| View previous topic :: View next topic |
| Author |
Message |
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
 Posted: Fri Jul 02, 2004 8:24 am Post subject: drusearch hostage |
 |
|
Well I've been patiently on a mission since last week to find the source of this little pest but I havnt found it yet. I'm on ms2000 and do have hjt an ad-aware. Can some one assist me on getting by browser back?  |
|
| Back to top |
|
 |
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 12740
Location: Upstate, NY
|
| Posted: Fri Jul 02, 2004 9:23 am Post subject: |
|
|
Hi, weasel. Welcome to Freedomlist! We'd be happy to help. Just post an up to date, custom logfile as indicated at Freedomlist Support for Ad-aware .
_________________
Freedomlist.com (2000 - 2010)
 
Take a walk through my Security Garden |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Fri Jul 02, 2004 10:12 am Post subject: log file post |
|
|
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, July 02, 2004 8:31:08 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R326 01.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R325 27.06.2004
Internal build : 257
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1274298 Bytes
Signature data size : 1253786 Bytes
Reference data size : 20448 Bytes
Signatures total : 27864
Target categories : 10
Target families : 507
7-2-2004 8:29:01 AM Performing Webupdate...
Installing Update...
Reference file loaded:
Reference Number : 01R326 01.07.2004
Internal build : 258
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1281876 Bytes
Signature data size : 1261311 Bytes
Reference data size : 20501 Bytes
Signatures total : 28014
Target categories : 10
Target families : 508
7-2-2004 8:29:52 AM Success.
Update successfully downlodaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:49 %
Total physical memory:523760 kb
Available physical memory:252440 kb
Total page file size:1278264 kb
Available on page file:1056352 kb
Total virtual memory:2097024 kb
Available virtual memory:2048588 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
7-2-2004 8:31:08 AM - Scan started. (Custom mode)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-1-2004 2:39:20 PM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:39:52 PM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:39:54 PM
BasePriority : Normal
FileSize : 86 KB
FileVersion : 5.00.2195.3940
ProductVersion : 5.00.2195.3940
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:39:54 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.5430
ProductVersion : 5.00.2195.5430
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:39:58 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 5/8/2001 12:00:00 PM
#:6 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:39:58 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 10:53:57 AM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 2:40:03 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 5/8/2001 12:00:00 PM
#:8 [ntrtscan.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-1-2004 2:40:04 PM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:53 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 11/7/2003 1:21:04 AM
#:9 [nvsvc32.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 2:40:05 PM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.2832
ProductVersion : 6.13.10.2832
Copyright : (c) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.32
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 28.32
Created on : 2/5/2003 6:44:54 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 3/9/2002 1:53:00 AM
#:10 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:40:06 PM
BasePriority : Normal
FileSize : 65 KB
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 5:42:32 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:11 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:40:06 PM
BasePriority : Normal
FileSize : 115 KB
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 8/4/2002 5:41:56 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:12 [tmlisten.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-1-2004 2:40:06 PM
BasePriority : Normal
FileSize : 416 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:54 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 11/7/2003 1:20:58 AM
#:13 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 7-1-2004 2:40:08 PM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0070
ProductVersion : 1.50.1085.0070
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 8/4/2002 5:43:09 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 7/22/2002 7:05:04 PM
#:14 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 2:40:09 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 8/4/2002 6:12:40 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 5/16/2002 11:24:48 PM
#:15 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-1-2004 2:40:09 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 5/8/2001 12:00:00 PM
#:16 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 2:40:09 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:08 PM
Last modified : 5/8/2001 12:00:00 PM
#:17 [ofcdog.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-1-2004 2:40:28 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 5/17/2004 11:02:54 AM
Last accessed : 7/2/2004 1:31:09 PM
Last modified : 11/7/2003 1:25:20 AM
#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 7-1-2004 2:40:51 PM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3502.5321
ProductVersion : 5.00.3502.5321
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 5:40:00 PM
Last accessed : 7/2/2004 1:31:09 PM
Last modified : 7/22/2002 7:05:04 PM
#:19 [point32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Mouse\
ThreadCreationTime : 7-1-2004 2:41:04 PM
BasePriority : Normal
FileSize : 164 KB
FileVersion : 4.00.0657.1
ProductVersion : 4.0
Copyright : Copyright (C) Microsoft Corp. 1983-2001
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliPoint
InternalName : POINT32
OriginalFilename : POINT32.EXE
ProductName : Microsoft IntelliPoint
Created on : 8/23/2001 11:37:40 PM
Last accessed : 7/2/2004 1:31:09 PM
Last modified : 8/23/2001 11:37:40 PM
#:20 [nilaunch.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 2:41:04 PM
BasePriority : Normal
FileSize : 24 KB
Created on : 8/5/2002 3:57:07 PM
Last accessed : 7/2/2004 1:31:09 PM
Last modified : 2/5/1998 7:16:18 PM
#:21 [pccntmon.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-1-2004 2:41:07 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
OriginalFilename : PCCNTMON.EXE
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:54 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 11/7/2003 1:27:34 AM
#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-1-2004 2:41:12 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 10/16/2003 11:37:24 AM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 10/16/2003 11:37:24 AM
#:23 [hrtcm.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 7-1-2004 2:41:12 PM
BasePriority : Normal
FileSize : 36 KB
Created on : 8/4/2002 6:22:09 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 6/17/2004 9:35:49 PM
#:24 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ThreadCreationTime : 7-1-2004 2:41:13 PM
BasePriority : Normal
FileSize : 32 KB
Created on : 2/23/2068 4:44:46 AM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 2/23/2004 4:44:44 AM
#:25 [pop3trap.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-1-2004 2:41:14 PM
BasePriority : Normal
FileSize : 500 KB
FileVersion : 10.0.0.1171
ProductVersion : 10.0.0
Copyright : Copyright (C) 2002-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
OriginalFilename : POP3Trap
ProductName : Trend Pc-cillin 10.0
Created on : 2/19/2003 5:01:56 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 5/17/2004 9:52:22 PM
#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 7-1-2004 2:41:16 PM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 3/4/2004 8:01:00 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 3/4/2004 8:01:00 PM
#:27 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 7-1-2004 2:41:19 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/8/2000 8:00:00 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 8/8/2000 8:00:00 PM
#:28 [clipmt53.exe]
FilePath : \\Cfr-wes\c$\PROGRA~1\CLIPMA~1\
ThreadCreationTime : 7-1-2004 2:41:21 PM
BasePriority : Normal
FileSize : 1818 KB
FileVersion : 5.3.9.289
ProductVersion : 5.3
Copyright : Copyright 1991-2001 Thornsoft Development Inc.
CompanyName : Thornsoft Development, Inc.
FileDescription : ClipMate 5 Shareware/Registered
InternalName : CLIPMT53
OriginalFilename : CLIPMT53.EXE
ProductName : ClipMate for Windows95/98/ME, NT4, Windows2000
Created on : 8/6/2002 1:25:18 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 11/20/2001 5:23:56 PM
#:29 [webshotstray.exe]
FilePath : \\Cfr-wes\c$\Program Files\Webshots\
ThreadCreationTime : 7-1-2004 2:41:23 PM
BasePriority : Normal
FileSize : 204 KB
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
Copyright : Copyright (C) 1998
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
OriginalFilename : WEBSHOTSTRAY.EXE
ProductName : Webshots Tray Application
Created on : 8/5/2002 4:09:03 PM
Last accessed : 7/2/2004 1:31:10 PM
Last modified : 6/21/2002 8:55:56 PM
#:30 [imapp.exe]
FilePath : C:\PROGRA~1\INCRED~1\bin\
ThreadCreationTime : 7-1-2004 2:41:34 PM
BasePriority : Normal
FileSize : 128 KB
FileVersion : 3, 0, 0, 1488
ProductVersion : 3, 0, 0, 1488
Copyright : Copyright
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
OriginalFilename : IMAPP.EXE
ProductName : IncrediMail
#:31 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 7-1-2004 2:42:37 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 12:14:40 PM
Last accessed : 7/2/2004 12:42:12 PM
Last modified : 8/29/2002 12:14:40 PM
#:32 [scardsvr.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-1-2004 4:09:37 PM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
OriginalFilename : SCardSvr.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 1:31:11 PM
Last modified : 7/22/2002 7:05:04 PM
#:33 [acrord32.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Reader\
ThreadCreationTime : 7-1-2004 5:29:54 PM
BasePriority : Normal
FileSize : 3800 KB
FileVersion : 5.0.5.2001092400
ProductVersion : 5.0.5.0
Copyright : Copyright 1984-2001 Adobe Systems Incorporated and its licensors. All rights reserved.
CompanyName : Adobe Systems Incorporated
FileDescription : Acrobat Reader 5.0
OriginalFilename : AcroRd32.exe
ProductName : Adobe Acrobat Reader
Created on : 8/14/2002 6:52:19 PM
Last accessed : 7/2/2004 1:31:11 PM
Last modified : 9/24/2001 10:15:58 PM
#:34 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 7-2-2004 12:06:44 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 8/29/2002 12:14:40 PM
Last accessed : 7/2/2004 12:42:12 PM
Last modified : 8/29/2002 12:14:40 PM
#:35 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 7-2-2004 1:25:59 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/30/2004 2:22:56 PM
Last accessed : 7/2/2004 1:25:59 PM
Last modified : 7/13/2003 2:00:20 AM
Memory scan result :
New objects : 0
Objects found so far: 0
Started registry scan
Enigma.SpyHunter Object recognized!
Type : RegValue
Data : C:\Program Files\SpyHunter\Uninstall.exe
Category : Data Miner
Comment : "C:\Program Files\SpyHunter\Uninstall.exe"
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\Program Files\SpyHunter\Uninstall.exe
Registry scan result :
New objects : 1
Objects found so far: 1
Started deep registry scan
Deep registry scan result :
New objects : 0
Objects found so far: 1
Deep scanning and examining files (C:)
Tracking Cookie Object recognized!
Type : File
Data : wes@2o7[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:08 PM
Last modified : 4/2/2002 9:43:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@2o7[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:08 PM
Last modified : 7/26/2002 7:25:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@2o7[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:08 PM
Last modified : 8/7/2002 11:52:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ad-flow[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:08 PM
Last modified : 6/14/2002 1:08:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@adbureau[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:09 PM
Last modified : 6/24/2002 2:19:50 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.adsag[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:09 PM
Last modified : 5/17/2002 12:18:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.enliven[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:09 PM
Last modified : 2/7/2000 3:04:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.enliven[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:09 PM
Last modified : 6/6/2002 5:06:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.fortunecity[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:09 PM
Last modified : 5/7/2001 2:09:00 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.tucows[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 7/31/2002 3:11:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ads.tucows[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 8/6/2002 1:35:22 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@adserver.news.com[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 5/8/2002 6:42:28 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@adserver.trb[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 5/8/2002 6:07:50 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@adserver[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 5/2/2002 12:51:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@adservingcentral[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 4/2/2002 8:04:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 4/3/2002 7:37:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 10/26/2001 9:00:06 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 2/14/2001 7:13:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 5/8/2002 8:55:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 8/7/2002 2:04:45 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@advertising[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:46 AM
Last accessed : 7/2/2004 1:34:10 PM
Last modified : 6/24/2002 4:55:30 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@atdmt[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:11 PM
Last modified : 8/27/2001 2:18:38 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:11 PM
Last modified : 3/13/2002 5:43:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bfast[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 3/21/2002 9:53:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluemountain[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 10/18/2000 10:58:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluemountain[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 4/17/2001 1:25:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluemountain[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 11/1/2000 11:00:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluestreak[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 10/22/2001 6:05:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluestreak[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 5/22/2002 8:20:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluestreak[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 2/27/2002 1:23:56 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluestreak[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 5/8/2002 9:49:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@bluestreak[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:12 PM
Last modified : 7/18/2002 9:28:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@centrport[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 6/5/2001 12:59:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@centrport[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 4/2/2002 8:02:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[10].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 1/19/2001 3:21:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[11].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 7/11/2001 9:23:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[12].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 12/17/2001 10:12:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[13].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 2/8/2002 5:08:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[14].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 4/29/2002 3:11:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[15].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 5/8/2002 6:42:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[16].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 5/8/2002 8:54:00 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[17].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 7/24/2002 6:01:50 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[18].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 8/9/2002 5:11:19 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[19].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 8/9/2002 5:14:23 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 1/20/2000 2:55:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 2/15/2000 6:27:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 3/27/2000 4:38:00 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 1/26/2000 7:21:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 2/15/2000 3:23:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:13 PM
Last modified : 5/22/2002 3:30:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[7].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 7/27/2000 6:16:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[8].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 8/6/2002 10:16:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@cgi-bin[9].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 8/17/2001 6:11:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@citi.bridgetrack[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 2/28/2002 11:19:00 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@clickagents[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 4/26/2002 8:53:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@clickbank[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 6/24/2002 2:41:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@clickbank[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:45 AM
Last accessed : 7/2/2004 1:34:14 PM
Last modified : 8/9/2002 3:56:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@counter.hitslink[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:15 PM
Last modified : 5/22/2002 3:16:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@counter.hitslink[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:15 PM
Last modified : 6/6/2002 8:50:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@data.coremetrics[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:16 PM
Last modified : 7/2/2002 6:20:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:17 PM
Last modified : 5/20/2002 9:57:22 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@doubleclick[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:17 PM
Last modified : 5/31/2002 12:25:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@doubleclick[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:17 PM
Last modified : 6/7/2002 1:07:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-autodesk.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 3 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/26/2002 6:30:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/11/2002 9:01:38 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-espn.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 9/13/2001 8:01:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-espn.hitbox[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 12/4/2001 8:09:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-espn.hitbox[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 2 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/18/2002 9:28:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-harleydavidson.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 4/11/2002 3:01:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-idg.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/24/2002 5:11:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-intel.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/18/2002 7:05:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg-wss.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 8/8/2002 9:59:47 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 2 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/24/2002 5:09:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 7/12/2001 12:56:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg.hitbox[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 2/6/2002 1:12:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg.hitbox[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 2 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 5/9/2002 9:42:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ehg.hitbox[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 2 KB
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 8/9/2002 5:34:29 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@engage[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:18 PM
Last modified : 5/17/2000 10:56:38 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@euniverseads[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 2/7/2001 6:16:06 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[10].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 7/31/2002 9:16:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 1/28/2000 9:26:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 1/17/2001 3:15:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 10/18/2000 10:58:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 10/26/2001 8:54:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 5/24/2002 3:34:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 3/8/2002 12:48:50 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[7].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 5/10/2002 12:16:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[8].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 7/31/2002 1:13:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@excite[9].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:44 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 7/31/2002 6:38:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:19 PM
Last modified : 3/12/2002 4:42:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 8/13/2001 3:02:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 5/9/2002 5:28:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 5/17/2002 12:18:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 5/17/2002 5:41:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 7/31/2002 3:13:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[7].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 6/6/2002 8:59:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fastclick[8].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 7/18/2002 1:39:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@focalink[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 11/16/1999 7:26:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@focalink[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 7/25/2000 6:10:22 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@fortunecity[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 5/7/2001 2:09:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@freeservers[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 1/15/2002 1:58:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@goclick[1].txt
Category : Data Miner
|
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Fri Jul 02, 2004 10:38 am Post subject: the rest of the log file |
|
|
Tracking Cookie Object recognized!
Type : File
Data : wes@fortunecity[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 5/7/2001 2:09:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@freeservers[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:20 PM
Last modified : 1/15/2002 1:58:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@goclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:21 PM
Last modified : 7/11/2001 9:18:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hc2.humanclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 12/11/2000 6:15:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hc2.humanclick[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 5/22/2002 4:46:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 7/11/2001 9:21:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 5/22/2002 3:30:20 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 1/23/2002 4:36:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 5/9/2002 4:03:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 7/19/2002 4:13:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hg1.hitbox[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 2 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 8/8/2002 9:59:13 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 3/15/2000 6:18:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 12/19/2000 6:09:00 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 8/21/2000 6:03:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 7/26/2001 2:32:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 2/27/2002 5:35:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 5/9/2002 9:42:30 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@hitbox[8].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:43 AM
Last accessed : 7/2/2004 1:34:22 PM
Last modified : 7/26/2002 6:30:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@iwon[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:24 PM
Last modified : 3/8/2002 6:04:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@linksynergy[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:24 PM
Last modified : 2/15/2000 7:03:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@linksynergy[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:24 PM
Last modified : 1/31/2001 11:03:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@linksynergy[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:24 PM
Last modified : 7/30/2002 6:12:20 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 5/10/2002 8:25:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 3/15/2000 6:25:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 10/3/2001 5:05:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 4/3/2002 1:04:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 5/22/2002 12:25:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 7/31/2002 3:47:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@mediaplex[7].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:26 PM
Last modified : 7/30/2002 6:04:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@overture[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:42 AM
Last accessed : 7/2/2004 1:34:28 PM
Last modified : 4/29/2002 8:54:18 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@phg.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:29 PM
Last modified : 2/27/2002 5:35:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@questionmarket[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:30 PM
Last modified : 5/7/2002 6:40:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@questionmarket[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:30 PM
Last modified : 6/11/2001 9:30:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@questionmarket[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:30 PM
Last modified : 1/16/2002 7:33:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@questionmarket[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:30 PM
Last modified : 5/31/2002 12:25:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@questionmarket[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:30 PM
Last modified : 7/19/2002 12:16:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@rd.advertising[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:31 PM
Last modified : 10/26/2001 9:00:06 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@realmedia[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:31 PM
Last modified : 7/25/2001 12:27:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@realmedia[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:31 PM
Last modified : 4/2/2002 8:00:06 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ru4[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:32 PM
Last modified : 5/29/2002 1:31:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@ru4[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:41 AM
Last accessed : 7/2/2004 1:34:32 PM
Last modified : 7/25/2002 8:01:30 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:33 PM
Last modified : 2/14/2001 7:13:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:33 PM
Last modified : 5/8/2002 8:55:32 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 3 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:33 PM
Last modified : 10/26/2001 8:59:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:33 PM
Last modified : 4/3/2002 7:37:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:33 PM
Last modified : 5/24/2002 4:30:44 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:34 PM
Last modified : 6/24/2002 4:55:30 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@servedby.advertising[8].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:34 PM
Last modified : 8/7/2002 2:07:01 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:34 PM
Last modified : 11/14/2001 1:39:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@smartmoney[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:34 PM
Last modified : 4/3/2002 4:28:08 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@stats.superstats[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:35 PM
Last modified : 5/8/2002 5:27:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@stats.superstats[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:35 PM
Last modified : 3/27/2000 4:38:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@stats.superstats[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:35 PM
Last modified : 3/20/2001 4:16:52 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@statse.webtrendslive[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:35 PM
Last modified : 4/3/2002 4:24:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@targetnet[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:36 PM
Last modified : 10/22/2001 2:12:26 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@tradedoubler[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 5/8/2002 8:55:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@trafficmp[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 2/28/2002 11:23:30 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@trafficmp[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 5/22/2002 8:17:50 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@trafficmp[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 5/8/2002 6:09:22 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@trafficmp[5].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 7/30/2002 3:59:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@trafficmp[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
FileSize : 1 KB
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 8/12/2002 2:20:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@tribalfusion[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 7/24/2002 5:51:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@tripod[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:37 PM
Last modified : 11/13/2001 7:36:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@valueclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:40 AM
Last accessed : 7/2/2004 1:34:38 PM
Last modified : 7/19/2002 2:25:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@w109.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:38 PM
Last modified : 7/10/2001 9:50:46 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@w131.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:38 PM
Last modified : 7/26/2001 2:32:12 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.angelfire[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:40 PM
Last modified : 5/8/2002 6:41:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.commission-junction[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:42 PM
Last modified : 1/17/2000 10:39:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.commission-junction[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:42 PM
Last modified : 7/10/2002 7:20:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.commission-junction[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:42 PM
Last modified : 8/8/2001 6:05:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.commission-junction[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:42 PM
Last modified : 4/3/2002 4:19:40 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.commission-junction[6].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:39 AM
Last accessed : 7/2/2004 1:34:42 PM
Last modified : 8/9/2002 5:14:36 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.eyeblaster-ds[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:38 AM
Last accessed : 7/2/2004 1:34:44 PM
Last modified : 5/9/2002 6:12:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.hitboxcentral[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:38 AM
Last accessed : 7/2/2004 1:34:45 PM
Last modified : 8/8/2002 9:59:53 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.netster[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:38 AM
Last accessed : 7/2/2004 1:34:48 PM
Last modified : 5/14/2002 9:35:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.qksrv[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:37 AM
Last accessed : 7/2/2004 1:34:49 PM
Last modified : 3/26/2001 10:35:28 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.qksrv[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:37 AM
Last accessed : 7/2/2004 1:34:50 PM
Last modified : 8/8/2001 6:05:36 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.qksrv[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:37 AM
Last accessed : 7/2/2004 1:34:50 PM
Last modified : 3/8/2002 6:04:54 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@www.qksrv[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:37 AM
Last accessed : 7/2/2004 1:34:50 PM
Last modified : 8/9/2002 5:14:36 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@x10[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:36 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 3/18/2002 9:12:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@x10[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:36 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 10/25/2001 5:30:58 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@x10[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:36 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 5/9/2002 6:03:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@x10[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:36 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 7/26/2002 8:27:24 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@zedo[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:36 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 4/2/2002 7:53:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@zedo[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:35 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 5/7/2002 8:48:38 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@zedo[3].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:35 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 5/22/2002 3:46:02 PM
Tracking Cookie Object recognized!
Type : File
Data : wes@zedo[4].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes.CFR\Cookies\
Created on : 5/17/2004 11:08:35 AM
Last accessed : 7/2/2004 1:34:54 PM
Last modified : 7/11/2002 8:58:04 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@advertising[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 10:08:20 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/2/2004 12:06:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:16:33 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 3:16:33 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@bluestreak[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 7:00:14 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 7:00:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@bravenet[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 8:42:21 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 8:42:21 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@centrport[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 2:57:43 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 2:57:43 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:13:19 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 3:13:42 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@ehg-thomas.hitbox[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 5:58:57 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 5:58:57 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@excite[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 5:26:15 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 5:26:15 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/1/2004 5:51:25 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/1/2004 5:58:57 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@maxserving[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:52:10 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 3:52:10 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@mediaplex[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:17:45 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 3:17:45 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@qksrv[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:13:20 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 3:13:20 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@servedby.advertising[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
FileSize : 2 KB
Created on : 7/1/2004 4:28:40 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 7/2/2004 12:06:48 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@server.iad.liveperson[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 9:31:17 PM
Last accessed : 7/2/2004 1:35:55 PM
Last modified : 6/30/2004 9:31:17 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@statcounter[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 8:48:17 PM
Last accessed : 7/2/2004 1:35:56 PM
Last modified : 6/30/2004 8:48:17 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@zedo[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 6/30/2004 3:19:17 PM
Last accessed : 7/2/2004 1:35:56 PM
Last modified : 6/30/2004 3:19:18 PM
Disk scan result for C:\
New objects : 0
Objects found so far: 203
Scanning Hosts file(C:\WINNT\System32\drivers\etc\hosts)
Hosts file scan result:
1 entries scanned.
New objects :0
Objects found so far: 203
Performing conditional scans..
Enigma.SpyHunter Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SpyHunter
Enigma.SpyHunter Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7}
Enigma.SpyHunter Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\SpyHunterConfig
Enigma.SpyHunter Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : SpyHunter
Enigma.SpyHunter Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\program files\SpyHunter
Enigma.SpyHunter Object recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\SpyHunter
Enigma.SpyHunter Object recognized!
Type : File
Data : def.dat
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
FileSize : 327 KB
Created on : 7/22/2003 6:55:22 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 7/22/2003 6:55:22 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : help.rtf
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
FileSize : 7 KB
Created on : 5/8/2003 4:19:46 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 5/8/2003 4:19:46 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : install.log
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
FileSize : 5 KB
Created on : 6/25/2004 8:22:15 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:16 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : install.sss
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
Created on : 6/25/2004 8:22:16 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:16 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : settings.ini
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
Created on : 7/22/2003 5:25:06 AM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:27:44 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : spyhunter.exe
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
FileSize : 308 KB
FileVersion : 1.01.0025
ProductVersion : 1.01.0025
Copyright : 2003
CompanyName : Enigma Software Group Inc.
FileDescription : Application Created e-SendersSystem
InternalName : SpyHunter
OriginalFilename : SpyHunter.exe
ProductName : SpyHunter
Created on : 6/24/2003 12:14:44 AM
Last accessed : 7/2/2004 1:33:01 PM
Last modified : 6/24/2003 12:14:44 AM
Enigma.SpyHunter Object recognized!
Type : File
Data : uninstall.exe
Category : Data Miner
Comment :
Object : c:\program files\spyhunter\
FileSize : 194 KB
Created on : 6/25/2004 8:22:13 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/9/2003 9:10:30 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : spyhunter.lnk
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\desktop\
Created on : 6/25/2004 8:22:15 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:15 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : spyhunter.lnk
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\spyhunter\
Created on : 6/25/2004 8:22:15 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:15 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : uninstall or repair spyhunter.lnk
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\spyhunter\
Created on : 6/25/2004 8:22:15 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:15 PM
Enigma.SpyHunter Object recognized!
Type : File
Data : spyhunter.lnk
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\
Created on : 6/25/2004 8:22:15 PM
Last accessed : 7/2/2004 1:58:20 PM
Last modified : 6/25/2004 8:22:15 PM
Conditional scan result:
New objects : 17
Objects found so far: 220
8:58:20 AM Scan complete
Summary of this scan
Total scanning time :00:27:12:225
Objects scanned :239223
Objects identified :220
Objects ignored :0
New objects :220 |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 12740
Location: Upstate, NY
|
| Posted: Fri Jul 02, 2004 10:59 am Post subject: |
|
|
Hi, weasel. Please make sure that you have these options checked:
Under Ad-aware 6 > Configurations > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Also, please check to see if you have the option "quarantine all objects prior to removal" checked. Open Ad-aware > General Options, there is an option "Automatically Quarantine objects prior to removal
Run Ad-aware, Use the In-Depth scanning mode.
Mark the objects for removal you wish to get rid of, and then choose next.
Be sure to reboot/restart your computer after removal.
IMPORTANT
Now if you get to the point where you are trying to remove all of the objects and you have waited a sufficiant amout of time and are sure that the removal has failed...
Try to remove the objects selectively.
In the results window.
Highlight one object that there seems to be a bunch of.
Right click and choose the command to highlight all of those entries.
Then remove them.
Do this with all of the entries with multiple objects.
When you are reduced to just the others with one or a few, remove them.
It may take a couple of scans to complete, but it should work for you.
This is something that is happening on a few rare occasions and we are trying to pinpoint the cause of it, so if you see anything that you think we should know during this removal, please let us know....
If you have any further questions, please don't hesitate to ask. Would you please post a new logfile after your clean your PC.
Thanks :ok:
_________________
Freedomlist.com (2000 - 2010)
Take a walk through my Security Garden |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Fri Jul 02, 2004 13:16 pm Post subject: log file |
|
|
Corrine,
I have checked the options, cleaned, and rebooted. Then I re-scanned and this is the current log file. Drusearch came up as my browser. I hope I understood your instructions.
Weasel
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, July 02, 2004 12:29:50 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R326 01.07.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R326 01.07.2004
Internal build : 258
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1281876 Bytes
Signature data size : 1261311 Bytes
Reference data size : 20501 Bytes
Signatures total : 28014
Target categories : 10
Target families : 508
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:69 %
Total physical memory:523760 kb
Available physical memory:357636 kb
Total page file size:1278228 kb
Available on page file:1121316 kb
Total virtual memory:2097024 kb
Available virtual memory:2048540 kb
OS:Windows 2000
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
7-2-2004 12:29:50 PM - Scan started. (Custom mode)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-2-2004 5:16:02 PM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:16:47 PM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:16:48 PM
BasePriority : Normal
FileSize : 86 KB
FileVersion : 5.00.2195.3940
ProductVersion : 5.00.2195.3940
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:16:48 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.5430
ProductVersion : 5.00.2195.5430
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:16:52 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/8/2001 12:00:00 PM
#:6 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:16:53 PM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 10:53:57 AM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-2-2004 5:16:57 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/8/2001 12:00:00 PM
#:8 [ntrtscan.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-2-2004 5:16:58 PM
BasePriority : Normal
FileSize : 344 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:53 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 11/7/2003 1:21:04 AM
#:9 [nvsvc32.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-2-2004 5:17:00 PM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.2832
ProductVersion : 6.13.10.2832
Copyright : (c) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.32
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 28.32
Created on : 2/5/2003 6:44:54 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 3/9/2002 1:53:00 AM
#:10 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:17:00 PM
BasePriority : Normal
FileSize : 65 KB
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 5:42:32 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:11 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:17:00 PM
BasePriority : Normal
FileSize : 115 KB
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 8/4/2002 5:41:56 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:12 [tmlisten.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-2-2004 5:17:01 PM
BasePriority : Normal
FileSize : 416 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:54 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 11/7/2003 1:20:58 AM
#:13 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 7-2-2004 5:17:03 PM
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0070
ProductVersion : 1.50.1085.0070
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 8/4/2002 5:43:09 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 7/22/2002 7:05:04 PM
#:14 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-2-2004 5:17:04 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 8/4/2002 6:12:40 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/16/2002 11:24:48 PM
#:15 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 7-2-2004 5:17:04 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/8/2001 12:00:00 PM
#:16 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-2-2004 5:17:05 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 5/8/2001 12:00:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/8/2001 12:00:00 PM
#:17 [ofcdog.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-2-2004 5:17:19 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
ProductName : Trend Micro OfficeScan
Created on : 5/17/2004 11:02:54 AM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 11/7/2003 1:25:20 AM
#:18 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 7-2-2004 5:17:44 PM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3502.5321
ProductVersion : 5.00.3502.5321
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 8/4/2002 5:40:00 PM
Last accessed : 7/2/2004 5:18:05 PM
Last modified : 7/22/2002 7:05:04 PM
#:19 [point32.exe]
FilePath : C:\Program Files\Microsoft Hardware\Mouse\
ThreadCreationTime : 7-2-2004 5:17:58 PM
BasePriority : Normal
FileSize : 164 KB
FileVersion : 4.00.0657.1
ProductVersion : 4.0
Copyright : Copyright (C) Microsoft Corp. 1983-2001
CompanyName : Microsoft Corporation
FileDescription : Microsoft IntelliPoint
InternalName : POINT32
OriginalFilename : POINT32.EXE
ProductName : Microsoft IntelliPoint
Created on : 8/23/2001 11:37:40 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 8/23/2001 11:37:40 PM
#:20 [nilaunch.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 7-2-2004 5:17:59 PM
BasePriority : Normal
FileSize : 24 KB
Created on : 8/5/2002 3:57:07 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 2/5/1998 7:16:18 PM
#:21 [pccntmon.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-2-2004 5:18:02 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 6.0.0.1250
ProductVersion : 6.0
Copyright : Copyright (C) 1999-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
OriginalFilename : PCCNTMON.EXE
ProductName : Trend Micro OfficeScan
Created on : 8/30/2002 6:20:54 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 11/7/2003 1:27:34 AM
#:22 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 7-2-2004 5:18:07 PM
BasePriority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 10/16/2003 11:37:24 AM
Last accessed : 7/2/2004 4:39:36 PM
Last modified : 10/16/2003 11:37:24 AM
#:23 [hrtcm.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 7-2-2004 5:18:08 PM
BasePriority : Normal
FileSize : 36 KB
Created on : 8/4/2002 6:22:09 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 6/17/2004 9:35:49 PM
#:24 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\
ThreadCreationTime : 7-2-2004 5:18:08 PM
BasePriority : Normal
FileSize : 32 KB
Created on : 2/23/2068 4:44:46 AM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 2/23/2004 4:44:44 AM
#:25 [pop3trap.exe]
FilePath : C:\Program Files\OfficeScan NT\
ThreadCreationTime : 7-2-2004 5:18:09 PM
BasePriority : Normal
FileSize : 500 KB
FileVersion : 10.0.0.1171
ProductVersion : 10.0.0
Copyright : Copyright (C) 2002-2003 Trend Micro Inc. All rights reserved.
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
OriginalFilename : POP3Trap
ProductName : Trend Pc-cillin 10.0
Created on : 2/19/2003 5:01:56 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 5/17/2004 9:52:22 PM
#:26 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 7-2-2004 5:18:11 PM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 3/4/2004 8:01:00 PM
Last accessed : 7/2/2004 4:39:35 PM
Last modified : 3/4/2004 8:01:00 PM
#:27 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 7-2-2004 5:18:14 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/8/2000 8:00:00 PM
Last accessed : 7/2/2004 4:39:36 PM
Last modified : 8/8/2000 8:00:00 PM
#:28 [clipmt53.exe]
FilePath : \\Cfr-wes\c$\PROGRA~1\CLIPMA~1\
ThreadCreationTime : 7-2-2004 5:18:16 PM
BasePriority : Normal
FileSize : 1818 KB
FileVersion : 5.3.9.289
ProductVersion : 5.3
Copyright : Copyright 1991-2001 Thornsoft Development Inc.
CompanyName : Thornsoft Development, Inc.
FileDescription : ClipMate 5 Shareware/Registered
InternalName : CLIPMT53
OriginalFilename : CLIPMT53.EXE
ProductName : ClipMate for Windows95/98/ME, NT4, Windows2000
Created on : 8/6/2002 1:25:18 PM
Last accessed : 7/2/2004 4:39:36 PM
Last modified : 11/20/2001 5:23:56 PM
#:29 [webshotstray.exe]
FilePath : \\Cfr-wes\c$\Program Files\Webshots\
ThreadCreationTime : 7-2-2004 5:18:18 PM
BasePriority : Normal
FileSize : 204 KB
FileVersion : 1.3.0.3826
ProductVersion : 1.3.0.3826
Copyright : Copyright (C) 1998
CompanyName : The Webshots Corporation
FileDescription : Webshots Desktop Tray Application
InternalName : WEBSHOTSTRAY
OriginalFilename : WEBSHOTSTRAY.EXE
ProductName : Webshots Tray Application
Created on : 8/5/2002 4:09:03 PM
Last accessed : 7/2/2004 4:39:36 PM
Last modified : 6/21/2002 8:55:56 PM
#:30 [imapp.exe]
FilePath : C:\PROGRA~1\INCRED~1\bin\
ThreadCreationTime : 7-2-2004 5:18:29 PM
BasePriority : Normal
FileSize : 128 KB
FileVersion : 3, 0, 0, 1488
ProductVersion : 3, 0, 0, 1488
Copyright : Copyright
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
OriginalFilename : IMAPP.EXE
ProductName : IncrediMail
#:31 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 7-2-2004 5:24:00 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/30/2004 2:22:56 PM
Last accessed : 7/2/2004 5:24:00 PM
Last modified : 7/13/2003 2:00:20 AM
Memory scan result :
New objects : 0
Objects found so far: 0
Started registry scan
Registry scan result :
New objects : 0
Objects found so far: 0
Started deep registry scan
Deep registry scan result :
New objects : 0
Objects found so far: 0
Deep scanning and examining files (C:)
Tracking Cookie Object recognized!
Type : File
Data : wes2@advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/2/2004 5:20:16 PM
Last accessed : 7/2/2004 5:20:16 PM
Last modified : 7/2/2004 5:20:16 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@atdmt[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/2/2004 5:20:33 PM
Last accessed : 7/2/2004 5:20:33 PM
Last modified : 7/2/2004 5:20:33 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/2/2004 5:20:10 PM
Last accessed : 7/2/2004 5:20:34 PM
Last modified : 7/2/2004 5:20:34 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@excite[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/2/2004 5:19:58 PM
Last accessed : 7/2/2004 5:20:14 PM
Last modified : 7/2/2004 5:20:14 PM
Tracking Cookie Object recognized!
Type : File
Data : wes2@servedby.advertising[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\wes2.CFR\Cookies\
Created on : 7/2/2004 5:20:16 PM
Last accessed : 7/2/2004 5:20:16 PM
Last modified : 7/2/2004 5:20:16 PM
Disk scan result for C:\
New objects : 0
Objects found so far: 5
Scanning Hosts file(C:\WINNT\System32\drivers\etc\hosts)
Hosts file scan result:
1 entries scanned.
New objects :0
Objects found so far: 5
Performing conditional scans..
Conditional scan result:
New objects : 0
Objects found so far: 5
12:56:27 PM Scan complete
Summary of this scan
Total scanning time :00:26:36:476
Objects scanned :239991
Objects identified :5
Objects ignored :0
New objects :5 |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 12740
Location: Upstate, NY
|
| Posted: Fri Jul 02, 2004 17:09 pm Post subject: |
|
|
Ok, Weasel, please go to the link below and download HijackThis:
HijackThis 1.98 Download
Download then save the file/install to a new folder called HijackThis or something similar not your Desktop or the Temp folder and double click on the "HijackThis" icon.
When finished loading click on the "Scan button".
Next click on the "Save Log" button.
Save the log somewhere you will remember and open the log file with notepad.
Then copy the contents and paste them in a reply to be checked.
Please do not fix anything yet with this or any other program as most of what it shows is harmless. When our experts examine this they will tell you what to fix, and if anything needs to be submitted to us for evaluation.
After you have scanned with HJT, please copy and paste the logfile as a reply. Please note that the HJT Experts are very busy and are from several countries. Thus, there is often a time delay to their response. Your patience is appreciated! But, if you seem to have been missed, please post a "bump" reply.
Thanks, and good luck. 
_________________
Freedomlist.com (2000 - 2010)
Take a walk through my Security Garden |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Tue Jul 06, 2004 10:17 am Post subject: hjt log |
|
|
Corrine,
Here is my log file from HJT 1.98
Logfile of HijackThis v1.98.0
Scan saved at 10:13:55 AM, on 7/6/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NILaunch.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\hrtcm.exe
C:\Program Files\OfficeScan NT\Pop3Trap.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
\Cfr-wes\c$\PROGRA~1\CLIPMA~1\ClipMt53.exe
\Cfr-wes\c$\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijack1.98\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/user3/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/user3/search.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hrtcm] C:\WINNT\hrtcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WFMS
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...loader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C: \Program Files\Autodesk\MDT6\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 12740
Location: Upstate, NY
|
| Posted: Tue Jul 06, 2004 10:29 am Post subject: |
|
|
Thanks, weasel. I've let the HJT experts know.
_________________
Freedomlist.com (2000 - 2010)
Take a walk through my Security Garden |
|
| Back to top |
|
|
normmork
Joined: 08 Dec 2003
Posts: 204
Location: Canada
|
| Posted: Tue Jul 06, 2004 14:22 pm Post subject: |
|
|
Please Download FindnFix.exe from here:
http://freeatlast100.100free.com/index.html
Launch FindnFix.exe and it'll install the required files to a folder.
Once installed, it'll launch the FindnFix folder. In that folder, locate: !LOG!.bat and launch it.
Wait for a while, because the program can take several minutes collecting the necessary information. |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Tue Jul 06, 2004 16:57 pm Post subject: |
|
|
Ok,
I've done the download and install of findnfix and ran the log.exe.
then I cleaned up all the ref to drusearch in the registry and re-booted. Opened up 4 ie's and within 5 min dru was back. Whats next? Should I post the findnfix log?
weasel |
|
| Back to top |
|
|
normmork
Joined: 08 Dec 2003
Posts: 204
Location: Canada
|
| Posted: Tue Jul 06, 2004 18:09 pm Post subject: |
|
|
| You are correct, please post the log |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Wed Jul 07, 2004 6:40 am Post subject: das log |
|
|
Microsoft Windows 2000 [Version 5.00.2195]
IE build and last SP(s)
6.0.2800.1106 SP1-Q832894
The type of the file system is NTFS.
C: is not dirty.
Tue 07/06/2004
3:29pm up 0 days, 5:31
***LOG!***
Scanning for file(s)...
*********
(*1*) .........
Locked or 'Suspect' file(s) found...
(*2*) ........
**File C:\FINDnFIX\LIST.TXT
(*3*) ........
No matches found.
No matches found.
unknown/hidden files...
No matches found.
(*4*) .........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
(*5*)
**File C:\WINNT\SYSTEM32\DLLXXX.TXT
*********
Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450
Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710
Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Member of...: (Admin logon required!)
User is a member of group CFR\Domain Users.
User is a member of group \Everyone.
User is a member of group BUILTIN\Users.
User is a member of group BUILTIN\Administrators.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
User is a member of group \LOCAL.
User is a member of group CFR\Wes2.
User is a member of group CFR\Wes2.
Service search:(different variant) '"Network Security Service","__NS_Service_3"...
[SC] GetServiceKeyName FAILED 1060:
The specified service does not exist as an installed service.
[SC] GetServiceDisplayName FAILED 1060:
The specified service does not exist as an installed service.
Notepad check....
C:\WINNT\
notepad.exe Tue May 8 2001 7:00:00a A.... 50,960 49.77 K
1 item found: 1 file, 0 directories.
Total of file sizes: 50,960 bytes 49.77 K
C:\WINNT\SYSTEM32\
notepad.exe Tue May 8 2001 7:00:00a A.... 50,960 49.77 K
1 item found: 1 file, 0 directories.
Total of file sizes: 50,960 bytes 49.77 K
C:\WINNT\SYSTEM32\DLLCACHE\
notepad.exe Tue May 8 2001 7:00:00a A.... 50,960 49.77 K
1 item found: 1 file, 0 directories.
Total of file sizes: 50,960 bytes 49.77 K
--a-- W32i APP ENU 5.0.2140.1 shp 50,960 05-08-2001 notepad.exe
Language 0x0409 (English (United States))
CharSet 0x04b0 Unicode
OleSelfRegister Disabled
CompanyName Microsoft Corporation
FileDescription Notepad
InternalName Notepad
OriginalFilenam NOTEPAD.EXE
ProductName Microsoft(R) Windows (R) 2000 Operating System
ProductVersion 5.00.2140.1
FileVersion 5.00.2140.1
LegalCopyright Copyright (C) Microsoft Corp. 1981-1999
VS_FIXEDFILEINFO:
Signature: feef04bd
Struc Ver: 00010000
FileVer: 00050000:085c0001 (5.0:2140.1)
ProdVer: 00050000:085c0001 (5.0:2140.1)
FlagMask: 0000003f
Flags: 00000000
OS: 00040004 NT Win32
FileType: 00000001 App
SubType: 00000000
FileDate: 00000000:00000000
Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000003 tco- 001F01FF ---- DSPO rw+x \Everyone
Owner: BUILTIN\Administrators
Primary Group: CFR\Domain Users
Backups created...
3:31pm up 0 days, 5:32
Tue 07/06/2004
A C:\FINDnFIX\keyback.hiv
--a-- - - - - - 8,192 07-06-2004 keyback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 07-06-2004 winkey.reg
Performing string scan....
00001150: ?
00001190: @ p
000011D0: vk AppInit_DLLs vk (
00001210:DeviceNotSelectedTimeout 1 5 H vk '
00001250: GDIProcessHandleQuota vk Spooler
00001290: y e s vk swapdisk vk
000012D0: TransmissionRetryTimeout 9 0 vk '
00001310: p USERProcessHandleQuotap
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
---------- WIN.TXT
AppInit_DLLs
--------------
--------------
yes
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
**File C:\FINDnFIX\WIN.TXT
� ��� � �� � � �� �� � � @� p� � � � vk� � � � AppInit_DLLs vk� � (� � � DeviceNotSelectedTimeout1 5 � � H� � vk� � �' � � GDIProcessHandleQuota vk� � � � � Spooler y e s vk� � � � swapdiskvk� � � � � TransmissionRetryTimeout9 0 � � vk� � �' � � pUSERProcessHandleQuotap�
� |
|
| Back to top |
|
|
normmork
Joined: 08 Dec 2003
Posts: 204
Location: Canada
|
| Posted: Wed Jul 07, 2004 9:28 am Post subject: |
|
|
| Please post a new HJT log file |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Wed Jul 07, 2004 10:27 am Post subject: |
|
|
Logfile of HijackThis v1.98.0
Scan saved at 9:52:36 AM, on 7/7/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NILaunch.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\hrtcm.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\OfficeScan NT\Pop3Trap.exe
\Cfr-wes\c$\PROGRA~1\CLIPMA~1\ClipMt53.exe
\Cfr-wes\c$\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijack1.98\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/user3/search.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hrtcm] C:\WINNT\hrtcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WFMS
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...loader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C: \Program Files\Autodesk\MDT6\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
In looking at the hjt log from 7-6 and compairing I dont see any thing that would indicate where that rascal is hiding. Appreciate the help! |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 12740
Location: Upstate, NY
|
| Posted: Wed Jul 07, 2004 11:32 am Post subject: |
|
|
Thanks, weasel. I've alerted Normmork.
_________________
Freedomlist.com (2000 - 2010)
Take a walk through my Security Garden |
|
| Back to top |
|
|
normmork
Joined: 08 Dec 2003
Posts: 204
Location: Canada
|
| Posted: Wed Jul 07, 2004 14:07 pm Post subject: |
|
|
Close all open windows, perform a HJT scan and then put a check beside only these entries, click on Fixed Check
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/user3/search.html
REBOOT
Repost new HJT log file |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Wed Jul 07, 2004 14:44 pm Post subject: |
|
|
Ok I checked all boxes per request, then rebooted. On start up I also ended incredimail, clipmate, & mesenger out of the tray. I did not start and ie session then ran a fresh HJT log. However, At about 5 min after the boot up is finished and with nothing running or no new sessions the scurvy dog dru will over write my internet home page option and add all the other junk. The log file is pre-dru 
Logfile of HijackThis v1.98.0
Scan saved at 2:24:10 PM, on 7/7/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NILaunch.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\hrtcm.exe
C:\Program Files\OfficeScan NT\Pop3Trap.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
\Cfr-wes\c$\Program Files\Webshots\WebshotsTray.exe
C:\hijack1.98\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hrtcm] C:\WINNT\hrtcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WFMS
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...loader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C: \Program Files\Autodesk\MDT6\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab |
|
| Back to top |
|
|
normmork
Joined: 08 Dec 2003
Posts: 204
Location: Canada
|
| Posted: Thu Jul 08, 2004 6:16 am Post subject: |
|
|
The log file above looks OK
Can you post your infected log file after 5 mins on the internet |
|
| Back to top |
|
|
weasel
Joined: 02 Jul 2004
Posts: 14
Location: boon dock wisconsin
|
| Posted: Thu Jul 08, 2004 8:08 am Post subject: |
|
|
Here is the log file after dru imposes on my browser choice. In addition to all this I have also booted off the network and still get hijacked in a 5 min span. I have also logged in under another profile and that too has been hijacked. I do not use roaming profiles. I have cleaned out all the temp folders and cookies on several occasions, looked for suspicious files and/or dates. I'm no comp xpert but I figure there must be some trigger command somewhere that keeps bringing this pest back. I have also run cw shredder and have included the scan result. I have also run spybot and the only thing that comes up with is a DSO exploit.
Logfile of HijackThis v1.98.0
Scan saved at 7:27:54 AM, on 7/8/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\NILaunch.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\hrtcm.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OfficeScan NT\Pop3Trap.exe
C:\Program Files\ClipMate5\ClipMt53.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\hijack1.98\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/user3/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/user3/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/user3/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/user3/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/user3/search.html
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hrtcm] C:\WINNT\hrtcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ClipMate5.lnk = C:\Program Files\ClipMate5\ClipMt53.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=WFMS
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk\MDT6\AcPreview.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
CW shredder---
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\TypedURLs,url1
Infected data: http://drusearch.com/user3/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\TypedURLs,url2
Infected data: http://drusearch.com/user3/
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer\TypedURLs,url3
Infected data: http://drusearch.com/user3/
Found Hosts file: C:\WINNT\system32\drivers\etc\hosts (734 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINNT\system32\userinit.exe,
Found Win.ini file: C:\WINNT\win.ini (752 bytes, A)
Found System.ini file: C:\WINNT\system.ini (231 bytes, -)
- END OF REPORT - |
|
| Back to top |
|
|
Main
Search
please register
Log in
FAQ
RULES
