Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad-ware logfile (please help!)


  • Please log in to reply

#1
IBG

IBG

    Member

  • Member
  • PipPip
  • 25 posts
Ad-Aware found a program called nail.exe running a few days ago.. can't seem to get rid of it. This is amongst a few of the problems that seem to arise every now and then. I had F-Secure installed, but was causing too many problems, so I've deleted it. If anyone has the time to help me out, I'd greatly appreciate it. I'm also going to post my Hijack log in the other forum. Thanks...


Ad-Aware SE Build 1.05
Logfile Created on:May 8, 2005 3:54:03 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):2 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


08-05-2005 3:54:03 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 08-05-2005 9:40:02 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 08-05-2005 9:40:04 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 08-05-2005 9:40:05 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 08-05-2005 9:40:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 08-05-2005 9:40:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 08-05-2005 9:40:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 812
ThreadCreationTime : 08-05-2005 9:40:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 08-05-2005 9:40:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 976
ThreadCreationTime : 08-05-2005 9:40:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1100
ThreadCreationTime : 08-05-2005 9:40:07 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 08-05-2005 9:40:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 08-05-2005 9:40:07 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1388
ThreadCreationTime : 08-05-2005 9:40:11 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 1592
ThreadCreationTime : 08-05-2005 9:40:12 PM
BasePriority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2003, Roxio, Inc.
OriginalFilename : Directcd.exe

#:15 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1608
ThreadCreationTime : 08-05-2005 9:40:12 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:16 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 1632
ThreadCreationTime : 08-05-2005 9:40:12 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:17 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 1700
ThreadCreationTime : 08-05-2005 9:40:12 PM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:18 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1816
ThreadCreationTime : 08-05-2005 9:40:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:19 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1864
ThreadCreationTime : 08-05-2005 9:40:15 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1928
ThreadCreationTime : 08-05-2005 9:40:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2032
ThreadCreationTime : 08-05-2005 9:40:20 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [outlook.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 1268
ThreadCreationTime : 08-05-2005 9:44:16 PM
BasePriority : Normal


#:23 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1328
ThreadCreationTime : 08-05-2005 9:44:18 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 560
ThreadCreationTime : 08-05-2005 9:44:23 PM
BasePriority : Normal


#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1480
ThreadCreationTime : 08-05-2005 9:48:27 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:26 [tnhnzdl.exe]
FilePath : c:\windows\system32\
ProcessID : 1960
ThreadCreationTime : 08-05-2005 9:48:43 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:27 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2320
ThreadCreationTime : 08-05-2005 9:48:56 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:28 [cidaemon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3744
ThreadCreationTime : 08-05-2005 9:51:16 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:29 [hijackthis.exe]
FilePath : C:\hijackthis\
ProcessID : 2344
ThreadCreationTime : 08-05-2005 9:52:42 PM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:30 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2468
ThreadCreationTime : 08-05-2005 9:52:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2868
ThreadCreationTime : 08-05-2005 9:53:43 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : g-diddy@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:g-diddy@atdmt.com/
Expires : 06-05-2010 6:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : g-diddy@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:g-diddy@doubleclick.net/
Expires : 07-05-2008 3:45:16 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

4:06:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:50.759
Objects scanned:98952
Objects identified:3
Objects ignored:0
New critical objects:3
  • 0

Advertisements


#2
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hi and welcome!


You have bad files running which Adaware doesn't detect yet so please try this first

Scan your computer with these two online virusscans. Post the logs here
Panda onlinescan
TrendMicro onlinescan

Cheers
Mannen
  • 0

#3
IBG

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the Panda log, I'll post the TrendMicro in my next post.
Thanks for your help.

Incident Status Location

Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\DrPMon.dll
Adware:Adware/Transponder No disinfected c:\windows\system32\yccnva.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/Transponder No disinfected c:\windows\system32\yccnva.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\DOCUME~1\G-Diddy\LOCALS~1\Temp\180sainstaller.exe
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\System32\services
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/TopConvert No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temp\180SAInstaller.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temp\B186323323\build2.0xe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\8TM7CX6V\svcproc[1].exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\MREVQDMJ\Nail[1].exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\SDA7CXIR\DrPMon[1].dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\UVKDQ7GP\Poller[1].exe
Adware:Adware/Transponder No disinfected C:\RECYCLER\S-1-5-21-117609710-688789844-854245398-1003\Dc3.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Bolger.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/Transponder No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\svcproc.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\DrPMon.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\yccnva.exe
Adware:Adware/Startpage.CN No disinfected C:\WINDOWS\webdlg32.dll
Adware:Adware/SBSoft No disinfected C:\WINDOWS\webdlg32.inf
Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.dll
Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.inf
  • 0

#4
IBG

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
TrendMicro Housecall scan results log:

Virus Scan 6 viruses detected


Results:
We have detected 6 infected file(s) with 6 virus(es) on your computer. Only 0 out of 0 infected files are displayed.
Detected File Associated Virus Name
C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\MREVQDMJ\Nail[1].exe TROJ_NAIL.A
C:\Documents and Settings\G-Diddy\Local Settings\Temporary Internet Files\Content.IE5\UVKDQ7GP\Poller[1].exe TROJ_AGENT.ABS
C:\RECYCLER\S-1-5-21-117609710-688789844-854245398-1003\Dc3.exe TROJ_NAIL.A
C:\WINDOWS\system32\yccnva.exe TROJ_AGENT.ABS
C:\WINDOWS\dwuighrbue.exe TROJ_BUDDY.F
C:\WINDOWS\Nail.exe TROJ_NAIL.A




Trojan/Worm Check No worm/Trojan horse detected

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed.
Trojan/Worm Name Trojan/Worm Type




Spyware Check 11 spyware programs detected

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 11 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type
COOKIE_1020 Cookie
COOKIE_1802 Cookie
COOKIE_2513 Cookie
COOKIE_3184 Cookie
COOKIE_3185 Cookie
COOKIE_3186 Cookie
ADW_BADBITOR.A Adware
SPYW_WEBSEARCH.A Spyware
ADW_BETTERNET.A Adware
ADW_APROPOS.O Adware
ADW_BOLGER.A Adware




Microsoft Vulnerability Check 2 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 2 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Highly Critical This vulnerability enables local users to execute arbitrary code through an RPC call. This is caused by a buffer overflow in the RPC Locator service for Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. MS03-001
Critical This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. MS04-040
  • 0

#5
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Good evening!


Please try this below, you have a nasty infection which can require Hijackthis to completly remove all traces. So if this fails I will transfer you over to the Hjt forum

Go to Start->Run and type Services.msc then hit Ok.
Scroll down and find the service called "System Startup Service (SvcProc)" . When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled.
Now hit Apply and then Ok and close any open windows.

Go to control panel > add/remove programs and look for "cxtpls" and "180search Assistant" If found please uninstall them

How to see hidden files and folders
http://www.xtra.co.n...1916458,00.html

Download this tool called Killbox.
http://www.bleepingc...are/KillBox.zip

Unzip where you want and run it

Disconnect from the internet and close all browsers

Select the Delete on Reboot option.
In the "Full Path of File to Delete" field copy/paste these files below. Copy one file at a time and click the red circle with the white X in it. First click yes, then when it asks you to reboot, click No. Then enter the other files and click yes to reboot when you are done with the last For the .dll files select "unregister before deleting"

C:\WINDOWS\system32\DrPMon.dll
c:\windows\system32\yccnva.exe
C:\WINDOWS\Bolger.dll
C:\Program Files\cxtpls\
C:\WINDOWS\delprot.ini
C:\WINDOWS\Bolger.dll
C:\WINDOWS\delprot.ini
C:\WINDOWS\Nail.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\system32\yccnva.exe
C:\WINDOWS\webdlg32.dll
C:\WINDOWS\webdlg32.inf
C:\WINDOWS\winsx.dll
C:\WINDOWS\winsx.inf


If any of the files cant be deleted try the same thing in safe mode

After you are done with the above please start your computer in safe mode

Can you clean (delete) the following directory contents (but not the directory folder) If you have anything you know you want to keep here, can you move it to a different folder for the time being:

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Then scan with Adaware and delete everything found.
Reboot to "normal" mode and post a fresh Adaware log and tell us how things are

Cheers
Mannen
  • 0

#6
IBG

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Followed your instructions, but it seems that the nail.exe is still on my system.
Latest logfile from Ad-Aware scan:


Ad-Aware SE Build 1.05
Logfile Created on:May 9, 2005 3:08:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-05-2005 3:08:22 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\G-Diddy\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-117609710-688789844-854245398-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 412
ThreadCreationTime : 09-05-2005 9:04:41 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 09-05-2005 9:04:43 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 09-05-2005 9:04:44 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 528
ThreadCreationTime : 09-05-2005 9:04:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 09-05-2005 9:04:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 09-05-2005 9:04:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 740
ThreadCreationTime : 09-05-2005 9:04:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 09-05-2005 9:04:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 09-05-2005 9:04:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 09-05-2005 9:04:45 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 09-05-2005 9:04:45 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : 7.1
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2001 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 09-05-2005 9:04:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [cisvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 09-05-2005 9:04:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 09-05-2005 9:04:46 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1224
ThreadCreationTime : 09-05-2005 9:04:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 09-05-2005 9:04:47 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1396
ThreadCreationTime : 09-05-2005 9:05:32 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1916
ThreadCreationTime : 09-05-2005 9:07:33 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 2036
ThreadCreationTime : 09-05-2005 9:07:35 PM
BasePriority : Normal
FileVersion : 5.3.5.10
ProductVersion : 5.3.5.10
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2003, Roxio, Inc.
OriginalFilename : Directcd.exe

#:20 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 136
ThreadCreationTime : 09-05-2005 9:07:35 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:21 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 172
ThreadCreationTime : 09-05-2005 9:07:35 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:22 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 192
ThreadCreationTime : 09-05-2005 9:07:35 PM
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:23 [zmzqyrl.exe]
FilePath : c:\windows\system32\
ProcessID : 228
ThreadCreationTime : 09-05-2005 9:07:36 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:24 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 764
ThreadCreationTime : 09-05-2005 9:08:12 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : g-diddy@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:g-diddy@atdmt.com/
Expires : 07-05-2010 6:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 14



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 14




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

3:12:55 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:33.263
Objects scanned:87120
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#7
Mannen

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
IBG

IBG

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
This has been fixed.. thanks for your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP