Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]B.S.O.D. Wallpaper


  • Please log in to reply

#1
kaden3018

kaden3018

    New Member

  • Member
  • Pip
  • 4 posts
I have a Blue Screen of Death as a wallpaper....
Any help with this would be much appreciated. Thanks in advance.

Here is my AdAware Post:

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 09, 2005 3:02:35 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria(TAC index:7):18 total references
CoolWebSearch(TAC index:10):17 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:72 %
Total physical memory:982000 kb
Available physical memory:700936 kb
Total page file size:2373572 kb
Available on page file:2223060 kb
Total virtual memory:2097024 kb
Available virtual memory:2030420 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-9-2005 3:02:35 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 320
ThreadCreationTime : 5-9-2005 5:50:14 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINNT\system32\csrss.exe
Command Line : D:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 384
ThreadCreationTime : 5-9-2005 5:50:27 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 408
ThreadCreationTime : 5-9-2005 5:50:28 AM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINNT\system32\services.exe
Command Line : D:\WINNT\system32\services.exe
ProcessID : 452
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINNT\system32\lsass.exe
Command Line : D:\WINNT\system32\lsass.exe
ProcessID : 464
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINNT\system32\svchost.exe
Command Line : D:\WINNT\system32\svchost -k rpcss
ProcessID : 632
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 656
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k NetworkService
ProcessID : 736
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k LocalService
ProcessID : 820
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : D:\WINNT\system32\spoolsv.exe
Command Line : D:\WINNT\system32\spoolsv.exe
ProcessID : 896
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 928
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [nisum.exe]
ModuleName : D:\Program Files\Norton Personal Firewall\NISUM.EXE
Command Line : "D:\Program Files\Norton Personal Firewall\NISUM.EXE"
ProcessID : 956
ThreadCreationTime : 5-9-2005 5:50:31 AM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:13 [explorer.exe]
ModuleName : D:\WINNT\Explorer.EXE
Command Line : D:\WINNT\Explorer.EXE
ProcessID : 1220
ThreadCreationTime : 5-9-2005 5:50:39 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [ati2evxx.exe]
ModuleName : D:\WINNT\System32\Ati2evxx.exe
Command Line : D:\WINNT\System32\Ati2evxx.exe
ProcessID : 1356
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal


#:15 [ccpxysvc.exe]
ModuleName : D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
Command Line : "D:\Program Files\Norton Personal Firewall\ccPxySvc.exe"
ProcessID : 1376
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:16 [wdfmgr.exe]
ModuleName : D:\WINNT\System32\wdfmgr.exe
Command Line : D:\WINNT\System32\wdfmgr.exe
ProcessID : 1468
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [atiptaxx.exe]
ModuleName : D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 344
ThreadCreationTime : 5-9-2005 5:51:31 AM
BasePriority : Normal
FileVersion : 6.14.10.4035
ProductVersion : 6.14.10.4035
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 372
ThreadCreationTime : 5-9-2005 5:51:31 AM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:19 [wuauclt.exe]
ModuleName : D:\WINNT\System32\wuauclt.exe
Command Line : "D:\WINNT\System32\wuauclt.exe"
ProcessID : 2068
ThreadCreationTime : 5-9-2005 5:51:58 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:20 [winld32.exe]
ModuleName : D:\WINNT\winld32.exe
Command Line : D:\WINNT\winld32.exe
ProcessID : 3896
ThreadCreationTime : 5-9-2005 6:36:57 AM
BasePriority : Normal


#:21 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 2884
ThreadCreationTime : 5-9-2005 6:56:35 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:22 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3132
ThreadCreationTime : 5-9-2005 6:57:53 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : File
Data : A0011906.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : CMEIIAPI.DLL


Claria Object Recognized!
Type : File
Data : A0011907.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GAppMgr.dll


Claria Object Recognized!
Type : File
Data : A0011908.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GController.dll


Claria Object Recognized!
Type : File
Data : A0011909.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GDlwdEng.dll


Claria Object Recognized!
Type : File
Data : A0011910.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIocl.dll


Claria Object Recognized!
Type : File
Data : A0011911.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIoclClient.dll


Claria Object Recognized!
Type : File
Data : A0011912.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMTProxy.dll


Claria Object Recognized!
Type : File
Data : A0011913.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GObjs.dll


Claria Object Recognized!
Type : File
Data : A0011914.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStore.dll


Claria Object Recognized!
Type : File
Data : A0011915.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStoreServer.dll


Claria Object Recognized!
Type : File
Data : A0011916.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GTools.dll


Claria Object Recognized!
Type : File
Data : A0011917.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGGCEngine dll


Claria Object Recognized!
Type : File
Data : A0011918.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : egIEClient Dynamic Link Library
InternalName : egIEClient.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : egIEClient.dll


Claria Object Recognized!
Type : File
Data : A0011919.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGIEProcess dll


Claria Object Recognized!
Type : File
Data : A0011920.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : Gator Client Application
InternalName : Gator.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : Gator.exe


Claria Object Recognized!
Type : File
Data : A0011921.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Installer library
InternalName : GInstaller.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GInstaller.dll


Claria Object Recognized!
Type : File
Data : A0011922.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMT.exe


Claria Object Recognized!
Type : File
Data : A0011923.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GUninstaller.exe


CoolWebSearch Object Recognized!
Type : File
Data : xzfwm.dat
Category : Malware
Comment :
Object : D:\WINNT\system32\



Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : D:\Documents and Settings\Chris\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : D:\Documents and Settings\Chris\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : D:\Documents and Settings\Chris\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {E3C699F9-90A2-D81A-55A1-89536785E1F1}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 38

3:04:17 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:42.748
Objects scanned:120070
Objects identified:38
Objects ignored:0
New critical objects:38
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome!

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R43 06.05.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
kaden3018

kaden3018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks. Will post new Log tonight in the AM.
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please could you try an update,

There seems to be some False positives

:-)
  • 0

#5
kaden3018

kaden3018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
in trying to follow the instructions in your last post; specifically running "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke from the run command while in safe mode, I ran into some trouble. It freezes explorer.exe. suggestions?
  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Unsure why it is freezing, please could you try to scan in normal windows mode.
  • 0

#7
kaden3018

kaden3018

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
normal mode brings same results. sorry about the late posts.
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP