Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]hijacked browser

Started by RODESPI , May 06 2005 03:00 PM

  • This topic is locked This topic is locked

#1
RODESPI
Posted 06 May 2005 - 03:00 PM

RODESPI

    New Member

  • Member
  • Pip
  • 2 posts
I'm having problems with my browsers, IE and Firefox. I've tried removing the culprit with different programs, but nothing is working. Can anyone help?

This is the log I got from ad-aware.


Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 06, 2005 4:52:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:523764 kb
Available physical memory:136096 kb
Total page file size:1276720 kb
Available on page file:919104 kb
Total virtual memory:2097024 kb
Available virtual memory:2044804 kb
OS:Microsoft Windows 2000 Service Pack 3 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-6-2005 4:52:22 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 204
ThreadCreationTime : 5-6-2005 7:08:32 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 228
ThreadCreationTime : 5-6-2005 7:08:40 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 252
ThreadCreationTime : 5-6-2005 7:08:41 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 280
ThreadCreationTime : 5-6-2005 7:08:43 PM
BasePriority : Normal
FileVersion : 5.00.2195.3940
ProductVersion : 5.00.2195.3940
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 292
ThreadCreationTime : 5-6-2005 7:08:43 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [termsrv.exe]
ModuleName : C:\WINNT\System32\termsrv.exe
Command Line : C:\WINNT\System32\termsrv.exe
ProcessID : 396
ThreadCreationTime : 5-6-2005 7:08:44 PM
BasePriority : Normal
FileVersion : 5.00.2195.5276
ProductVersion : 5.00.2195.5276
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Terminal Server Service
InternalName : termsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : termsrv.exe

#:7 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 540
ThreadCreationTime : 5-6-2005 7:08:46 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 576
ThreadCreationTime : 5-6-2005 7:08:52 PM
BasePriority : Normal
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [msdtc.exe]
ModuleName : C:\WINNT\System32\msdtc.exe
Command Line : C:\WINNT\System32\msdtc.exe
ProcessID : 764
ThreadCreationTime : 5-6-2005 7:09:27 PM
BasePriority : Normal
FileVersion : 1999.9.3421.3
ProductVersion : 03.00.00.3421
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation

#:10 [tcpsvcs.exe]
ModuleName : C:\WINNT\System32\tcpsvcs.exe
Command Line : C:\WINNT\System32\tcpsvcs.exe
ProcessID : 864
ThreadCreationTime : 5-6-2005 7:09:28 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : TCPSVCS.EXE

#:11 [dcevt32.exe]
ModuleName : C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
Command Line : "C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe"
ProcessID : 880
ThreadCreationTime : 5-6-2005 7:09:28 PM
BasePriority : Normal
FileVersion : 4.8.0 (BLD_3736)
ProductVersion : 4.8.0 (BLD_3736)
ProductName : Dell® OpenManage Server Agent
CompanyName : Dell Computer Corporation.
FileDescription : Dell OpenManage Event Monitor
InternalName : dcevt32.dll
LegalCopyright : Copyright © Dell Corp. 1995-2002
OriginalFilename : dcevt32.dll

#:12 [dcstor32.exe]
ModuleName : C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
Command Line : "C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe"
ProcessID : 904
ThreadCreationTime : 5-6-2005 7:09:28 PM
BasePriority : Normal
FileVersion : 4.8.0 (BLD_3736)
ProductVersion : 4.8.0 (BLD_3736)
ProductName : Dell® OpenManage Server Agent
CompanyName : Dell Computer Corporation.
FileDescription : Dell OpenManage Server Agent
InternalName : dcstor32.exe
LegalCopyright : Copyright © Dell Corp. 1995-2002
OriginalFilename : dcstor32.exe

#:13 [dfssvc.exe]
ModuleName : C:\WINNT\system32\Dfssvc.exe
Command Line : C:\WINNT\system32\Dfssvc.exe
ProcessID : 964
ThreadCreationTime : 5-6-2005 7:09:29 PM
BasePriority : Normal
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Distributed File System Service
InternalName : dfssvc.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : dfssvc.exe

#:14 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 980
ThreadCreationTime : 5-6-2005 7:09:29 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [grovel.exe]
ModuleName : C:\WINNT\System32\grovel.exe
Command Line : C:\WINNT\System32\grovel.exe
ProcessID : 1004
ThreadCreationTime : 5-6-2005 7:09:29 PM
BasePriority : Normal
FileVersion : 5.00.2195.5427
ProductVersion : 5.00.2195.5427
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Single-Instance Store Groveler Service
InternalName : grovel.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : grovel.exe

#:16 [hidserv.exe]
ModuleName : C:\WINNT\system32\hidserv.exe
Command Line : C:\WINNT\system32\hidserv.exe
ProcessID : 1032
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.4875
ProductVersion : 5.00.2195.4875
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : HIDSERV.EXE

#:17 [ismserv.exe]
ModuleName : C:\WINNT\System32\ismserv.exe
Command Line : C:\WINNT\System32\ismserv.exe
ProcessID : 1052
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.4827
ProductVersion : 5.00.2195.4827
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Intersite Messaging Service
InternalName : ismserv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : ismserv.exe

#:18 [llssrv.exe]
ModuleName : C:\WINNT\System32\llssrv.exe
Command Line : C:\WINNT\System32\llssrv.exe
ProcessID : 1080
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.4907
ProductVersion : 5.00.2195.4907
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® License Server
InternalName : llssrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : llssrv.exe

#:19 [sfmsvc.exe]
ModuleName : C:\WINNT\System32\sfmsvc.exe
Command Line : C:\WINNT\System32\sfmsvc.exe
ProcessID : 1124
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 5.00.2195.4926
ProductVersion : 5.00.2195.4926
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Macintosh File Server Service
InternalName : sfmsvc.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : sfmsvc.exe

#:20 [sfmprint.exe]
ModuleName : C:\WINNT\System32\sfmprint.exe
Command Line : C:\WINNT\System32\sfmprint.exe
ProcessID : 1164
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 5.00.2157.1
ProductVersion : 5.00.2157.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : MacPrint Service
InternalName : sfmprint.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : sfmprint.exe

#:21 [mr2kserv.exe]
ModuleName : C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
Command Line : "C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe"
ProcessID : 712
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : mr2kserv Module
FileDescription : mr2kserv Module
InternalName : mr2kserv
LegalCopyright : Copyright 2000
OriginalFilename : mr2kserv.EXE

#:22 [nmssvc.exe]
ModuleName : C:\WINNT\System32\NMSSvc.exe
Command Line : C:\WINNT\System32\NMSSvc.exe
ProcessID : 1268
ThreadCreationTime : 5-6-2005 7:09:30 PM
BasePriority : Normal
FileVersion : 2.2.9.0
ProductVersion : 2.2.9.0
ProductName : NMS
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
LegalCopyright : Copyright © 2000-2002 Intel Corp. All Rights Reserved

#:23 [ntfrs.exe]
ModuleName : C:\WINNT\system32\ntfrs.exe
Command Line : C:\WINNT\system32\ntfrs.exe
ProcessID : 1300
ThreadCreationTime : 5-6-2005 7:09:31 PM
BasePriority : Normal
FileVersion : 5.00.2195.5429
ProductVersion : 5.00.2195.5429
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : File Replication Service
InternalName : NTFRS.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : NTFRS.EXE

#:24 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 1376
ThreadCreationTime : 5-6-2005 7:09:32 PM
BasePriority : Normal
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:25 [rsfsa.exe]
ModuleName : C:\WINNT\System32\RsFsa.exe
Command Line : C:\WINNT\System32\RsFsa.exe
ProcessID : 1396
ThreadCreationTime : 5-6-2005 7:09:32 PM
BasePriority : Normal
FileVersion : 5.00.2195.3927
ProductVersion : 5.00.2195.3927
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Storage File service
InternalName : RsFsa.exe
LegalCopyright : Copyright © Microsoft Corp. and Seagate Software, Inc.1981-1999
OriginalFilename : RsFsa.exe

#:26 [locator.exe]
ModuleName : C:\WINNT\System32\locator.exe
Command Line : C:\WINNT\System32\locator.exe
ProcessID : 1412
ThreadCreationTime : 5-6-2005 7:09:33 PM
BasePriority : Normal
FileVersion : 5.00.2195.6136
ProductVersion : 5.00.2195.6136
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : locator.exe

#:27 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 1444
ThreadCreationTime : 5-6-2005 7:09:33 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:28 [omaws32.exe]
ModuleName : C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
Command Line : "C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe"
ProcessID : 1524
ThreadCreationTime : 5-6-2005 7:09:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0,1
ProductVersion : 1, 0, 0, 1
ProductName : Internet Server NT Service
CompanyName : Dell Computer Corporation
FileDescription : Internet Server NT Service
InternalName : omaws32
LegalCopyright : Dell Copyright © 2000-2001. All rights reserved.
OriginalFilename : omaws32

#:29 [snmp.exe]
ModuleName : C:\WINNT\System32\snmp.exe
Command Line : C:\WINNT\System32\snmp.exe
ProcessID : 1548
ThreadCreationTime : 5-6-2005 7:09:34 PM
BasePriority : Normal
FileVersion : 5.00.2195.5080
ProductVersion : 5.00.2195.5080
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : snmp.exe

#:30 [twwinsdr.exe]
ModuleName : C:\Program Files\TapeWare\TWWINSDR.EXE
Command Line : "C:\Program Files\TapeWare\TWWINSDR.EXE"
ProcessID : 1576
ThreadCreationTime : 5-6-2005 7:09:34 PM
BasePriority : Normal


#:31 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k tapisrv
ProcessID : 1600
ThreadCreationTime : 5-6-2005 7:09:35 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:32 [lserver.exe]
ModuleName : C:\WINNT\System32\lserver.exe
Command Line : C:\WINNT\System32\lserver.exe
ProcessID : 1476
ThreadCreationTime : 5-6-2005 7:09:35 PM
BasePriority : Normal
FileVersion : 5.00.2195.4862
ProductVersion : 5.00.2195.4862
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Terminal Services Licensing
InternalName : lserver.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lserver.exe

#:33 [tftpd.exe]
ModuleName : C:\WINNT\System32\tftpd.exe
Command Line : C:\WINNT\System32\tftpd.exe
ProcessID : 1652
ThreadCreationTime : 5-6-2005 7:09:35 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Trivial file transfer daemon.
InternalName : tftpd.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : tftpd.exe

#:34 [vxsvc.exe]
ModuleName : C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
Command Line : "C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe"
ProcessID : 1696
ThreadCreationTime : 5-6-2005 7:09:36 PM
BasePriority : Normal
FileVersion : 3.4.532.0
ProductVersion : 3.4.0.0
ProductName : Volume Manager for Windows 2000
CompanyName : VERITAS Software Corp.
FileDescription : Volume Manager Service
InternalName : vxsvc.exe
LegalCopyright : © 1999-2002 VERITAS Software Corp.
OriginalFilename : vxsvc.exe

#:35 [wanmpsvc.exe]
ModuleName : C:\WINNT\wanmpsvc.exe
Command Line : "C:\WINNT\wanmpsvc.exe"
ProcessID : 1764
ThreadCreationTime : 5-6-2005 7:09:39 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:36 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 1820
ThreadCreationTime : 5-6-2005 7:09:40 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:37 [dns.exe]
ModuleName : C:\WINNT\System32\dns.exe
Command Line : C:\WINNT\System32\dns.exe
ProcessID : 548
ThreadCreationTime : 5-6-2005 7:09:40 PM
BasePriority : Normal
FileVersion : 5.00.2195.5390
ProductVersion : 5.00.2195.5390
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Domain Name System (DNS) Server
InternalName : dns.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : dns.exe

#:38 [inetinfo.exe]
ModuleName : C:\WINNT\System32\inetsrv\inetinfo.exe
Command Line : C:\WINNT\System32\inetsrv\inetinfo.exe
ProcessID : 1856
ThreadCreationTime : 5-6-2005 7:09:40 PM
BasePriority : Normal
FileVersion : 5.00.0984
ProductVersion : 5.00.0984
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : INETINFO.EXE

#:39 [mqsvc.exe]
ModuleName : C:\WINNT\System32\mqsvc.exe
Command Line : C:\WINNT\System32\mqsvc.exe
ProcessID : 1912
ThreadCreationTime : 5-6-2005 7:09:41 PM
BasePriority : Normal
FileVersion : 5.00.0720
ProductVersion : 5.00.0720
ProductName : Microsoft Message Queue
CompanyName : Microsoft Corporation
FileDescription : Windows NT MQ Service
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows NT™ is a trademark of Microsoft Corporation
OriginalFilename : MQSVC.EXE

#:40 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 2756
ThreadCreationTime : 5-6-2005 7:12:11 PM
BasePriority : Normal
FileVersion : 5.00.3502.5321
ProductVersion : 5.00.3502.5321
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:41 [diagorb.exe]
ModuleName : C:\PROGRA~1\Dell\OPENMA~1\oldiags\vendor\pcdoctor\bin\diagorb.exe
Command Line : C:/PROGRA~1/Dell/OPENMA~1/oldiags/vendor/pcdoctor/bin/diagorb.exe C:/PROGRA~1/Dell/OPENMA~1/oldiags/vendor/pcdoctor/bin/PcDrDLL.ior C:/PROGRA~1/Dell/OPENMA~1/oldiags/vendor/pcdoctor/log/diagorb.log
ProcessID : 2844
ThreadCreationTime : 5-6-2005 7:12:14 PM
BasePriority : Normal


#:42 [promon.exe]
ModuleName : C:\WINNT\system32\PROMon.exe
Command Line : "C:\WINNT\system32\PROMon.exe"
ProcessID : 2880
ThreadCreationTime : 5-6-2005 7:12:16 PM
BasePriority : Normal
FileVersion : 5.3.42.0
ProductVersion : 5.3.42.0
ProductName : Intel® PROMonitor
CompanyName : Intel Corporation
FileDescription : Intel® PROSet Tray Icon
InternalName : Intel® PROMonitor
LegalCopyright : Copyright © 1998-2002 Intel Corporation.
OriginalFilename : PROMon.exe
Comments : Configures and tests Intel® PRO family of adapters.

#:43 [realplay.exe]
ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 2940
ThreadCreationTime : 5-6-2005 7:12:17 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:44 [motivesb.exe]
ModuleName : C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe"
ProcessID : 2944
ThreadCreationTime : 5-6-2005 7:12:17 PM
BasePriority : Normal
FileVersion : 5.6.11.asst_classic.smartbridge.0
ProductVersion : 5.6.11.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:45 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2952
ThreadCreationTime : 5-6-2005 7:12:18 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:46 [scrsvc.exe]
ModuleName : C:\WINNT\system32\scrsvc.exe
Command Line : "C:\WINNT\system32\scrsvc.exe"
ProcessID : 2964
ThreadCreationTime : 5-6-2005 7:12:18 PM
BasePriority : Normal


#:47 [bootpd.exe]
ModuleName : C:\WINNT\system32\bootpd.exe
Command Line : "C:\WINNT\system32\bootpd.exe"
ProcessID : 2976
ThreadCreationTime : 5-6-2005 7:12:18 PM
BasePriority : Normal


#:48 [bootpd.exe]
ModuleName : C:\WINNT\system32\bootpd.exe
Command Line : --keep
ProcessID : 3000
ThreadCreationTime : 5-6-2005 7:12:18 PM
BasePriority : Normal


#:49 [yumgohomepageprotector.exe]
ModuleName : C:\WINNT\YumgoHomepageProtector.exe
Command Line : "C:\WINNT\YumgoHomepageProtector.exe"
ProcessID : 3024
ThreadCreationTime : 5-6-2005 7:12:19 PM
BasePriority : Normal


#:50 [mpbtn.exe]
ModuleName : C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
Command Line : "C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe"
ProcessID : 3196
ThreadCreationTime : 5-6-2005 7:12:24 PM
BasePriority : Normal
FileVersion : 5.0.2.4.asst_classic.asst_mpbtn.20020806_105000
ProductVersion : 5.0.2.4.asst_classic.asst_mpbtn
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Chorus System Tray Button
InternalName : mpbtn
LegalCopyright : Copyright 1998, 1999, 2000
OriginalFilename : mpbtn

#:51 [swdoctor.exe]
ModuleName : C:\Program Files\Spyware Doctor\swdoctor.exe
Command Line : "C:\Program Files\Spyware Doctor\swdoctor.exe" /H
ProcessID : 2728
ThreadCreationTime : 5-6-2005 7:57:51 PM
BasePriority : Normal
FileVersion : 3.1.0.312
ProductVersion : 3.1
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : swdr.exe

#:52 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 748
ThreadCreationTime : 5-6-2005 8:26:57 PM
BasePriority : Normal


#:53 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 908
ThreadCreationTime : 5-6-2005 8:52:14 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\hsantiago\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1214440339-651377827-839522115-1109\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
238 entries scanned.
New critical objects:0
Objects found so far: 11




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

4:56:46 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:24.344
Objects scanned:105589
Objects identified:0
Objects ignored:0
New critical objects:0

Attached Files


  • 0

Advertisements

#2
GR@PH;<'S
Posted 06 May 2005 - 03:39 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
RODESPI,
Can you please download
HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
[URL=http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html][b][color=red]

GR@PH;<'S :tazz:
  • 0

#3
GR@PH;<'S
Posted 06 May 2005 - 03:39 PM

GR@PH;<'S

    Member

  • Member
  • PipPipPip
  • 135 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#4
Metallica
Posted 29 May 2005 - 02:37 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Closed since it was continued here:
http://www.geekstogo...SED-t22612.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP