Here is an updated logfile. I haven't fixed the problem at the moment. I downloaded a trial version of Norton 2006 Antivirus. This found some problems and fixed them, but not all is finished. One weird thing: he finds 4 risks (example) and when I do a remove only 3 are removed.
I'll include the reports from security risks, alerts and applications activities.
Thanks for the support and sorry for my late reply (didn't have internet access)
Logfile of HijackThis v1.99.1
Scan saved at 9:47:36, on 21/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\TEMP\OQF8FC.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\ALCMTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\be322763\Desktop\Killbox and alike\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://searchbar.fin...siteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.siemen...bin/iesearch.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.fin...siteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.be/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchbar.fin...siteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://searchbar.fin...siteyouneed.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Siemens AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://isaproxy.be00....Routing.ScriptR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaproxy.be001.siemens.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.siemens.net;*.siemens.de;<local>
F2 - REG:system.ini: UserInit=CatUInit
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Siemens TelČU Toolbar - {F693F5A9-2B5C-4002-B538-301E86E3FD5A} - C:\WINNT\system32\Tel2UToolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] c:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.axa.be
O15 - Trusted Zone: *.dexia.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.fortisbanking.be
O15 - Trusted Zone: *.fujitsu-siemens.com
O15 - Trusted Zone: *.fujitsu-siemens.de
O15 - Trusted Zone: *.kbc.be
O15 - Trusted Zone: *.remedy.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sapience.be
O15 - Trusted Zone: *.erlm.siemens.de
O15 - Trusted Zone: *.ww300.siemens.net
O15 - Trusted Zone: *.the-square.com
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
http://static.zangoc.../bridge-c11.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai...5/Installer.exeO16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = be001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = be001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = be001.siemens.net
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINNT\
O20 - Winlogon Notify: Syncmgr - C:\WINNT\system32\lvn2095oe.dll (file missing)
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Security Risks (Norton)
Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
21/11/2005 8:07:15,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511200006,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVIDXNZY2HLCMUGTWFHCNRLBG\ASAPPSRV.DLL,Risk category: Spyware,Action taken: Detected"
20/11/2005 18:00:42,Virus scanner,Adware.EasyWWW,Removed,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: c:\windows\timessquare.exe - Deleted 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\timessquare - Deleted "
20/11/2005 15:27:37,Auto-Protect,Adware.EasyWWW,Detected,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\7142057C.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 15:27:37,Auto-Protect,Adware.EasyWWW,Detected,File,N/A,N/A,200511190004,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\7142057C.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:37,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\VVSNInst.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:25,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\VVSNInst.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 14:16:25,Auto-Protect,Adware.Savenow,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\~GLH000d.TMP,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:49,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe - Deleted C:\windows\adtech2005.exe - Deleted 1 Processes: C:\windows\adtech2005.exe - Terminated 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - Deleted "
20/11/2005 13:47:49,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe - Deleted C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe - Deleted 7 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected "
20/11/2005 13:47:49,Virus scanner,Adware.Istbar,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe - Deleted 2 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired "
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QM6T.00G,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QCGD.00D,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:22,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QKUD.00F,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:21,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS97O05.00O,Risk category: Adware,Action taken: Detected"
20/11/2005 13:47:20,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\248459EF.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:45:34,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\23232373.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:45:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\23232373.exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:44:13,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:33,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:32,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QJ8D.00H,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:30,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
20/11/2005 13:42:27,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 21:36:57,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 21:36:49,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINDOWS\ADTECH2005.EXE,Risk category: Adware,Action taken: Detected"
19/11/2005 21:36:48,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QCGD.00B,Risk category: Adware,Action taken: Detected"
19/11/2005 13:53:39,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 13:29:10,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:28:54,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 6 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected "
19/11/2005 10:25:45,Virus scanner,Spyware.ISearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe - Deleted 9 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search - Deleted HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Not detected 1 Services: cmdService - Reboot required "
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\3A49208E.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 10:23:24,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\3A49208E.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:35:59,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:35:49,Virus scanner,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Spyware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Detected,Description: Possibly affected areas: 3 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe 1 Processes: C:\Program Files\Internet Explorer\iexplore.exe 9 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Search HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} 1 Services: cmdService "
19/11/2005 9:35:49,Virus scanner,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Detected,Description: Possibly affected areas: 1 Files: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe 1 Processes: C:\Program Files\Internet Explorer\iexplore.exe 2 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 "
19/11/2005 9:33:40,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:06,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:05,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:31:04,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:03,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:31:01,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:49,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\command.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:48,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\is-HNG32.tmp,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:47,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\WINNT\RGVidXNzY2hlcmUgTWFhcnRlbg\is-SFS1M.tmp,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:46,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:46,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:45,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:43,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\be322763\LOCALS~1\Temp\cmdinst.exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:42,Auto-Protect,Spyware.ISearch,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\RG20JNUV\installer[1].exe,Risk category: Spyware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QJ8D.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:36,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\mte3ndi6odoxng.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:35,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QM6T.000,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:35,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QKGT.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:34,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\AJT5BRK8\mte3ndi6odoxng[1].exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:33,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QLPD.001,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:31,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
19/11/2005 9:30:31,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\be322763\Local Settings\Temporary Internet Files\Content.IE5\X3Q12AS7\adtech2005[1].exe,Risk category: Adware,Action taken: Detected"
16/11/2005 20:56:06,Virus scanner,Adware.MediaPass,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Low,Removal: High,Stealth: Medium,Action taken: Removed,Description: Affected areas: 3 Registry keys: HKEY_CLASSES_ROOT\CLSID\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} - Deleted HKEY_CLASSES_ROOT\MediaGatewayX.Installer - Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager - Deleted "
16/11/2005 20:56:06,Virus scanner,Adware.Istbar,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Low,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 3 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net - Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}\409 - Repaired "
16/11/2005 20:56:06,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 6 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected "
16/11/2005 20:05:05,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VC3D.006,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS97V05.004,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQ8D.003,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQLT.001,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VCUD.004,Risk category: Adware,Action taken: Detected"
16/11/2005 20:05:05,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VCGT.002,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:51,Auto-Protect,Adware.Istbar,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4VC3D.005,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:51,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQ8D.002,Risk category: Adware,Action taken: Detected"
16/11/2005 20:04:50,Auto-Protect,Adware.MediaPass,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4SQLT.000,Risk category: Adware,Action taken: Detected"
16/11/2005 11:35:23,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\windows\adtech2005.exe - No action required 1 Processes: C:\windows\adtech2005.exe - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 2 Files: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll - No action required C:\temp - No action required 8 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_CLASSES_ROOT\CLSID\{93CECBB2-6B1B-448D-91B9-72604EF70105} - No action required HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{93CECBB2-6B1B-448D-91B9-72604EF70105} - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.TargetSaver,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\Program Files\Common Files\quki\qukim.exe - No action required C:\WINNT\system32\tsuninst.exe - No action required 1 Processes: C:\Program Files\Common Files\quki\qukim.exe - No action required 1 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Run\quki - No action required "
16/11/2005 11:35:23,Virus scanner,Adware.ZenoSearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Low,Privacy: High,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 4 Files: c:\WINNT\system32\kwinmsaz.exe - No action required C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required C:\WINNT\system32\zxdnt3d.cfg - No action required C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BrowserUpdateSched - No action required "
16/11/2005 11:34:49,Virus scanner,Adware.SP2Update,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: High,Privacy: High,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 1 Files: C:\windows\adtech2005.exe - Deleted 1 Processes: C:\windows\adtech2005.exe - Terminated 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\adtech2005 - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.180Search,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: High,Privacy: Medium,Removal: High,Stealth: Low,Action taken: Removed,Description: Affected areas: 3 Files: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll - Deleted C:\Program Files\180search Assistant Programs\180search Toolbar\180STUninstaller.exe - Deleted C:\temp - Deleted 8 Registry keys: HKEY_USERS\S-1-5-19\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-3638\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-20\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\S-1-5-21-1659004503-113007714-839522115-500\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable - Not detected HKEY_CLASSES_ROOT\CLSID\{93CECBB2-6B1B-448D-91B9-72604EF70105} - Deleted HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{93CECBB2-6B1B-448D-91B9-72604EF70105} - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.Look2Me,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: High,Performance: Medium,Privacy: Medium,Removal: High,Stealth: High,Action taken: Removed,Description: Affected areas: 2 Files: C:\WINNT\system32\gp8ml3l11.dll - Deleted c:\WINNT\system32\guard.tmp - Deleted 1 Registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings\DLLName - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.TargetSaver,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Medium,Privacy: Medium,Removal: Medium,Stealth: High,Action taken: Removed,Description: Affected areas: 5 Files: C:\Program Files\Common Files\quki\qukim.exe - Deleted C:\Program Files\Common Files\quki\qukil.exe - Deleted C:\Program Files\Common Files\quki\qukip.exe - Deleted C:\stub_113_4_0_4_0.exe - Deleted C:\WINNT\system32\tsuninst.exe - Deleted 1 Processes: C:\Program Files\Common Files\quki\qukim.exe - Terminated 1 Registry keys: HKEY_USERS\S-1-5-21-746137067-179605362-1801674531-14736\Software\Microsoft\Windows\CurrentVersion\Run\quki - Deleted "
16/11/2005 11:34:49,Virus scanner,Adware.ZenoSearch,Removed,File,N/A,N/A,200511150020,12.0.0.94b,be322763,BEZ1542C,"Source: Manual Scanner,Risk category: Adware,Overall Risk Impact: Medium,Performance: Low,Privacy: High,Removal: Low,Stealth: High,Action taken: Removed,Description: Affected areas: 7 Files: c:\WINNT\system32\kwinmsaz.exe - Deleted C:\inst_dreu02.exe - Deleted C:\WINNT\system32\dwdsregt.exe - Deleted C:\WINNT\system32\rldsregs.exe - Deleted C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - Deleted C:\WINNT\system32\zxdnt3d.cfg - Deleted C:\Documents and Settings\be322763\Start Menu\Programs\Startup\Zeno.lnk - No action required 1 Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BrowserUpdateSched - Deleted "
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05F93B91.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F93B91.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:03,Auto-Protect,Adware.SP2Update,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\windows\adtech2005.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QV3D.02B,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180STUninstaller.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS96R05.01G,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:02,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0PD.021,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QULT.01J,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QU8D.025,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05F36799.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0BT.01S,Risk category: Adware,Action taken: Detected"
16/11/2005 11:34:01,Auto-Protect,Adware.180Search,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:59,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0BT.01R,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:59,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\stub_113_4_0_4_0.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QV3D.02A,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukip.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4R0PD.020,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:58,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukil.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QVGT.01N,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\Common Files\quki\qukim.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS96R05.01F,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:57,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\QUARAN~1\Portal\05DF6BAE.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QNGD.021,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\Portal\05DF6BAE.exe,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:56,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,200511150020,12.0.0.94b,SYSTEM,BEZ1542C,"Source: C:\Program Files\OfficeScan NT\Temp\VSS4QVUD.01N,Risk category: Adware,Action taken: Detected"
16/11/2005 11:33:55,Auto-Protect,Adware.TargetSaver,Detected,File,N/A,N/A,2005