Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad-aware logfile[RESOLVED]


  • This topic is locked This topic is locked

#1
Bec42

Bec42

    Member

  • Member
  • PipPip
  • 15 posts
I have annoying pop-ups every few minutes and a red circle with a white x in it that put itself in my lower tray. Nothing I have tried will remove it and any attempt to only causes it to produce more pop-ups. Any help would be greatly appreciated.

Logfile removed:Incorrect Logfile type posted

Thanks in advance
Bec42

Edited by Andy_veal, 10 May 2005 - 11:12 AM.

  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R43 06.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.


Good luck

Andy
  • 0

#3
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry about the wrong logfile. Here is the correct one.


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 1:47:33 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):24 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:47 %
Total physical memory:228656 kb
Available physical memory:59712 kb
Total page file size:1868492 kb
Available on page file:1737668 kb
Total virtual memory:2093056 kb
Available virtual memory:2041344 kb
OS:

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-05 1:47:33 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4293893445
Threads : 9
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294957705
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294955697
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294951021
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294847285
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:6 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294883113
Threads : 2
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:7 [SA3DSRV.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SA3DSRV.EXE
Command Line : sa3dsrv.exe
ProcessID : 4294879221
Threads : 3
Priority : Realtime
FileVersion : 4.05.009f
ProductVersion : 4.05.009f
ProductName : Aureal A3D for Compaq
CompanyName : Aureal Semiconductor
FileDescription : SoftA3D Server
InternalName : sa3dsrv
LegalCopyright : Copyright © Aureal Semiconductor. 1997,98
OriginalFilename : SA3DSRV.EXE

#:8 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294869333
Threads : 3
Priority : Realtime
FileVersion : 4.06.02.0436
ProductVersion : 4.06.02.0436
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:9 [LEXBCES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\LEXBCES.EXE
Command Line : LEXBCES.EXE
ProcessID : 4294782017
Threads : 11
Priority : Normal
FileVersion : 4,75,00,01
ProductVersion : 4,75,00,01
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 1998 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:10 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4294895485
Threads : 5
Priority : Normal
FileVersion : 4.71.1718
ProductVersion : 4.71.1718
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : dcomss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1996
OriginalFilename : dcomss.exe

#:11 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294823373
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:12 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294727597
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:13 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294724993
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:14 [EM_EXEC.EXE]
ModuleName : C:\MOUSE\SYSTEM\EM_EXEC.EXE
Command Line : "C:\mouse\system\em_exec.exe"
ProcessID : 4294749469
Threads : 1
Priority : Normal
FileVersion : 8.02.000
ProductVersion : 8.02a
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright Logitech Inc 1987-1998.
LegalTrademarks : Logitech ™ is a trademark of Logitech Inc. MouseWare® is a registered trademark of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:15 [CPQEADM.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
Command Line : "C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe"
ProcessID : 4294740129
Threads : 1
Priority : Normal
FileVersion : 4.00.010
ProductVersion : 4.00.010
ProductName : Compaq Easy Access Button Support
CompanyName : Compaq Computer Corporation
FileDescription : Easy Access Software Demon
InternalName : CPQEADM
LegalCopyright : Copyright © 1998, 1999
OriginalFilename : CPQEADM.exe

#:16 [CISRVR.EXE]
ModuleName : C:\COMPAQ\INTERNET\CISRVR.EXE
Command Line : "C:\COMPAQ\INTERNET\CISRVR.EXE"
ProcessID : 4294759669
Threads : 1
Priority : Normal
FileVersion : 1, 3, 0, 8
ProductVersion : 1, 3, 0, 8
ProductName : Compaq CISrvr
CompanyName : Compaq Computer Corp.
FileDescription : CISrvr
InternalName : CISrvr
LegalCopyright : Copyright © 1998
OriginalFilename : CISrvr.exe

#:17 [SHPC32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SHPC32.EXE
Command Line : "C:\WINDOWS\SYSTEM\shpc32.exe"
ProcessID : 4294643949
Threads : 1
Priority : Normal


#:18 [BTTNSERV.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
Command Line : C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE -Embedding
ProcessID : 4294668821
Threads : 5
Priority : Normal
FileVersion : 4.00.053
ProductVersion : 4.00.053
ProductName : BttnServ Module
CompanyName : Compaq Computer Corporation
FileDescription : Buton Server
InternalName : BttnSvr
LegalCopyright : Copyright 1997-1998
OriginalFilename : BttnServ.exe

#:19 [AOLSP SCHEDULER.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 4294659637
Threads : 2
Priority : Normal
FileVersion : 1, 0, 0, 74
ProductVersion : 1, 0, 0, 74
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:20 [REALPLAY.EXE]
ModuleName : C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
ProcessID : 4294959701
Threads : 6
Priority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:21 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294742209
Threads : 2
Priority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:22 [VIEWMGR.EXE]
ModuleName : C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 4294758025
Threads : 1
Priority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:23 [AVGCC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE" /STARTUP
ProcessID : 4294703437
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:24 [AVGEMC.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE"
ProcessID : 4294597633
Threads : 6
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:25 [AVGAMSVR.EXE]
ModuleName : C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
Command Line : "C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE"
ProcessID : 4294593045
Threads : 4
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:26 [REMINDER.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
Command Line : "C:\Program Files\Microsoft Money\System\reminder.exe"
ProcessID : 4294649077
Threads : 1
Priority : Normal
FileVersion : 7.00.0805
ProductVersion : 7.00.0805
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Reminder
InternalName : REMINDER
LegalCopyright : Copyright © Microsoft Corp. 1990-1998. All rights reserved.
OriginalFilename : REMINDER.EXE

#:27 [CPUNUMBER.EXE]
ModuleName : C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE
Command Line : "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
ProcessID : 4294625717
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Intel Processor Serial Number Control Utility
CompanyName : Intel Corporation
FileDescription : Intel Processor Serial Number Control Utility Executable
InternalName : Bld_012699_02d
LegalCopyright : Copyright© 1999, Intel Corporation. All rights reserved.
OriginalFilename : Intel Processor Serial Number Control Utility.EXE

#:28 [FINDFAST.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
Command Line : "C:\Program Files\Microsoft Office\FINDFAST.EXE"
ProcessID : 4294516029
Threads : 2
Priority : Normal


#:29 [IOWATCH.EXE]
ModuleName : C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE
Command Line : "C:\Program Files\Iomega\Tools\IOWATCH.EXE"
ProcessID : 4294539825
Threads : 1
Priority : Normal


#:30 [IMGICON.EXE]
ModuleName : C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
Command Line : "C:\Program Files\Iomega\Tools\IMGICON.exe"
ProcessID : 4294555913
Threads : 1
Priority : Normal
FileVersion : 6, 0, 9, 0
ProductVersion : 6, 0, 9, 0
ProductName : Iomega Corp. IMGICON
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
LegalCopyright : Copyright © 1997 - 1998
OriginalFilename : IMGICON.exe

#:31 [CPQA1000.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\A1000\CPQA1000.EXE
Command Line : "C:\Program Files\Compaq\A1000\CPQA1000.exe"
ProcessID : 4294547121
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 58
ProductVersion : 1, 0, 0, 0
ProductName : Compaq A1000
CompanyName : Compaq Computer Corporation
FileDescription : Compaq A1000 Settings Utility
InternalName : CPQA1000
LegalCopyright : Copyright © 1998, 1999, 2000
OriginalFilename : CPQA1000.EXE

#:32 [AOLTRAY.EXE]
ModuleName : C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
Command Line : "C:\Program Files\America Online 8.0\aoltray.exe" -check
ProcessID : 4294455949
Threads : 1
Priority : Normal
FileVersion : 8.00.000
ProductVersion : 8.00.000
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2003

#:33 [OSD.EXE]
ModuleName : C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
Command Line : "C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE"
ProcessID : 4294494769
Threads : 1
Priority : Normal
FileVersion : 3.1.4
ProductVersion : 3.1.4
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-1998 Netropa Corp.
All Rights Reserved.
OriginalFilename : OSD.EXE

#:34 [CQSCSTMN.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CQSCSTMN.EXE
Command Line : n/a
ProcessID : 4293333869
Threads : 1
Priority : Normal


#:35 [CQSCAP32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CQSCAP32.EXE
Command Line : cqscap32.exe Compaq A1000
ProcessID : 4293350637
Threads : 4
Priority : Normal


#:36 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294813861
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:37 [COMPANION.EXE]
ModuleName : C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
Command Line : "C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE" /a
ProcessID : 4293216321
Threads : 1
Priority : Normal
FileVersion : 1, 1, 16, 1
ProductVersion : 1, 1, 16, 1
ProductName : Companion Module
FileDescription : Companion Module
InternalName : Companion
LegalCopyright : Copyright 2003
OriginalFilename : Companion.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:default@bs.serving-sys.com/
Expires : 1-1-38 1:00:00 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@centrport.net/
Expires : 12-31-29 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:default@valueclick.com/
Expires : 5-4-30 2:55:44 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:default@servedby.advertising.com/
Expires : 6-9-05 1:55:42 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:default@edge.ru4.com/
Expires : 5-2-35 11:13:06 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[2].txt
Category : Data Miner
Comment : Hits:139
Value : Cookie:default@2o7.net/
Expires : 5-9-10 1:55:38 PM
LastSync : Hits:139
UseCount : 0
Hits : 139

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@atdmt.com/
Expires : 5-8-10 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:default@serving-sys.com/
Expires : 1-1-38 1:00:00 AM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@casalemedia.com/
Expires : 4-30-06 10:56:12 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:default@z1.adserver.com/
Expires : 5-9-06 6:44:04 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:default@advertising.com/
Expires : 5-9-10 1:55:42 PM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:default@doubleclick.net/
Expires : 5-10-05 12:15:18 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 12



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@edge.ru4[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@edge.ru4[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@casalemedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@valueclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@centrport[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@bs.serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@bs.serving-sys[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 24




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24

2:03:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:48.350
Objects scanned:91669
Objects identified:24
Objects ignored:0
New critical objects:24


Hope this is right
Thanks
Bec42
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 24



If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#5
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
I can not see any problem with your logfile, except for these two processes.....

#:34 [CQSCSTMN.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CQSCSTMN.EXE
Command Line : n/a
ProcessID : 4293333869
Threads : 1
Priority : Normal


#:35 [CQSCAP32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\CQSCAP32.EXE
Command Line : cqscap32.exe Compaq A1000
ProcessID : 4293350637
Threads : 4
Priority : Normal


Do you know what these processes are?
  • 0

#6
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have no idea what they are Andy. lol I am having the same problems as many who say they have something they call Aurora. Continuous pop-ups, an icon that cannot be clicked on and a couple of error and warnings that pop up quite often. My pop-ups take place about every5 minutes or so. They are mostly [bleep], pharmacy and spyware ads. It is extremely annoying. I posted my adaware logfile here because thats what the directions said to do. I'm pretty sure i will need to do the hijack this program. Let me know if you need anything else from me.

Thanks
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#8
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Most of my problems are already mentioned in previous posts. This is my first post on this Malware site so I have ran Ad-aware, spybot and AVG. Before I found this site I DLed a AV program called Kaspersky. When I ran it, it found a virus. I know the first word of the name was (wow). I deleted it before I found your site. My symptoms are similar to what others are calling Aurora. I think thats about it. Here is my logfile..

Logfile of HijackThis v1.99.1
Scan saved at 8:04:08 PM, on 5/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\SYSTEM\SHPC32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\COMPAQ\A1000\CPQA1000.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\CQSCSTMN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\CQSCAP32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgo...info/ad/ad0058/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\bwtray.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [AOL Instant Messenger ™] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe
O4 - Startup: A1000 Settings Utility.lnk = C:\Program Files\Compaq\A1000\CPQA1000.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra button: Print Favorites - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - C:\Program Files\Compaq\A1000\prnfavs.exe
O9 - Extra 'Tools' menuitem: Print &Favorites... - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - C:\Program Files\Compaq\A1000\prnfavs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab



If you need any other info. just let me know.
Thank you very much
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Hi Bec42,

Can you do a find files for param32.dll , systr.dll or popup_bl.dll and guninst.exe
Most likely they will be in your C:\WINDOWS\System32\ folder

Let me know which ones are found where.

Then I would like to advise to uninstall:
ViewPoint manger
under Add/Remove Software

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Reboot and run Hijackthis again. Post a new log when you are done.

Regards,
  • 0

#10
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
O.K. I fixed the lines you requested in hijack this, except for one line, the one about Mcafee, I went and downloaded the rest of the program so it is now up and running. Here are the results from the other request.

param32.dll-------C:\windows\S.........(this is all it gave me for the location)
popup_bl.dll-------same as above
guninst.exe--------did not find it

I rebooted and ran hijackthis again, here is the logfile....Also after rebooting it was pretty slow loading up AOL...not sure what caused that.

Logfile of HijackThis v1.99.1
Scan saved at 8:37:50 PM, on 5/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\WINDOWS\SYSTEM\SHPC32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\COMPAQ\A1000\CPQA1000.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\CQSCSTMN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\CQSCAP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgo...info/ad/ad0058/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\bwtray.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [CompaqSysTray] cpqpscp.exe
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [AOL Instant Messenger ™] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe
O4 - Startup: A1000 Settings Utility.lnk = C:\Program Files\Compaq\A1000\CPQA1000.exe
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavist...avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavist...avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavist...avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavist...vie5/hostsearch (file missing)
O9 - Extra button: Print Favorites - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - C:\Program Files\Compaq\A1000\prnfavs.exe
O9 - Extra 'Tools' menuitem: Print &Favorites... - {BA224D00-9553-11d2-9D65-00A0CC22CBC4} - C:\Program Files\Compaq\A1000\prnfavs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....llInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\param32.dll
C:\WINDOWS\SYSTEM\popup_bl.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot run HijackThis.
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgo...info/ad/ad0058/

It should stay away this time.

Regards,
  • 0

#12
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I dled the killbox program. When I try to copy to clipboard via control c and paste to killbox, I see nothing. I also tried to copy and paste the normal way. After doing that I clicked delete on reboot and never got a pending operations prompt. I rebooted any way and ran a file check and the files were still there....I have not ran the hijack this yet..I just want to make sure i am doing this right...I followed your instructions to the tee.....Should i go ahead and run hijackthis even tho the other 2 files are still there?
  • 0

#13
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
To paste into Killbox:

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Regards,

Pieter
  • 0

#14
Bec42

Bec42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did exactly what you said. Then i rebooted and ran hijackthis....fixed the line and rebooted again. I just logged on and got another popup....I still have the red circle with the x in my lower tray also....for some reason either killbox isn't working or i am doing something wrong with it... your directions are simple...its not like i don't understand......i'm just not sure whats happening with it....sorry to be more trouble to ya but i do appreciate your help....
  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
No problem at all. Just making sure you got it.

Can you do another Find Files for those files. If they are found, reboot into safe mode and delete them.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP