--- Report generated: 2003-02-13 14:42 --- Advertising.com: Tracking cookie or cookie of tracking site (File) anyuser@servedby.advertising[1].txt Advertising.com: Tracking cookie or cookie of tracking site (File) anyuser@advertising[1].txt Alexa Related: What's related link (Replace file) RELATED.HTM Avenue A, Inc.: Tracking cookie or cookie of tracking site (File) anyuser@atdmt[1].txt Common hijacker: Redirected host (Redirected host) Common hijacker: Redirected host (Redirected host) Cydoor: Global settings (Registry key) HKEY_LOCAL_MACHINE\Software\Cydoor Cydoor: Internet connection library (File) cd_htm.dll Cydoor: Internet library (Replace file) cd_clint.dll Cydoor: Service settings for current user (Registry key) HKEY_CURRENT_USER\Software\Cydoor services Cydoor: Settings for current user (Registry key) HKEY_CURRENT_USER\Software\Cydoor Cydoor: Uninstall settings (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdSupport_270 DownloadWare: Autorun settings (Registry value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DownloadWare DownloadWare: Program directory (Directory) C:\Program Files\DownloadWare DownloadWare: User settings (Registry key) HKEY_CURRENT_USER\Software\WebInstall DownloadWare: User settings (Registry key) HKEY_CURRENT_USER\Software\DownloadWare eAcceleration: Setup info (File) setup.inf eAcceleration: User settings (Registry key) HKEY_CURRENT_USER\Software\Acceleration Software International Corporation EasyInstall: Program directory (Directory) C:\Program Files\RedV\EasyInstall EasyInstall: Uninstall settings (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EasyInstall EasyInstall: Uninstaller (File) EIUninst.exe EasyInstall: User settings (Registry key) HKEY_CURRENT_USER\Software\RedV.net\RVPopup EasyInstall: User settings (Registry key) HKEY_CURRENT_USER\Software\RedV.net\EasyInstall FastClick: Tracking cookie or cookie of tracking site (File) anyuser@fastclick[1].txt Gator: Autorun settings (Registry value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trickler Gator: Global settings (Registry key) HKEY_LOCAL_MACHINE\Software\Gator.com Gator: Hidden identity (Registry key) HKEY_CLASSES_ROOT\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} Gator: Temporary directory (Directory) C:\WINDOWS\TEMP\fsg_tmp IGetNet: Autorun settings (Registry value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WINSTART001.EXE IGetNet: Class (Registry key) HKEY_CLASSES_ROOT\Rsp.BizLgk IGetNet: Class (Registry key) HKEY_CLASSES_ROOT\BHO.clsUrlSearch IGetNet: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{676058E4-89BD-11D6-8A8C-0050BA8452C0} IGetNet: Hijacker executable (File) WinStart001.EXE IGetNet: Library (File) BHO001.DLL IGetNet: Library (File) RSP001.DLL IGetNet: Redirected host (Redirected host) IGetNet: Typelib (Registry key) HKEY_CLASSES_ROOT\Typelib\{676058DB-89BD-11D6-8A8C-0050BA8452C0} IGetNet: User settings (Registry key) HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Ie Rsp Internet Explorer: Data source object exploit (Registry change) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3 IPinsight: Browser helper object (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} IPinsight: Class (Registry key) HKEY_CLASSES_ROOT\IPInsigt.IPInsigtObj.1 IPinsight: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} IPinsight: Executable (File) ipinsigt.dll IPinsight: Global settings (Registry key) HKEY_LOCAL_MACHINE\Software\IPInsight IPinsight: Interface (Registry key) HKEY_CLASSES_ROOT\Interface\{297AFC77-2039-4D3C-BEF9-598819EB2C8A} IPinsight: Type library (Registry key) HKEY_CLASSES_ROOT\Typelib\{BE35582C-9796-4CF1-AED9-556ADA120B38} IPinsight: Typelib (Registry key) HKEY_CLASSES_ROOT\Typelib\{11CC62B9-65F8-4A8B-B33F-5DE4E838442D} MS Media Player: Client ID (Registry change) HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID= MySearch: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10} MySearch: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} PurityScan: Executable (File) winservn.exe SideStep: Browser helper object (Registry key) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{08351226-6472-43BD-8A40-D9221FF1C4CE} SideStep: Class (Registry key) HKEY_CLASSES_ROOT\CLSID\{08351226-6472-43BD-8A40-D9221FF1C4CE} SideStep: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{0837121A-6472-43BD-8A40-D9221FF1C4CE} SideStep: IE extension (Registry key) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} SideStep: Uninstall settings (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideStep SideStep: User settings (Registry key) HKEY_CURRENT_USER\Software\SideStep VX2/e: Browser helper object (Registry key) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA} VX2/e: Class (Registry key) HKEY_CLASSES_ROOT\F1.Organizer.1 VX2/e: Class (Registry key) HKEY_CLASSES_ROOT\F1.Organizer VX2/e: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA} VX2/e: Typelib (Registry key) HKEY_CLASSES_ROOT\Typelib\{EF100607-F409-426a-9E7C-CB211F2A9030} webHancer: Autorun settings (Registry value) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webHancer Agent webHancer: Browser helper object (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} webHancer: Class (Registry key) HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj.1 webHancer: Class (Registry key) HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj webHancer: Class ID (Registry key) HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} webHancer: Global settings (Registry key) HKEY_LOCAL_MACHINE\Software\webHancer webHancer: Installer (File) whInstaller.exe webHancer: Installer settings (File) whInstaller.ini webHancer: Interface( (IWhIeHelperObj)) (Registry key) HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0} webHancer: Program directory (Directory) C:\Program Files\webHancer webHancer: System file (File) whAgent.inf webHancer: System file (File) webhdll.dll webHancer: Typelib( (IWhIeHelperObj 1.0 Type Library)) (Registry key) HKEY_CLASSES_ROOT\Typelib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} webHancer: Uninstall settings (Registry key) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent Internet Explorer: Cookies( (7 cookies)) (Directory) C:\WINDOWS\Cookies Internet Explorer: Download directory (Registry change) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory= Internet Explorer: Temporary internet files( (118 entries)) (Empty cache) Internet Explorer: URL history #1( (2 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: User agent (Registry change) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32) Log: Activity: OEWABLog.txt (Backup file) C:\WINDOWS\OEWABLog.txt Log: IE: brndlog.txt (Backup file) C:\WINDOWS\brndlog.txt MS DirectDraw: Most recent application (Registry change) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name= Windows Explorer: Program run history( (2 entries)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Recent file global history (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Run history( (3 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Stream history( (9 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: Stream history( (9 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: User Assistant history files( (1 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files( (1 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history IE( (4 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE( (4 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Network: Recent opened folder list (Registry key) HKEY_CURRENT_USER\Network\Recent --- Spybot-S&D version: 1.1 rel 4 --- 2003-01-08 Includes\plugin-ignore.ini 2003-01-29 Includes\Cookies.sbi 2003-01-29 Includes\Dialer.sbi 2003-02-02 Includes\Hijackers.sbi 2003-01-28 Includes\Keyloggers.sbi 2003-01-30 Includes\Malware.sbi 2003-01-08 Includes\Security.sbi 2003-01-30 Includes\Spybots.sbi 2003-01-30 Includes\Tracks.uti 2003-01-29 Includes\Trojans.sbi ********************************************* 2nd Log after reboot * ********************************************* --- Report generated: 2003-02-13 14:51 --- DownloadWare: Program directory (Directory) C:\Program Files\DownloadWare webHancer: Program files (Directory) C:\Program Files\webHancer webHancer: System file (File) WHAGENT.INF webHancer: System file (File) WEBHDLL.DLL Internet Explorer: Cookies( (7 cookies)) (Directory) C:\WINDOWS\Cookies Internet Explorer: Download directory (Registry change) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory= Internet Explorer: Temporary internet files( (231 entries)) (Empty cache) Internet Explorer: URL history #1( (2 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: User agent (Registry change) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32) Log: Activity: OEWABLog.txt (Backup file) C:\WINDOWS\OEWABLog.txt Log: IE: brndlog.txt (Backup file) C:\WINDOWS\brndlog.txt MS DirectDraw: Most recent application (Registry change) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name= Windows Explorer: Program run history( (2 entries)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Recent file global history (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Run history( (3 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Stream history( (9 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: Stream history( (9 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: User Assistant history files( (1 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files( (1 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history IE( (4 files)) (Registry key) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE( (4 files)) (Registry key) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Network: Recent opened folder list (Registry key) HKEY_CURRENT_USER\Network\Recent --- Spybot-S&D version: 1.1 rel 4 --- 2003-01-08 Includes\plugin-ignore.ini 2003-01-29 Includes\Cookies.sbi 2003-01-29 Includes\Dialer.sbi 2003-02-02 Includes\Hijackers.sbi 2003-01-28 Includes\Keyloggers.sbi 2003-01-30 Includes\Malware.sbi 2003-01-08 Includes\Security.sbi 2003-01-30 Includes\Spybots.sbi 2003-01-30 Includes\Tracks.uti 2003-01-29 Includes\Trojans.sbi