Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]trojan-spy.html.smitfraud.c


  • Please log in to reply

#16
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R41 25.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to Coolwebsearch only.
Click next, Click OK.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Do not open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, remember that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

Advertisements


#17
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I tried to restart the computer and the TrojanHunter Guard gave me the following:
Unable to get a handle to process 1764 (C:\WINNT\iexplore_dbg.exe)

Renamed file C:\WINNT\iexplore_dbg.exe to C:\WINNT\iexplore_dbg.exe.tcf
Trojan cleaning finished.
  • 0

#18
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
After you got the message, and clicked "Ok", or something like that, can you reboot your computer?

- Rawe :tazz:
  • 0

#19
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry I must be dumb...
How do I boot into Safe Mode in Win2000?
  • 0

#20
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Read from this link..
Safe Mode

Scroll the page down a little, and you will see instructions.

- Rawe :tazz:
  • 0

#21
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I've done all that but it seems that the Trojan is still there.
Now I still get Trojan Alert from the TrojanHunter and my IE homepage is still hijacked.
Following is the scan logfile. Thanks for doing this.
Do you think I should scan with HJT and post in that forum?



Ad-Aware SE Build 1.05
Logfile Created on:2005年4月27日 上午 01:19:32
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005

References detected during the scan:
CoolWebSearch(TAC index:10):4 total references

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:76 %
Total physical memory:1048048 kb
Available physical memory:796264 kb
Total page file size:2522276 kb
Available on page file:2168452 kb
Total virtual memory:2097024 kb
Available virtual memory:2046104 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


2005-4-27 上午 01:19:32 - Scan started. (Full System Scan)

Listing running processes

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 2005-4-27 上午 08:18:10
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 168
ThreadCreationTime : 2005-4-27 上午 08:18:19
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 164
ThreadCreationTime : 2005-4-27 上午 08:18:21
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 216
ThreadCreationTime : 2005-4-27 上午 08:18:22
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 228
ThreadCreationTime : 2005-4-27 上午 08:18:22
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 460
ThreadCreationTime : 2005-4-27 上午 08:18:25
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 488
ThreadCreationTime : 2005-4-27 上午 08:18:25
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 520
ThreadCreationTime : 2005-4-27 上午 08:18:25
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:9 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 548
ThreadCreationTime : 2005-4-27 上午 08:18:26
BasePriority : Normal
FileVersion : 6.13.10.4071
ProductVersion : 6.13.10.4071
ProductName : NVIDIA Driver Helper Service, Version 40.71
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.71
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 584
ThreadCreationTime : 2005-4-27 上午 08:18:26
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 612
ThreadCreationTime : 2005-4-27 上午 08:18:27
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 648
ThreadCreationTime : 2005-4-27 上午 08:18:27
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 764
ThreadCreationTime : 2005-4-27 上午 08:18:31
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:14 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 908
ThreadCreationTime : 2005-4-27 上午 08:18:35
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:15 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 944
ThreadCreationTime : 2005-4-27 上午 08:18:36
BasePriority : Normal


#:16 [rundll32.exe]
ModuleName : C:\WINNT\System32\RunDll32.exe
Command Line : "C:\WINNT\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 1056
ThreadCreationTime : 2005-4-27 上午 08:18:41
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:17 [disk_monitor.exe]
ModuleName : C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
Command Line : "C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe"
ProcessID : 1040
ThreadCreationTime : 2005-4-27 上午 08:18:41
BasePriority : Normal
FileVersion : 1.6.1204.1
ProductVersion : 1.6.1204.1
ProductName : Disk Monitor
CompanyName : Neodio Corp.
FileDescription : Disk Monitor
InternalName : Disk Monitor(ECS)
LegalCopyright : Copyright © Neodio Corp. 2001
LegalTrademarks : Disk Monitor
OriginalFilename : Disk_Monitor.exe

#:18 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 1064
ThreadCreationTime : 2005-4-27 上午 08:18:41
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:19 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 1076
ThreadCreationTime : 2005-4-27 上午 08:18:42
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:20 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 1084
ThreadCreationTime : 2005-4-27 上午 08:18:42
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1100
ThreadCreationTime : 2005-4-27 上午 08:18:43
BasePriority : Normal


#:22 [lvcoms.exe]
ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
ProcessID : 1104
ThreadCreationTime : 2005-4-27 上午 08:18:43
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [logitray.exe]
ModuleName : C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Command Line : "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
ProcessID : 1116
ThreadCreationTime : 2005-4-27 上午 08:18:44
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:24 [loadqm.exe]
ModuleName : C:\WINNT\loadqm.exe
Command Line : "C:\WINNT\loadqm.exe"
ProcessID : 1128
ThreadCreationTime : 2005-4-27 上午 08:18:44
BasePriority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:25 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1160
ThreadCreationTime : 2005-4-27 上午 08:18:44
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:26 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1028
ThreadCreationTime : 2005-4-27 上午 08:18:45
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : c Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-tw\msnappau.exe"
ProcessID : 1264
ThreadCreationTime : 2005-4-27 上午 08:18:46
BasePriority : Normal


#:28 [internat.exe]
ModuleName : C:\WINNT\System32\internat.exe
Command Line : "C:\WINNT\System32\internat.exe"
ProcessID : 1136
ThreadCreationTime : 2005-4-27 上午 08:18:48
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : INTERNAT.EXE

#:29 [backweb-8876480.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
ProcessID : 1340
ThreadCreationTime : 2005-4-27 上午 08:18:49
BasePriority : Normal


#:30 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1352
ThreadCreationTime : 2005-4-27 上午 08:18:49
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : c 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [skype.exe]
ModuleName : C:\Program Files\Skype\Phone\Skype.exe
Command Line : "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
ProcessID : 1372
ThreadCreationTime : 2005-4-27 上午 08:18:50
BasePriority : Normal


#:32 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1400
ThreadCreationTime : 2005-4-27 上午 08:18:51
BasePriority : Normal


#:33 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1420
ThreadCreationTime : 2005-4-27 上午 08:18:51
BasePriority : Normal


#:34 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 1524
ThreadCreationTime : 2005-4-27 上午 08:18:57
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:35 [ud.exe]
ModuleName : C:\Program Files\United Devices\UD.EXE
Command Line : "C:\Program Files\United Devices\UD.EXE"
ProcessID : 1544
ThreadCreationTime : 2005-4-27 上午 08:18:59
BasePriority : Normal
FileVersion : 3.00.2814
ProductVersion : 3.00.2814
ProductName : UD Agent
CompanyName : United Devices, Inc.
FileDescription : United Devices
InternalName : UDagent_3801_2814
LegalCopyright : Copyright United Devices ™
LegalTrademarks : United Devices ™
OriginalFilename : UDagent_3801_2814.exe
Comments : UD Agent Version 3.0

#:36 [ud_7657531.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531.exe
Command Line : ud_7657531.exe
ProcessID : 1564
ThreadCreationTime : 2005-4-27 上午 08:19:15
BasePriority : Idle


#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1676
ThreadCreationTime : 2005-4-27 上午 08:19:19
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:38 [wcgrid_rosetta.exe]
ModuleName : C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
Command Line : "C:/Program Files/United Devices/ud_7657531_0.dir/WCGrid_Rosetta.exe" -series 11 -protein bi87 -chain 7 -nstruct 275 -constant_seed -jran 131495 -silent
ProcessID : 1724
ThreadCreationTime : 2005-4-27 上午 08:19:26
BasePriority : Idle
FileVersion : 1, 0, 0, 5
ProductName : Rosetta Fragments and Rosetta ab-initio
CompanyName : University of Washington and IBM Corporation
FileDescription : Created under grants from the National Science Foundation number MCB-9458178, the Packard Foundation, the Los Alamos National Laboratory, Office of Naval Research grant number N00014-95-1-0417, and the Howard Hughes Medical Institute
InternalName : WCGrid_Rosetta.exe
LegalCopyright : Copyright © Unversity of Washington 2000-2004 and IBM Corp. 2004. All Rights Reserved
OriginalFilename : Rosetta

Memory scan result:
New critical objects: 0
Objects found so far: 0


Started registry scan
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :

Registry Scan result:

New critical objects: 4
Objects found so far: 4


Started deep registry scan


Deep registry scan result:

New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan



Tracking cookie scan result:

New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)


Disk Scan Result for C:\

New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".


Hosts file scan result:

1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...


Conditional scan result:

New critical objects: 0
Objects found so far: 4

上午 01:21:32 Scan Complete

Summary Of This Scan

Total scanning time:00:01:59.719
Objects scanned:47729
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#22
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Yes, you should.
If you post your log to there, give them a link to this topic.

- Rawe :tazz:
  • 0

#23
hlhuang

hlhuang

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for the help.
  • 0

#24
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Also, keep in mind that HJT forums are very busy, so it may take a while for you to get your instructions..

- Rawe :tazz:
  • 0

#25
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP