Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad-Aware logfile help


  • Please log in to reply

#1
jasonfultz

jasonfultz

    Member

  • Member
  • PipPip
  • 71 posts
Is anyone available to help analyze my Ad-Aware log. This is my lead-up to the Hijackthis log to be posted later. It appears to not have anything malicious in it, but your expert eyes would help me fix some performance issues later on.

I truly appreciate your help,
Jason Fultz...

PS...A couple of weeks ago I'm pretty sure I had a trojan/virus/something on my computer. It locked up IE so that I couldn't even open it, then removed scripting so that I couldn't click buttons on webpages (even using Explorer.exe instead of going straight to IExplorer.exe or using Netscape). Since then I think I may have removed most of the infection, but after attempting to reinstall IE, I discovered that something had access over some file it was using and it wouldn't allow me to repair it. So then I ended up reinstalling Windows 2000, hoping that would fix it (without formatting, I believe they called it upgrading).

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 05, 2005 7:29:41 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : D:\PROGRA~1\LAVASOFT\AD-AWA~1\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

5-5-2005 6:17:15 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : D:\PROGRA~1\LAVASOFT\AD-AWA~1\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


5-5-2005 6:17:18 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:8 %
Total physical memory:261616 kb
Available physical memory:20372 kb
Total page file size:632488 kb
Available on page file:426052 kb
Total virtual memory:2097024 kb
Available virtual memory:2033332 kb
OS:Microsoft Windows 2000 Professional (Build 2195)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-5-2005 7:29:41 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 5-5-2005 10:36:56 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 5-5-2005 10:37:08 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 5-5-2005 10:37:11 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 5-5-2005 10:37:13 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 5-5-2005 10:37:14 PM
BasePriority : Normal
FileVersion : 5.00.2184.1
ProductVersion : 5.00.2184.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 396
ThreadCreationTime : 5-5-2005 10:37:22 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 440
ThreadCreationTime : 5-5-2005 10:37:27 PM
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [wrapper.exe]
ModuleName : D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
Command Line : "D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf"
ProcessID : 476
ThreadCreationTime : 5-5-2005 10:37:28 PM
BasePriority : Normal


#:9 [ati2evxx.exe]
ModuleName : C:\WINNT\System32\Ati2evxx.exe
Command Line : C:\WINNT\System32\Ati2evxx.exe
ProcessID : 488
ThreadCreationTime : 5-5-2005 10:37:28 PM
BasePriority : Normal


#:10 [cdantsrv.exe]
ModuleName : C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
Command Line : C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
ProcessID : 516
ThreadCreationTime : 5-5-2005 10:37:29 PM
BasePriority : Normal
FileVersion : 3.23.000
ProductVersion : 3.23.000 Windows NT 2001/03/30
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:11 [java.exe]
ModuleName : D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
Command Line : "D:\Program Files\Alias\Maya6.0\docs\jre\bin\java" -Xms3m -Xmx64m -Djava.library.path="./lib" -classpath "./lib/wrapper.jar;./helpserver.jar" -Dwrapper.key="VbqJBJyLDn92oMq8" -Dwrapper.port=32000 -Dwrapper.service="TRUE" -Dwrapper.cpu.timeout="10" -Dwrapper.jv
ProcessID : 532
ThreadCreationTime : 5-5-2005 10:37:31 PM
BasePriority : Normal


#:12 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 552
ThreadCreationTime : 5-5-2005 10:37:31 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:13 [gearsec.exe]
ModuleName : C:\WINNT\system32\gearsec.exe
Command Line : C:\WINNT\system32\gearsec.exe
ProcessID : 572
ThreadCreationTime : 5-5-2005 10:37:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:14 [mysqld-nt.exe]
ModuleName : D:\mysql\bin\mysqld-nt.exe
Command Line : D:/mysql/bin/mysqld-nt.exe
ProcessID : 600
ThreadCreationTime : 5-5-2005 10:37:35 PM
BasePriority : Normal


#:15 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 656
ThreadCreationTime : 5-5-2005 10:37:38 PM
BasePriority : Normal
FileVersion : 5.00.2155.1
ProductVersion : 5.00.2155.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:16 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 832
ThreadCreationTime : 5-5-2005 10:37:48 PM
BasePriority : Normal
FileVersion : 4.71.2137.1
ProductVersion : 4.71.2137.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:17 [stisvc.exe]
ModuleName : C:\WINNT\system32\stisvc.exe
Command Line : C:\WINNT\system32\stisvc.exe
ProcessID : 864
ThreadCreationTime : 5-5-2005 10:37:54 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:18 [tablet.exe]
ModuleName : C:\WINNT\system32\Tablet.exe
Command Line : C:\WINNT\system32\Tablet.exe
ProcessID : 908
ThreadCreationTime : 5-5-2005 10:37:55 PM
BasePriority : High


#:19 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 924
ThreadCreationTime : 5-5-2005 10:37:56 PM
BasePriority : Normal
FileVersion : 1.50.1085.0001
ProductVersion : 1.50.1085.0001
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:20 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 948
ThreadCreationTime : 5-5-2005 10:37:57 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:21 [explorer.exe]
ModuleName : C:\WINNT\Explorer.exe
Command Line : Explorer.exe
ProcessID : 1124
ThreadCreationTime : 5-5-2005 10:38:47 PM
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:22 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1112
ThreadCreationTime : 5-5-2005 10:38:55 PM
BasePriority : Normal
FileVersion : 6.14.10.4029
ProductVersion : 6.14.10.4029
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:23 [usdm.exe]
ModuleName : D:\Program Files\EPoX\USDM\USDM.EXE
Command Line : "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
ProcessID : 1236
ThreadCreationTime : 5-5-2005 10:38:55 PM
BasePriority : Normal
FileVersion : 2.0.0.0
ProductVersion : 2.0.0.0
ProductName : Unified System Diagnostic Manager (USDM)
CompanyName : EPoX COMPUTER CO.,LTD.
FileDescription : Unified System Diagnostic Manager (USDM)

#:24 [crow32.exe]
ModuleName : C:\WINNT\System32\crow32.exe
Command Line : "C:\WINNT\System32\crow32.exe"
ProcessID : 1268
ThreadCreationTime : 5-5-2005 10:38:56 PM
BasePriority : Normal


#:25 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1276
ThreadCreationTime : 5-5-2005 10:38:56 PM
BasePriority : Normal
FileVersion : 4.2.0.72
ProductVersion : 4.2.0.72
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe

#:26 [digstream.exe]
ModuleName : C:\Program Files\DIGStream\digstream.exe
Command Line : "C:\Program Files\DIGStream\digstream.exe"
ProcessID : 1288
ThreadCreationTime : 5-5-2005 10:38:57 PM
BasePriority : Normal
FileVersion : 2.2.1.0001
ProductVersion : 2.2.1.0001
ProductName : DIGStream
CompanyName : Walt Disney Internet Group
FileDescription : DIGStream Cache Manager
InternalName : DIGStream.exe
LegalCopyright : Copyright © 2002-2005 Walt Disney Internet Group.
OriginalFilename : digstream.exe
Comments : none

#:27 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\qttask.exe
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1296
ThreadCreationTime : 5-5-2005 10:38:57 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:28 [soundman.exe]
ModuleName : C:\WINNT\SOUNDMAN.EXE
Command Line : "C:\WINNT\SOUNDMAN.EXE"
ProcessID : 1312
ThreadCreationTime : 5-5-2005 10:38:58 PM
BasePriority : Normal
FileVersion : 5.1.09
ProductVersion : 5.1.09
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:29 [warez.exe]
ModuleName : D:\Program Files\Warez P2P Client\warez.exe
Command Line : "D:\Program Files\Warez P2P Client\warez.exe" -h
ProcessID : 1320
ThreadCreationTime : 5-5-2005 10:38:58 PM
BasePriority : Normal
FileVersion : 2.7.5.2966
ProductVersion : 2.0
ProductName : Warez p2p for windows
CompanyName : Warez
FileDescription : Warez p2p client
InternalName : Warez
OriginalFilename : WAREZ.EXE
Comments : http://client.warez.com

#:30 [netscp.exe]
ModuleName : D:\Program Files\Netscape\Netscape\Netscp.exe
Command Line : "D:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
ProcessID : 1328
ThreadCreationTime : 5-5-2005 10:38:58 PM
BasePriority : Normal


#:31 [em_exec.exe]
ModuleName : D:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "D:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 1336
ThreadCreationTime : 5-5-2005 10:38:58 PM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:32 [taskmgr.exe]
ModuleName : C:\WINNT\System32\taskmgr.exe
Command Line : taskmgr.exe
ProcessID : 1352
ThreadCreationTime : 5-5-2005 10:38:58 PM
BasePriority : High
FileVersion : 5.00.2137.1
ProductVersion : 5.00.2137.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : taskmgr.exe

#:33 [wincinemamgr.exe]
ModuleName : D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 1440
ThreadCreationTime : 5-5-2005 10:39:02 PM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:34 [scannerfinder.exe]
ModuleName : D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
Command Line : "D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe"
ProcessID : 1388
ThreadCreationTime : 5-5-2005 10:39:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SDII Application
FileDescription : SDII MFC Application
InternalName : SDII
LegalCopyright : Copyright © 2000
OriginalFilename : SDII.EXE

#:35 [osa.exe]
ModuleName : D:\Program Files\Microsoft Office\Office\OSA.EXE
Command Line : "D:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 1396
ThreadCreationTime : 5-5-2005 10:39:04 PM
BasePriority : Normal


#:36 [tabuserw.exe]
ModuleName : C:\WINNT\system32\Wtablet\TabUserW.exe
Command Line : "C:\WINNT\system32\Wtablet\TabUserW.exe"
ProcessID : 1472
ThreadCreationTime : 5-5-2005 10:39:05 PM
BasePriority : Normal
FileVersion : 4.76-8
ProductVersion : 4.76-8
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE

#:37 [ad-aware.exe]
ModuleName : D:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE
Command Line : "D:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" /598853 +483832
ProcessID : 288
ThreadCreationTime : 5-5-2005 11:17:11 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@overture[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:jason fultz@overture.com/
Expires : 5-3-2015 1:44:52 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jason fultz@2o7.net/
Expires : 5-1-2010 2:49:52 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@realmedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jason fultz@realmedia.com/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@edge.ru4[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@edge.ru4[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@ehg-foxsports.hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@fastclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@servedby.advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason fultz@zedo[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jason Fultz\Local Settings\Temp\Cookies\jason fultz@zedo[1].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : drachin@flycast.txt
Category : Data Miner
Comment :
Value : E:\WINDOWS\Cookies\drachin@flycast.txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : drachin@focalink.txt
Category : Data Miner
Comment :
Value : E:\WINDOWS\Cookies\drachin@focalink.txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : drachin@doubleclick.txt
Category : Data Miner
Comment :
Value : E:\WINDOWS\Cookies\drachin@doubleclick.txt

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 20




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20

7:44:07 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:26.344
Objects scanned:231416
Objects identified:20
Objects ignored:0
New critical objects:20
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:

When you have restored hosts file, reboot, rescan with Ad-aware and post a fresh log.

Edited by Rawe, 06 May 2005 - 03:36 AM.

  • 0

#3
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
I have reviewed your logfile and all that is detected is safe to remove, should you wish to do so.

To clean your machine, open Ad-Aware SE and run a full system scan. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "item" you wish to remove. Click next, Click OK.

Please shutdown/restart your computer after removal, run a new full system scan and post your new log here.

All the best

Andy
  • 0

#4
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Rawe, thanks for looking into this. But I'm not sure I know what you're talking about. I don't know what a host file really is. But I think Spy Sweeper might change it periodically. So it doesn't appear as though using the Host File Reader will help much in my case.

Andy, thanks for reviewing my logfile. I ran Ad-aware again and had it remove all traces (all cookies). I rebooted my computer and ran another scan and it didn't find any further objects (and I don't think it gave me a chance to view the scan summary). So there isn't another logfile to post here.

Thanks for all your help, guys. I guess I'll move on to the next step, 'Virus Detection'.

Jason...
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

#:24 [crow32.exe]
ModuleName : C:\WINNT\System32\crow32.exe
Command Line : "C:\WINNT\System32\crow32.exe"
ProcessID : 1268
ThreadCreationTime : 5-5-2005 10:38:56 PM
BasePriority : Normal


Do you know what this process is?

Have you tried a online AV scan?

Panda

Symantec

McAfee

TrendMicro Recommended

F-secure


And have you scanned with the latest definition file of Ad-aware SE?

Thanks :tazz:
  • 0

#6
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Andy, it's funny that you ask about crow32.exe. Before finding this site, I was researching that file and couldn't find any information on it anywhere, other than finding it in other peoples' hijackthis logfiles from online. I noticed it was sucking up about 30% of my processing power every couple of seconds and noticed a major slow down. In other words, I have no idea what it is.

I did run AVG Anti-Virus Free Edition today and it found a virus that was associated with my Java Virtual Machine. I had suspected a virus related to java for a while now but until today was unable to find anything specific.

I used to use Trend Micro's free online virus scan, but ever since IE quit working for me I haven't been able to use their plugin (Netscape's plugin directory is apparently having a problem with the plugin; strange story and I can give more details later if asked).

I scanned today with today's most updated definition file of Ad-Aware SE. Everything has been removed that Ad-Aware found.

What should be my next step, do you think?

Jason...
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Here is my hijackthis log file. The issues I'd like resolved are as follows:

1) IE no longer runs, I want it to work properly

2) I don't know what crow32.exe is or why it is running as a service. I'd like to know what it is and if it should be there or not.

3) My computer runs a bit slower than I think that it probably should. I'd like to speed it up by freeing some of the resources if possible.

Thanks for all of your help,
Jason...


***********************************************

Logfile of HijackThis v1.99.1
Scan saved at 9:38:11 PM, on 5/6/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
D:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\EPoX\USDM\USDM.EXE
C:\WINNT\System32\crow32.exe
C:\Program Files\DIGStream\digstream.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Warez P2P Client\warez.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\Wtablet\TabUserW.exe
D:\Program Files\Yahoo!\Messenger\YPager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
D:\PROGRA~1\Netscape\Netscape\Netscp.exe
D:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapp...om/ext/search/s

earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapp...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and

Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src");

(C:\Documents and Settings\Jason Fultz\Application

Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program

Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ELRYBMS] C:\WINNT\ELRYBMS.exe
O4 - HKLM\..\Run: [Security32 Loader] security32.exe
O4 - HKLM\..\Run: [crow32 Driver] crow32.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Security32 Loader] security32.exe
O4 - HKCU\..\Run: [laod] C:\WINNT\system\svchost.exe
O4 - HKCU\..\Run: [Terminate Popup] d:\Program Files\Zero-PopUps\zpu.exe
O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: ME101 Configuration Utility.lnk = D:\Program Files\NETGEAR\ME101

Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard

5\ScannerFinder.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

http://a1540.g.akama...n/QuickTimeInst

aller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -

http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abac...abasetup152.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -

http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program

Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file

missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software -

C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - D:\Program

Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "D:\Program

Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MySql - Unknown owner - D:/
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you do an online virusscan for example here: http://housecall.antivirus.com/

I think you will find some Agobot or Sdbot variants.

Post a new HijackThis log when you are done.

Regards,
  • 0

#10
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Because IE won't work, and for other unknown reasons, when I use Netscape to do an online Housecall scan, the plug-in is apparently unable to install correctly or something. In short, I'm unable to use online virus scanner now. Since the last time I posted a log here, I have installed and have been running regularly AVG Free anti-virus software.

Anyway, thanks for getting back to my thread. It had been a while and I wasn't sure how busy you guys had been over the past month. Here is the log I ran just a few minutes ago after rebooting:



Logfile of HijackThis v1.99.1
Scan saved at 1:39:05 PM, on 6/24/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINNT\System32\Ati2evxx.exe
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
D:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\EPoX\USDM\USDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\crow32.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\QuickTime\qttask.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Warez P2P Client\warez.exe
D:\Program Files\Netscape\Netscape\Netscp.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
d:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\Wtablet\TabUserW.exe
D:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ELRYBMS] C:\WINNT\ELRYBMS.exe
O4 - HKLM\..\Run: [Security32 Loader] security32.exe
O4 - HKLM\..\Run: [crow32 Driver] crow32.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Security32 Loader] security32.exe
O4 - HKCU\..\Run: [laod] C:\WINNT\system\svchost.exe
O4 - HKCU\..\Run: [Terminate Popup] d:\Program Files\Zero-PopUps\zpu.exe
O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Let's see if we can disable the worst manually and get you back on track then.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

O4 - HKLM\..\Run: [ELRYBMS] C:\WINNT\ELRYBMS.exe
O4 - HKLM\..\Run: [Security32 Loader] security32.exe
O4 - HKLM\..\Run: [crow32 Driver] crow32.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe

O4 - HKLM\..\RunServices: [Security32 Loader] security32.exe
O4 - HKCU\..\Run: [laod] C:\WINNT\system\svchost.exe

O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

Reboot into safe mode and delete:
C:\WINNT\System32\crow32.exe
C:\WINNT\system\svchost.exe <= Note only the one in that location. The real one is here: C:\WINNT\System32\svchost.exe

Boot back to normal and post a new log.

Also let me know what exactly happens when you rty to connect to the internet with IE.

Regards,
  • 0

#12
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Thanks, so far, Pieter.

Whenever I try to run IE, I get the following error (and what great help this is):

"Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost.

Restart Microsoft Internet Exploreer

Please tell Microsoft about this problem.

We have created an error report that you can send to help us improve Microsoft Internet Explorer. We will treat this report as confidential and anonymous.

To see what data this error report contains, click here."

Then when I click to see the error report, this is what I see:

"Error signature

AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: user32.dll
ModVer: 5.0.2180.1 Offset: 000064dd ..."

It goes on, and I could show you the technical information about it, but it is probably too specific, as you are more than likely not a programmer for Microsoft (turns out I can copy and paste the text anyway because they won't give me that functionality in the information window.

I don't exactly remember the error I used to get, but after I first started having problems (I think it just closed without even giving me an error message in the first place), I repaired/uninstalled/installed IE 6, but not completely. Every time I try to reinstall IE 6 now, I get another message to reboot my computer to complete the install, but when I reboot, I believe it tells me that I have to reboot again to complete the install (so it's a viscious cycle that never ends), if I remember correctly. If this is different after trying to install IE 6 again now that I have cleaned up as you suggested, then I will post one more time letting you know.

I have done as you suggested and here is my newest logilfe:
  • 0

#13
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
After installing IE 6 again this time, I was able to actually complete the installation, but I still get the same error as stated in the above post (Error Report).

Logfile as described above (sorry, I thought the installer was about to reboot my machine while I was finishing my post, so I posted without it):

***************************************

Logfile of HijackThis v1.99.1
Scan saved at 12:40:33 AM, on 6/26/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINNT\System32\Ati2evxx.exe
D:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\gearsec.exe
D:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\EPoX\USDM\USDM.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\SOUNDMAN.EXE
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
d:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\Wtablet\TabUserW.exe
D:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jason Fultz\Application Data\Mozilla\Profiles\default\ojufvc3c.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPoXUSDM] "D:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Terminate Popup] d:\Program Files\Zero-PopUps\zpu.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "D:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Then please run Ewido, and run a full scan. Save the logfile from the scan.
Boot back to normal when the scan is done and post the scanlog.

Regards,
  • 0

#15
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Here is the scanlog from Ewido:

*******************************

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:09:09 PM, 6/26/2005
+ Report-Checksum: 6C53459E

+ Date of database: 6/26/2005
+ Version of scan engine: v3.0

+ Duration: 84 min
+ Scanned Files: 251476
+ Speed: 49.79 Files/Second
+ Infected files: 14
+ Removed files: 14
+ Files put in quarantine: 14
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
E:\
G:\

+ Scan result:
C:\Documents and Settings\Jason Fultz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-15d80cb5.class -> TrojanDownloader.Small.WV -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jason Fultz\Cookies\jason fultz@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\Program Files\ICQ\NDetect.exe -> Backdoor.IP_Protect -> Cleaned with backup
E:\WINDOWS\Cookies\drachin@geocities.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\WINDOWS\Cookies\drachin@ncmapi.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\WINDOWS\Cookies\drachin@avenuea.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\WINDOWS\Cookies\drachin@imall_ngadcenter.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\WINDOWS\Cookies\drachin@datais.txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP