.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\SYSTEM\URLMON.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLEDLG.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCRT20.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IPHLPAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IPCFGDLL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\DHCPCSVC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ICMP.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\COMDLG32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\BROWSEUI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHDOC401.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHDOCVW.DLL...
Scanning Module:C:\WINDOWS\EXPLORER.EXE...
#:9 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294737347
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
Scanning Module:C:\WINDOWS\TASKMON.EXE...
#:10 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294733071
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
Scanning Module:C:\WINDOWS\SYSTEM\USBUI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WMI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SYSTRAY.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\BATMETER.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\POWRPROF.DLL...
#:11 [ATICWD32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ATICWD32.EXE
Command Line : "C:\WINDOWS\SYSTEM\Aticwd32.exe"
ProcessID : 4294706083
Threads : 2
Priority : Normal
FileVersion : 4.11.2559
ProductVersion : 4.11.2559
ProductName : ATI Technologies Inc.
CompanyName : ATI Technologies Inc.
FileDescription : ATI Common Windows Display Driver Extension
InternalName : ATICWD32
LegalCopyright : Copyright © ATI Technologies Inc., 1998
OriginalFilename : ATICWD32.EXE
Scanning Module:C:\WINDOWS\SYSTEM\ATIMPPIF.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ATICWD32.EXE...
#:12 [ATITASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ATITASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\Atitask.exe"
ProcessID : 4294718959
Threads : 1
Priority : Normal
FileVersion : 4.11.2315
ProductVersion : 4.11.2315
ProductName : ATI Technologies, Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Application
InternalName : AtiTask
LegalCopyright : Copyright © ATI Technologies Inc. 1998
OriginalFilename : AtiTask
Scanning Module:C:\WINDOWS\SYSTEM\ATITADEF.RSC...
Scanning Module:C:\WINDOWS\SYSTEM\ATITASK.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\ATICWDDE.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ATIHT.DLL...
#:13 [NAVAPW32.EXE]
ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
Command Line : "C:\PROGRA~1\NORTON~1\NAVAPW32.EXE"
ProcessID : 4294756087
Threads : 18
Priority : Normal
FileVersion : 8.00.6
ProductVersion : 8.00.6
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2001 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
Scanning Module:C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFALERT.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ATL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SOFTPUB.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WINTRUST.DLL...
Scanning Module:C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVPROXY.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCP60.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SYMREDIR.DLL...
Scanning Module:C:\PROGRAM FILES\NORTON ANTIVIRUS\APWCMD9X.DLL...
Scanning Module:C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE...
Scanning Module:C:\PROGRAM FILES\NORTON ANTIVIRUS\APWUTIL.DLL...
#:14 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294767739
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
Scanning Module:C:\WINDOWS\SYSTEM\MSPP32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\EPIPPJ70.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\EBPMON.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SPOOL32.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\SPOOLSS.DLL...
#:15 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4294737479
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAV.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\IDLOCK.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PRIVACY.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FILTER.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FIREWALL.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\EMAIL.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ALERT.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\SECURITY.ZAP...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PROGRAMS.ZAP...
Scanning Module:C:\WINDOWS\SYSTEM\VSMONAPI.DLL...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE...
Scanning Module:C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FRAMEWRK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VSPUBAPI.DLL...
#:16 [AHQTB.EXE]
ModuleName : C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
Command Line : "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
ProcessID : 4294671207
Threads : 1
Priority : Normal
FileVersion : 1.0.185
ProductVersion : 1.0.185
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ
Scanning Module:C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQMAN.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTBRES.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE...
#:17 [CTLAUNCHER.EXE]
ModuleName : C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
Command Line : "C:\Program Files\Creative\Launcher\CTLauncher.exe"
ProcessID : 4294647671
Threads : 1
Priority : Normal
FileVersion : 1.51.1.0
ProductVersion : 1.0
ProductName : Creative Launcher
CompanyName : Creative Technology Ltd
FileDescription : Creative Launcher
InternalName : Launcher
LegalCopyright : Copyright © Creative Technology Ltd 1999
OriginalFilename : Launcher
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\PLUGINS\CTPILIVE.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\PLUGINS\LIVERES.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\PLUGINS\CTPILOGO.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\PLUGINS\LOGORES.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCH.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHRES.DLL...
Scanning Module:C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\MFC42.DLL...
#:18 [WINPATROL.EXE]
ModuleName : C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
Command Line : "C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe"
ProcessID : 4294693283
Threads : 2
Priority : Normal
FileVersion : 9, 0, 0, 2
ProductVersion : 9.0.0.2
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty Classic
Comments : Let Scotty the Windows Watchdog patrol your system.
Scanning Module:C:\WINDOWS\SYSTEM\MSTASK.DLL...
Scanning Module:C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE...
#:19 [E_S4I2D1.EXE]
ModuleName : C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
Command Line : "C:\WINDOWS\SYSTEM\E_S4I2D1.EXE" /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
ProcessID : 4294701883
Threads : 1
Priority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S4I2D1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S4I2D1.EXE
Scanning Module:C:\WINDOWS\SYSTEM\E_S4I2D1.EXE...
#:20 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294624131
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
Scanning Module:C:\WINDOWS\SYSTEM\WMIEXE.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\WMICORE.DLL...
#:21 [OSA.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 4294676915
Threads : 1
Priority : Normal
Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE...
Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSAINTL.DLL...
Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSO97.DLL...
#:22 [FIREFOX.EXE]
ModuleName : C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 4294508915
Threads : 4
Priority : Normal
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\NSSCKBI.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\JAR50.DLL...
Scanning Module:C:\PROGRAM FILES\JAVA\JRE1.5.0_01\BIN\JPINSCP.DLL...
Scanning Module:C:\PROGRAM FILES\JAVA\JRE1.5.0_01\BIN\JPISHARE.DLL...
Scanning Module:C:\PROGRAM FILES\JAVA\JRE1.5.0_01\BIN\JPIOJI.DLL...
Scanning Module:C:\PROGRAM FILES\JAVA\JRE1.5.0_01\BIN\NPOJI610.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLEPRO32.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\XPCOM_COMPAT.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\SSL3.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\SMIME3.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\NSS3.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\SOFTOKN3.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\XPCOM.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\PLDS4.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\PLC4.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\JS3250.DLL...
Scanning Module:C:\PROGRAM FILES\MOZILLA FIREFOX\NSPR4.DLL...
#:23 [RUNDLL32.EXE]
ModuleName : C:\WINDOWS\RUNDLL32.EXE
Command Line : rundll32.exe
ProcessID : 4294314151
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\SYSTEM\DJVENUM.DLL...
Scanning Module:C:\WINDOWS\RUNDLL32.EXE...
#:24 [WORDPAD.EXE]
ModuleName : C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
Command Line : "C:\Program Files\Accessories\WORDPAD.EXE"
ProcessID : 4294474275
Threads : 2
Priority : Normal
FileVersion : 5.00.1691.1
ProductVersion : 5.00.1691.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WordPad MFC Application
InternalName : wordpad
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : wordpad
Scanning Module:C:\WINDOWS\SYSTEM\RICHED20.DLL...
Scanning Module:C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE...
#:25 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294372403
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\WINDOWS\SYSTEM\SVRAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RICHED32.DLL...
Scanning Module:C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE...
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karen@overture[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 3-18-15 9:56:48 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karen@realmedia[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 3-20-06 3:42:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 3-21-05 3:22:32 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karen@findwhat[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 12-31-19 4:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 3-21-05 3:27:08 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:
[email protected]/
Expires : 3-21-05 8:36:12 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karen@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/cgi-bin
Expires : 2-27-15 3:59:58 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:
[email protected]/
Expires : 3-21-05 6:27:06 PM
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karen@0[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:
[email protected]/HTM/518/0
Expires : 3-20-06 8:13:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 19
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\downloads\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\DreamWeaver\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\General_Burn\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\HOLIDAY\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\Maxis\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\My Documents\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\My Download Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\My Music\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\RECYCLED\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\SC2K4WIN\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Disk Scan Result for F:\Unknown\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Warning!
Bad Hosts file entry:69.20.16.183:auto.search.msn.com
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:auto.search.msn.com
Warning!
Bad Hosts file entry:69.20.16.183:search.netscape.com
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:search.netscape.com
Warning!
Bad Hosts file entry:69.20.16.183:ieautosearch
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:ieautosearch
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
16 entries scanned.
New critical objects:3
Objects found so far: 22
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22
11:33:08 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:54.260
Objects scanned:106186
Objects identified:12
Objects ignored:0
New critical objects:12
------
The entries were not 'fixed' since correcting the host file makes no difference.
CWShredder has also been run and it 'removed' bootconf and svhost32 a number of times. They don't stay 'removed' though.
If this is a variant on the vx2 infection, I'd act as a test subject if necessary. Everything important has been archived or copied elsewhere (after scanning the h*** out of it) so there's no worry about losing data.
Good luck deciphering all this!