Thanks for all the great ideas! Here is my Adaware logfile
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, December 05, 2004 10:18:42 AM
Using definitions file:SE1R21 03.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):8 total references
MRU List(TAC index:0):32 total references
Redirected hostfile entry(TAC index:4):4 total references
SecondThought(TAC index:4):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
12-5-2004 10:18:42 AM - Scan started. (Full System Scan)
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 32
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : File
Data : A0006392.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0004
ProductVersion : 1.00.0004
ProductName : CashBack Program
CompanyName : eXact Advertising
InternalName : cb
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : cb.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006393.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0005
ProductVersion : 1.00.0005
ProductName : CashBack Flash Notification Module
CompanyName : eXact Advertising
InternalName : flash
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : flash.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006394.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adv
CompanyName : eXact Advertising
InternalName : adv
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adv.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006395.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : adx
CompanyName : eXact Advertising
InternalName : adx
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : adx.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006396.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0004
ProductVersion : 1.00.0004
ProductName : CashBack Program
CompanyName : eXact Advertising
InternalName : cb
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : cb.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006397.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0005
ProductVersion : 1.00.0005
ProductName : CashBack Flash Notification Module
CompanyName : eXact Advertising
InternalName : flash
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : flash.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006398.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0004
ProductVersion : 1.00.0004
ProductName : CashBack Program
CompanyName : eXact Advertising
InternalName : cb
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : cb.exe
BargainBuddy Object Recognized!
Type : File
Data : A0006399.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 1.00.0005
ProductVersion : 1.00.0005
ProductName : CashBack Flash Notification Module
CompanyName : eXact Advertising
InternalName : flash
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : flash.exe
SecondThought Object Recognized!
Type : File
Data : A0006400.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
VX2 Object Recognized!
Type : File
Data : A0006401.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{CD25FFA0-8175-4E91-A1EB-4839BC00B092}\RP36\
FileVersion : 0, 4, 4, 67
ProductVersion : 0, 4, 4, 67
ProductName : LocalNRD
CompanyName : LocalNRD
FileDescription :
www.localnrd.com
InternalName : LocalNRD
LegalCopyright : Copyright © 2004
OriginalFilename : LocalNRD.dll
Comments :
www.localnrd.com
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
Warning!
Bad Hosts file entry:69.20.16.183:ieautosearch
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:ieautosearch
Warning!
Bad Hosts file entry:69.20.16.183:auto.search.msn.com
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:auto.search.msn.com
Warning!
Bad Hosts file entry:69.20.16.183:search.netscape.com
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:search.netscape.com
Warning!
Bad Hosts file entry:69.20.16.183:ieautosearch
Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 69.20.16.183
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 69.20.16.183:ieautosearch
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
16 entries scanned.
New critical objects:4
Objects found so far: 46
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Thanks, guys I'll also post my HJT logfile