Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Posting logfile


  • Please log in to reply

#1
tofu5

tofu5

    Member

  • Member
  • PipPipPip
  • 175 posts
I got a Trojan yesterday(takes my homepage to searchforfree.info and gives me unwanted bookmarks). I've had ad-aware for months. My isp told me to also download hijackthis(which I did). I also have avg free version. I want to copy my logfiles for ad-aware and also hijack this but cannot figure out how to copy this area. How do you do this? Thank you.

Nancy
tofu5
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R44 10.05.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.


Good luck

Andy
  • 0

#3
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
The full scan up with no critical objects. I believe this is the logfile.Thank you. Nancy

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 8:07:38 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05-11-2005 8:07:38 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293864735
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294924943
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928371
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292923475
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [wmexe.exe]
FilePath : C:\WINDOWS\SYSTEM\WINMODEM.101\
ProcessID : 4292928043
Threads : 1
Priority : Normal
FileVersion : 1.60.009
ProductVersion : 2.60
ProductName : U.S. Robotics 56K Voice Win
CompanyName : U.S. Robotics, Inc.
FileDescription : NVRAM Manager
InternalName : WMEXE
LegalCopyright : Copyright © 1995 U.S. Robotics, Inc.
OriginalFilename : wmexe.exe

#:6 [GBPOLL.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4292934759
Threads : 1
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Polling Service
InternalName : GoBack Polling Service
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBPoll.exe
Comments : Patents Pending.

#:7 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292934995
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4292882723
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:9 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292996147
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:10 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292936875
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293035655
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293050171
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE

#:13 [GWHOTKEY.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293061375
Threads : 1
Priority : Normal
FileVersion : 5,7
ProductVersion : 5.7
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : BillP Studios
FileDescription : Multi-function Keyboard By Bill Pytlovany
LegalCopyright : Copyright © 1997-1999 Gateway 2000 Inc.
Comments : http://www.billp.com

#:14 [AHQTB.EXE]
FilePath : C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\
ProcessID : 4293063391
Threads : 1
Priority : Normal
FileVersion : 1.0.188
ProductVersion : 1.0.188
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ

#:15 [POINT32.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
ProcessID : 4293007427
Threads : 1
Priority : Normal


#:16 [TPPALDR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293025371
Threads : 1
Priority : Normal
FileVersion : 5.03.1135.0
ProductVersion : 5.03.1135.0
ProductName : TPP Storage Adapter
CompanyName : In-System Design, Inc.
FileDescription : TPP Auto Loader Application
InternalName : TPPALDR.EXE
LegalCopyright : Copyright © 1998-2001 In-System Design, Inc.
OriginalFilename : TPPALDR.EXE

#:17 [REALPLAY.EXE]
FilePath : C:\PROGRAM FILES\REAL\REALPLAYER\
ProcessID : 4293064747
Threads : 6
Priority : Normal
FileVersion : 6.0.9.380
ProductVersion : 6.0.9.380
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:18 [AVGCC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293054603
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:19 [AVGEMC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293115015
Threads : 8
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:20 [AVGAMSVR.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293009303
Threads : 4
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:21 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4293082311
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:22 [GBMENU.EXE]
FilePath : C:\PROGRAM FILES\WILD FILE\GOBACK\
ProcessID : 4293097287
Threads : 1
Priority : Normal
FileVersion : 2.1d
ProductVersion : 2.1d
ProductName : GoBack
CompanyName : Wild File, Inc.
FileDescription : GoBack Main Menu
InternalName : GoBack Main Menu
LegalCopyright : Copyright © 1997-1999 Wild File, Inc.
LegalTrademarks : GoBack and the GoBack logo are trademarks of Wild File, Inc.
OriginalFilename : GBMenu.exe
Comments : Patents Pending.

#:23 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4293089007
Threads : 1
Priority : Normal
FileVersion : 6, 1, 1, 1
ProductVersion : 6, 1, 1, 1
ProductName : Iomega Corp. IMGICON 6.1p
CompanyName : Iomega Corp.
FileDescription : IMGICON
InternalName : IMGICON
LegalCopyright : 6.1p, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IMGICON.exe

#:24 [IOWATCH.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\TOOLS\
ProcessID : 4293142719
Threads : 1
Priority : Normal
FileVersion : 6, 1, 0, 0
ProductVersion : 6, 1, 0, 0
ProductName : IOWATCH
FileDescription : IOWATCH
InternalName : IOWATCH
LegalCopyright : 6.1, Copyright © 1998 Iomega Corporation, English Version
OriginalFilename : IOWATCH.exe

#:25 [PROPELAC.EXE]
FilePath : C:\PROGRAM FILES\EAST TENNESSEE NETWORK XTN XPRESS\
ProcessID : 4293150087
Threads : 5
Priority : Normal
FileVersion : 5.0.0
ProductName : Propel Accelerator
CompanyName : Propel Software Corporation
FileDescription : Propel Accelerator
InternalName : Propel Accelerator
LegalCopyright : Copyright © 1999-2004 Propel Software Corporation
OriginalFilename : PropelAC.exe

#:26 [ACROTRAY.EXE]
FilePath : C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\
ProcessID : 4293160491
Threads : 1
Priority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:27 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293140307
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:28 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293387683
Threads : 2
Priority : Realtime
FileVersion : 4.07.00.0700
ProductVersion : 4.07.00.0700
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : DDHelp.exe

#:29 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293437627
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:30 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293501295
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:31 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293367355
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 0


8:16:51 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:12.660
Objects scanned:82271
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Do you still have problems?

Your Ad-aware SE Logfile is clean :tazz:
  • 0

#5
tofu5

tofu5

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts
Yes, I still have a problem. Whenever I open to the internet, my homepage goes to searchforfree.info, no matter how may times I change it to yahoo.com. And it continually adds 4 bookmarks, which are part of the url yoursearchws This is only what I know it is doing, I have no idea what else it is doing. Thanks.

Nancy
  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP