Logfile Created on:26 August 2005 18:28:09
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
CoolWebSearch(TAC index:10):2 total references
MRU List(TAC index:0):34 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
26-08-2005 18:28:10 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\colin\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\colin\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 26-08-2005 16:45:03
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 26-08-2005 16:45:07
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 26-08-2005 16:45:09
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 26-08-2005 16:45:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 26-08-2005 16:45:14
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 26-08-2005 16:45:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 26-08-2005 16:45:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 828
ThreadCreationTime : 26-08-2005 16:45:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 852
ThreadCreationTime : 26-08-2005 16:45:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 26-08-2005 16:45:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1060
ThreadCreationTime : 26-08-2005 16:45:45
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1088
ThreadCreationTime : 26-08-2005 16:45:46
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:13 [isafe.exe]
FilePath : C:\WINDOWS\System32\ZoneLabs\
ProcessID : 1112
ThreadCreationTime : 26-08-2005 16:45:48
BasePriority : Normal
FileVersion : Version 10.63.0.1
ProductVersion : Version 10.63.0.1
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1140
ThreadCreationTime : 26-08-2005 16:45:49
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 26-08-2005 16:45:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1236
ThreadCreationTime : 26-08-2005 16:45:51
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:17 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1324
ThreadCreationTime : 26-08-2005 16:45:53
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1204
ThreadCreationTime : 26-08-2005 16:59:12
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:19 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1800
ThreadCreationTime : 26-08-2005 16:59:40
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:20 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1848
ThreadCreationTime : 26-08-2005 16:59:47
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1852
ThreadCreationTime : 26-08-2005 16:59:48
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:22 [vsnpstd2.exe]
FilePath : C:\WINDOWS\
ProcessID : 1368
ThreadCreationTime : 26-08-2005 16:59:49
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright © 2003
OriginalFilename : CameraMonitor.EXE
#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 26-08-2005 16:59:50
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1964
ThreadCreationTime : 26-08-2005 17:00:10
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:25 [lngknjk.exe]
FilePath : C:\windows\
ProcessID : 2024
ThreadCreationTime : 26-08-2005 17:00:12
BasePriority : Normal
#:26 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1468
ThreadCreationTime : 26-08-2005 17:10:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:27 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1892
ThreadCreationTime : 26-08-2005 17:10:48
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:28 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 984
ThreadCreationTime : 26-08-2005 17:14:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:29 [wpsetup[1].exe]
FilePath : C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\0KQXDF1X\
ProcessID : 2076
ThreadCreationTime : 26-08-2005 17:16:30
BasePriority : Normal
#:30 [ntvdm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2092
ThreadCreationTime : 26-08-2005 17:16:33
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 39
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-299502267-813497703-1957994488-1003\Software\Microsoft\Internet Explorer\SearchURLSearchURLfind4u.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://top-find4u.com/sp.htm"
TAC Rating : 5
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-813497703-1957994488-1003\Software\Microsoft\Internet Explorer\SearchURL
Value : SearchURL
Data : "http://top-find4u.com/sp.htm"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 40
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colin@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 23-08-2010 18:20:14
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 02-09-2005 18:16:44
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 42
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
18:46:25 Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:14.534
Objects scanned:98746
Objects identified:8
Objects ignored:0
New critical objects:8
___________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 18:50:34, on 26/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\lngknjk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\0KQXDF1X\wpsetup[1].exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - {5DF5C725-B5FC-E409-077E-170681144B24} - clamav.dll (file missing)
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: (no name) - {BE56890A-471C-C56C-72B0-6DECF5B8FF41} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [NopeZ] bingo9.exe
O4 - HKLM\..\Run: [bingo9] sbin.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [lyitulq] c:\windows\mqincuo.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [xnswdmq] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [lnnpnem] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [dialer423] Uint32.exe
O4 - HKCU\..\Run: [hyandex] atl_helper.exe
O4 - HKCU\..\Run: [control64] nmdllw.exe
O4 - HKCU\..\Run: [bcobepd] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [gfxbkve] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [eiscgkc] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [rporqgl] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [nmrpskh] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [koymsgl] c:\windows\hmjgssm.exe
O4 - HKCU\..\Run: [pqyqdhq] c:\windows\htulhii.exe
O4 - HKCU\..\Run: [cnifwly] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [xgragqy] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [btjatkb] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [eijsquo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [sikvnwm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ueuhvcq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [stsiodq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [txfwdgx] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [jrcfkad] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [qydvscm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [hocgbbe] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fhwxytc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [khgmtqw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rtngpdk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [vqyiedi] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tosxnhc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tchbrap] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrjabcl] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tolxcgj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dpdcvnh] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ljgsttm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [mnpofrc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iwjeuqj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iopjkeo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fpbnvuc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [pxwfnbj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nekawkk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ggcosoj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ilpqsnn] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dyybkba] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrnwftr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [loaigwc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [goblqdr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [imnuwpt] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rsyymrw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ncojxtp] c:\windows\ntuvpjl.exe
O4 - HKCU\..\Run: [jssljbo] c:\windows\mqpdpjv.exe
O4 - HKCU\..\Run: [trvssgf] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [wrgwhyx] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [qdxwqlj] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [fkoqiiw] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [ngmqvwq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [utwupmw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kksnueg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [tmxjuxm] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [nxbxkns] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yudvyfn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mwvnvke] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mshxhlk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kxqksdo] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [drrrhgf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ntcinxl] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yonhpbf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kqsmqbj] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yeejylk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [cyvyrvg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ejxatno] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yupubvh] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [qtihski] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [owqjqce] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [sbkfcqw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [datmkjn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [hlnlsxw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ycdfppq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [auxhfsh] c:\windows\rxdgocp.exe
O4 - HKCU\..\Run: [ioybomw] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dknrtyb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [coyihrc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [knkvbta] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kebisof] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [mlvvgtc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tjjxgie] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kuuafbt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [unemrnj] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [naefhwe] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [ufaylod] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [xysoaut] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [gkwsrue] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [shuxiuo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [oyqdpkb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tndgeva] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [bneaobx] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [waomawk] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lpwappi] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [swhvpvv] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [yyepvfo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lmpgojt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [hmaaxty] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dejldiw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [pigkhkv] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [yyuqvkg] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [gsopram] c:\windows\nnrwaur.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk121AXGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119897570061
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.co...l/MFInstall.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O21 - SSODL: systemp - {8B3006E5-AC07-40FB-A44F-3508B2462C82} - systemp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe