It mite be of help for you to know i also found the program virtual maid in add/remove programs but i havent removed it.
Also i cannot connect the computer to the internet untill it is cleaned so i can transfer programs on and copy logs off it but updating programs is hard unless there is a way around it . Please bae this in mind when help is given .
Thankyou for any help and sorry for the long post . Anything is much appreciated.
I have included an adaware log below , if any help
Ad- aware log:
Ad-Aware SE Build 1.05
Logfile Created on:12 May 2005 22:37:46
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2020Search(TAC index:4):6 total references
Claria(TAC index:7):21 total references
CommonName(TAC index:7):3 total references
Lop(TAC index:7):2 total references
Other(TAC index:5):3 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Redirected hostfile entry(TAC index:4):1 total references
TopSearch(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
WhenU(TAC index:10):46 total references
Windows(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:43 %
Total physical memory:392496 kb
Available physical memory:165184 kb
Total page file size:551396 kb
Available on page file:396492 kb
Total virtual memory:2097024 kb
Available virtual memory:2046228 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
12-05-2005 22:37:46 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 380
ThreadCreationTime : 12-05-2005 20:38:01
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 428
ThreadCreationTime : 12-05-2005 20:38:04
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 456
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 500
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 512
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 776
ThreadCreationTime : 12-05-2005 20:38:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 820
ThreadCreationTime : 12-05-2005 20:38:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 960
ThreadCreationTime : 12-05-2005 20:38:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 972
ThreadCreationTime : 12-05-2005 20:38:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1052
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1128
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:12 [logwatnt.exe]
ModuleName : C:\WINDOWS\LogWatNT.exe
Command Line : C:\WINDOWS\LogWatNT.exe
ProcessID : 1180
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1200
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:14 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1296
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1872
ThreadCreationTime : 12-05-2005 20:38:54
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : C:\WINDOWS\System32\msole32.exe
ProcessID : 148
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal
#:17 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : C:\WINDOWS\System32\shnlog.exe
ProcessID : 176
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal
ProductVersion : 1.7
#:18 [popuper.exe]
ModuleName : C:\WINDOWS\popuper.exe
Command Line : C:\WINDOWS\popuper.exe
ProcessID : 184
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe
#:19 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ProcessID : 208
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal
#:20 [jshepeai.exe]
ModuleName : C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe
Command Line : C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe -QuieT
ProcessID : 224
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 244
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
#:22 [save.exe]
ModuleName : C:\PROGRA~1\Save\Save.exe
Command Line : C:\PROGRA~1\Save\Save.exe
ProcessID : 284
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2, 6, 4, 7
ProductVersion : 2, 6, 4, 7
ProductName : Save!
CompanyName : WhenU.com, Inc.
FileDescription : Save!
InternalName : WhenUSave
LegalCopyright : Copyright 2001
OriginalFilename : Save.exe
#:23 [hpztsb04.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
Command Line : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
ProcessID : 328
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001
#:24 [search.exe]
ModuleName : C:\Program Files\WhenUSearch\Search.exe
Command Line : "C:\Program Files\WhenUSearch\Search.exe"
ProcessID : 340
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe
#:25 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : C:\WINDOWS\System32\ctfmon.exe
ProcessID : 356
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [bsw.exe]
ModuleName : C:\bsw.exe
Command Line : C:\bsw.exe
ProcessID : 400
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
#:27 [dvzmsgr.exe]
ModuleName : C:\WINDOWS\DvzCommon\DvzMsgr.exe
Command Line : C:\WINDOWS\DvzCommon\DvzMsgr.exe
ProcessID : 112
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal
#:28 [hotsync.exe]
ModuleName : C:\Program Files\Sony Handheld\HOTSYNC.EXE
Command Line : "C:\Program Files\Sony Handheld\HOTSYNC.EXE"
ProcessID : 632
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
#:29 [owv1.exe]
ModuleName : C:\DOCUME~1\Sami\LOCALS~1\Temp\Owv1.exe
Command Line : -F:C:\DOCUME~1\Sami\LOCALS~1\Temp\Owv2.Owd -BxPxF: -MxRxE:C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe -QuieT
ProcessID : 1524
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal
#:30 [intmonp.exe]
ModuleName : C:\WINDOWS\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1528
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal
#:31 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 560
ThreadCreationTime : 12-05-2005 20:38:59
BasePriority : Normal
#:32 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 1864
ThreadCreationTime : 12-05-2005 20:39:00
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe
#:33 [rasautou.exe]
ModuleName : C:\WINDOWS\System32\rasautou.exe
Command Line : rasautou -a "zxserv0.com" -e "Doctors.net"
ProcessID : 2464
ThreadCreationTime : 12-05-2005 21:22:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Access Dialer
InternalName : rasdlui.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : rasdlui.exe
#:34 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
Command Line : C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe /598853
ProcessID : 3364
ThreadCreationTime : 12-05-2005 21:33:41
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2020Search Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search
2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search
Value :
2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search
Value : Contexts
2020Search Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search
2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search
Value :
2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search
Value : Contexts
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc90cda0-74a0-45b4-80ef-d89ca8c249b8}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc90cda0-74a0-45b4-80ef-d89ca8c249b8}
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj.1
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj.1
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8642d0f2-37cc-46b7-aa5b-399e6e68c626}
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\gator.com
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\gator.com
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :
CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}
WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1
Value : WUSE_Id
WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave
Value : FullDBTime
WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : InstallDir
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : Version
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : pats_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : pat_chunks_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : update_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : ziptomsa_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : iptomsa_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : coupondataurl
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : InstallTime
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : zip
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : newuser_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : startTime_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_script_update
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : HeartbeatTime
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : flagCR_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : readingTime_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : script_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : searchdataurl
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : showSplash
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : sliderThemes
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : themesSliderBgAlt
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : themesSliderBgPulse
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : uiupdate_url
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : IPToMsaTime_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : MSA
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_stamp_rs
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_server_update
Windows Object Recognized!
Type : RegData
Data : %1 %*
Category : Vulnerability
Comment : Possible virus infection, executable file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : exefile\shell\open\command
Value :
Data : %1 %*
Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 52
Objects found so far: 52
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : oliver@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Oliver\Cookies\oliver@serving-sys[2].txt
WhenU Object Recognized!
Type : File
Data : A0097880.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP615\
FileVersion : 1, 5, 1, 1
ProductVersion : 1, 5, 1, 1
ProductName : Weather
FileDescription : Weather
InternalName : Weather
LegalCopyright : Copyright 2002
OriginalFilename : Weather.exe
Lop Object Recognized!
Type : File
Data : A0099326.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\
Lop Object Recognized!
Type : File
Data : A0099327.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\
TopSearch Object Recognized!
Type : File
Data : A0099328.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Inc. TopSearch
CompanyName : Altnet Inc.
FileDescription : TopSearch
InternalName : TopSearch
LegalCopyright : Copyright Altnet Inc. © 2002
OriginalFilename : TopSearch.dll
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 57
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Warning!
Bad Hosts file entry:1123694712:auto.search.msn.com
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 1123694712
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 1123694712:auto.search.msn.com
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
45 entries scanned.
New critical objects:1
Objects found so far: 58
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : program cracks.url
Category : Misc
Comment : Problematic URL discovered: http://mscracks.com/cracks/C14.php
Object : C:\Documents and Settings\Sami\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : DisplayIcon
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : DisplayName
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : UninstallString
Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\DashBar
Claria Object Recognized!
Type : File
Data : DashBar15.dll
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
FileVersion : 1, 5, 0, 5
ProductVersion : 1, 5, 0, 5
ProductName : DashBar Toolbar Module
CompanyName : GAIN Publishing
FileDescription : DashBar Toolbar Module
InternalName : DashBar
LegalCopyright : Copyright © 1999-2003 GAIN Publishing
OriginalFilename : DashBar15.dll
Comments : An internet search toolbar
Claria Object Recognized!
Type : File
Data : DashBarSetup.log
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : DASHBARWEBSITE.URL
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
Claria Object Recognized!
Type : File
Data : SSTREG.EXE
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WhenUSearch
WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Save
WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WeatherCast
WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WhenUSearch
WhenU Object Recognized!
Type : File
Data : Save.exe
Category : Data Miner
Comment :
Object : C:\Program Files\save\
FileVersion : 2, 6, 4, 7
ProductVersion : 2, 6, 4, 7
ProductName : Save!
CompanyName : WhenU.com, Inc.
FileDescription : Save!
InternalName : WhenUSave
LegalCopyright : Copyright 2001
OriginalFilename : Save.exe
WhenU Object Recognized!
Type : File
Data : Weather.exe
Category : Data Miner
Comment :
Object : C:\Program Files\weathercast\
FileVersion : 1, 5, 2, 2
ProductVersion : 1, 5, 2, 2
ProductName : Weather
FileDescription : Weather
InternalName : Weather
LegalCopyright : Copyright 2002
OriginalFilename : Weather.exe
WhenU Object Recognized!
Type : File
Data : search.db
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
WhenU Object Recognized!
Type : File
Data : search.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch Module
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch Module
InternalName : WhenUSearch
LegalCopyright : Copyright 2003
OriginalFilename : Search.DLL
WhenU Object Recognized!
Type : File
Data : Search.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe
WhenU Object Recognized!
Type : File
Data : search.htm
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
WhenU Object Recognized!
Type : File
Data : store.db
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
WhenU Object Recognized!
Type : File
Data : Uninst.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch Uninstall
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch Uninstall
InternalName : Uninst
LegalCopyright : Copyright 2001
OriginalFilename : Uninst.exe
WhenU Object Recognized!
Type : File
Data : whse.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe
Claria Object Recognized!
Type : File
Data : Dashbar Website.lnk
Category : Data Miner
Comment : Shortcut to bad file : C:\Documents and Settings\Sami\Start Menu\Programs\DashBar\Dashbar Website.lnk
Object : C:\Documents and Settings\Sami\Start Menu\Programs\DashBar\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 87
22:50:08 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:22.277
Objects scanned:103014
Objects identified:87
Objects ignored:0
New critical objects:87