Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Browser hijack problem


  • Please log in to reply

#1
Swagman

Swagman

    Member

  • Member
  • PipPip
  • 16 posts
I have a browser hijack problem but I'm posting an adaware scan first as requested in 'pinned' - nothing much shows up other than trackers. Pls advise any problems noted and then advise if I can post a HT scan.

Thanks

Swaggy

Incorrect Logfile type posted

Edited by Andy_veal, 25 April 2005 - 03:43 PM.

  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome to Geeks to go

4-24-05 9:59:52 AM - Scan started. (Custom mode)


In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R40 20.04.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.


Good luck

Andy
  • 0

#3
Swagman

Swagman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok Andy, thanks full scan posted below - note that #:18 [SVCNUT.EXE] is not detected as adaware but seems to be a symptom of an infection of some sort - though it can be 'turned off' easily enough via Ctl Alt Del and this speeds up the system noticeably.


Ad-Aware SE Build 1.05
Logfile Created on:Monday, April 25, 2005 1:41:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:40 %
Total physical memory:195884 kb
Available physical memory:16392 kb
Total page file size:1275904 kb
Available on page file:1177988 kb
Total virtual memory:2093056 kb
Available virtual memory:2049472 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan within archives

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-25-05 1:41:13 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279212053
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294963133
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294957357
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294951541
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4293945721
Threads : 2
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4293944469
Threads : 17
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:7 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4293929461
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:8 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294019981
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:9 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294024561
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:10 [STARTER.EXE]
ModuleName : C:\WINDOWS\STARTER.EXE
Command Line : "C:\WINDOWS\starter.exe"
ProcessID : 4294035013
Threads : 1
Priority : Normal
FileVersion : 3.00.02
ProductVersion : 3.00.02
ProductName : starter
CompanyName : Creative Technology, Ltd.
FileDescription : This program launches the mixer application.
InternalName : starter
LegalCopyright : Copyright © 1998-99 Creative Technology, Ltd.
OriginalFilename : starter.exe
Comments : Mixer Starter Application

#:11 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294063585
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:12 [REALPLAY.EXE]
ModuleName : C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 4294017937
Threads : 6
Priority : Normal
FileVersion : 6.0.9.450
ProductVersion : 6.0.9.450
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:13 [VETMSG.EXE]
ModuleName : C:\VET\VETMSG.EXE
Command Line : "C:\VET\VETMSG.EXE"
ProcessID : 4294039521
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : vetmsg
CompanyName : Computer Associates International, Inc.
FileDescription : vetmsg
InternalName : vetmsg
LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc.
OriginalFilename : vetmsg.exe

#:14 [VETTRAY.EXE]
ModuleName : C:\VET\VETTRAY.EXE
Command Line : "C:\VET\VETTRAY.EXE"
ProcessID : 4294053013
Threads : 3
Priority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:15 [INCD.EXE]
ModuleName : C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 4294080509
Threads : 2
Priority : Normal
FileVersion : 3.33.0
ProductVersion : 3.33.0
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:16 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294080213
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:17 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294091625
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [SVCNUT.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\SVCNUT.EXE
Command Line : "C:\WINDOWS\system32\svcnut.exe" home
ProcessID : 4294090389
Threads : 2
Priority : Normal


#:19 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4294084141
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:20 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4293988941
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:21 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294255605
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@as-eu.falkag[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@as-eu.falkag.net/
Expires : 4-25-06 10:41:48 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@tribalfusion.com/
Expires : 1-1-38 10:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bluestreak.com/
Expires : 4-22-15 8:36:50 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@fastclick.net/
Expires : 4-14-07 12:39:56 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@casalemedia.com/
Expires : 4-15-06 8:38:26 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserver.news.com[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@adserver.news.com.au/
Expires : 12-31-37 2:00:00 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@z1.adserver.com/
Expires : 4-24-06 12:39:02 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@imrworldwide.com/cgi-bin
Expires : 1-19-09 9:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:default@doubleclick.net/
Expires : 4-24-08 10:40:50 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserver.news.com[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@adserver.news.com[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@as-eu.falkag[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@as-eu.falkag[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

2:40:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:58:58.740
Objects scanned:134648
Objects identified:18
Objects ignored:0
New critical objects:18
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Well, tracking cookies are always safe to delete.
You could do this;
download/install this tool here;
http://www.ccleaner.com/
When installed, open and bush the button "Run cleaner",
then after this, run a full system scan with ad-aware, and post a new log and Andy will take another look.

- Rawe :tazz:

(Remember to deselect "Search for negligible risk entries"- setting.)
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

#:18 [SVCNUT.EXE]
ModuleName : C:\WINDOWS\SYSTEM32\SVCNUT.EXE
Command Line : "C:\WINDOWS\system32\svcnut.exe" home
ProcessID : 4294090389
Threads : 2
Priority : Normal


Yep it is a bad processes! :tazz:

Please end that process using Ctrl Alt Delete.

Download the following program called KillBox

Then please enter to delete.

C:\WINDOWS\SYSTEM32\SVCNUT.EXE

Post back

Andy
  • 0

#6
Swagman

Swagman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks Andy,

I downloaded Killbox and used it to kill SVCNUT.EXE, then ran another scan (listed below) and deleted the trackers - Do I post a HJT log now as I'm still stuck with a '401 MPV warning' home page which can't be reset using 'options' in the normal way so I suspect a registry problem.

Thanks for the help so far
Swaggy



Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, April 26, 2005 8:37:20 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:47 %
Total physical memory:195884 kb
Available physical memory:42004 kb
Total page file size:1274848 kb
Available on page file:1179792 kb
Total virtual memory:2093056 kb
Available virtual memory:2049472 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-26-05 8:37:20 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279212757
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294962557
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294958061
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294951113
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4293946241
Threads : 2
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [VSMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
Command Line : C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
ProcessID : 4293945121
Threads : 17
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:7 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4293963225
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:8 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294017125
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:9 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294048493
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:10 [STARTER.EXE]
ModuleName : C:\WINDOWS\STARTER.EXE
Command Line : "C:\WINDOWS\starter.exe"
ProcessID : 4294034977
Threads : 1
Priority : Normal
FileVersion : 3.00.02
ProductVersion : 3.00.02
ProductName : starter
CompanyName : Creative Technology, Ltd.
FileDescription : This program launches the mixer application.
InternalName : starter
LegalCopyright : Copyright © 1998-99 Creative Technology, Ltd.
OriginalFilename : starter.exe
Comments : Mixer Starter Application

#:11 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294063897
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:12 [REALPLAY.EXE]
ModuleName : C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 4294065609
Threads : 6
Priority : Normal
FileVersion : 6.0.9.450
ProductVersion : 6.0.9.450
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:13 [VETMSG.EXE]
ModuleName : C:\VET\VETMSG.EXE
Command Line : "C:\VET\VETMSG.EXE"
ProcessID : 4294034897
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : vetmsg
CompanyName : Computer Associates International, Inc.
FileDescription : vetmsg
InternalName : vetmsg
LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc.
OriginalFilename : vetmsg.exe

#:14 [VETTRAY.EXE]
ModuleName : C:\VET\VETTRAY.EXE
Command Line : "C:\VET\VETTRAY.EXE"
ProcessID : 4294037261
Threads : 3
Priority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe

#:15 [INCD.EXE]
ModuleName : C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 4294079573
Threads : 2
Priority : Normal
FileVersion : 3.33.0
ProductVersion : 3.33.0
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:16 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294079313
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:17 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294097169
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:18 [ZLCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
Command Line : "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ProcessID : 4294091249
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:19 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294152389
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:20 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294256217
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@as-eu.falkag[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@as-eu.falkag.net/
Expires : 4-25-06 10:41:48 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@bs.serving-sys.com/
Expires : 1-1-38 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@tribalfusion.com/
Expires : 1-1-38 10:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@mediaplex.com/
Expires : 6-22-09 10:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@atdmt.com/
Expires : 4-24-10 10:00:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@serving-sys.com/
Expires : 1-1-38 6:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@bluestreak.com/
Expires : 4-22-15 8:36:50 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@fastclick.net/
Expires : 4-14-07 12:39:56 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@casalemedia.com/
Expires : 4-15-06 8:38:26 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserver.news.com[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@adserver.news.com.au/
Expires : 12-31-37 2:00:00 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@z1.adserver.com/
Expires : 4-24-06 12:39:02 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@imrworldwide.com/cgi-bin
Expires : 1-19-09 9:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:default@doubleclick.net/
Expires : 4-24-08 10:40:50 AM
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 13



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bluestreak[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@fastclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@adserver.news.com[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@adserver.news.com[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@as-eu.falkag[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@as-eu.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bs.serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 26




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 26

8:59:41 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:20.950
Objects scanned:135175
Objects identified:26
Objects ignored:0
New critical objects:26
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
Swagman

Swagman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Please follow the instructions located in Step Five: Posting a Hijack This Log.  Post your HJT log as a reply to this thread,


All steps followed and 'hijack this' log posted below.

The home page hijacker seems to be this one in the log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401

Is the cure as simple as just checking for deletion under 'Hijack This' and restoring the normal Home Page via Options in IE? I'll wait for your advice anyway

Cheers
Swaggy

___________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 10:16:11 PM, on 4/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\VET\VETTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\VET\ISAFE.EXE
C:\VET\VETMSG.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://65.196.233.43/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://65.196.233.43/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://65.196.233.43/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2000\Search Bar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://65.196.233.43/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vet Alert] c:\VET\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] c:\VET\VETTRAY.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: St.George Internet Banking - https://ibank.stgeor...html/bbb11s.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenu...yerAX_Win32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll (file missing)
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://65.196.233.43/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://65.196.233.43/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://65.196.233.43/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://65.196.233.43/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home

O9 - Extra button: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B0E2C00-AFE4-11D9-94D0-444553540000} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)

O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll (file missing)

Reboot into safe mode and delete:
C:\WINDOWS\system32\svcnut.exe

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP