Ok this is looking good. I performed as instructed (no forseen problems). I rebooted and ran HJT (newr version) and this is what it scanned:
Logfile of HijackThis v1.97.7
Scan saved at 14:43:05, on 4/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\lkcitdl.exe
C:\WINNT\System32\lkads.exe
C:\WINNT\System32\lktsrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\TouchKit\TouchTray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\National Instruments\Logos\smgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Spyware Removal\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - Startup: NI Service Manager.lnk = C:\Program Files\National Instruments\Logos\smgr.exe
O4 - Global Startup: LookoutDirect.lnk = C:\DirectSOFT4\Bin\lookout.exe
O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{51718847-2B95-4891-B9C9-0CE933B582F0}: NameServer = 192.168.237.134
________________________________________________________________
****************************************************************
I then ran Adaware (with updated definitions). It found 8 critical problems. I saved the log file below:
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 19, 2005 14:39:11
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):7 total references
ImIServer IEPlugin(TAC index:5):1 total references
MRU List(TAC index:0):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R36 01.04.2005
Internal build : 43
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 438128 Bytes
Total size : 1378904 Bytes
Signature data size : 1348736 Bytes
Reference data size : 29656 Bytes
Signatures total : 38426
Fingerprints total : 758
Fingerprints size : 28416 Bytes
Target categories : 15
Target families : 644
4-19-2005 14:38:52 Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649
4-19-2005 14:39:01 Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:42 %
Total physical memory:252720 kb
Available physical memory:105784 kb
Total page file size:611836 kb
Available on page file:464108 kb
Total virtual memory:2097024 kb
Available virtual memory:2042624 kb
OS:Microsoft Windows 2000 Advanced Server Service Pack 4 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-19-2005 14:39:11 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents
____________________________________________________________________
********************************************************************
I selected and removed all critical issues. I rebooted the machine and re-ran adaware. This time it found no critical issues. I rescanned with HJT and posting the new log.
Logfile of HijackThis v1.97.7
Scan saved at 14:50:21, on 4/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\lkcitdl.exe
C:\WINNT\System32\lkads.exe
C:\WINNT\System32\lktsrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\TouchKit\TouchTray.exe
C:\Program Files\National Instruments\Logos\smgr.exe
C:\WINNT\System32\svchost.exe
C:\Spyware Removal\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - Startup: NI Service Manager.lnk = C:\Program Files\National Instruments\Logos\smgr.exe
O4 - Global Startup: LookoutDirect.lnk = C:\DirectSOFT4\Bin\lookout.exe
O4 - Global Startup: TouchMon.lnk = C:\Program Files\TouchKit\TouchTray.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{51718847-2B95-4891-B9C9-0CE933B582F0}: NameServer = 192.168.237.134
____________________________________________________________________
********************************************************************
Clean? More work?
Thanks