Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Ad Aware logfile-quicknavigate probs

Started by connor_in , May 11 2005 09:23 AM

  • Please log in to reply

#1
connor_in
Posted 11 May 2005 - 09:23 AM

connor_in

    New Member

  • Member
  • Pip
  • 5 posts
Here is my Ad Aware log...please help, my home page can't be changed from quicknavigate, I can't get to yahoo (goes back to quicknavigate), and I get these yellow triangles with exclamationpoints show up in the toolbar at the bottom right w/ my clock that gives me stupid warnings but takes me to crap

log:

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 10:01:29 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:33 %
Total physical memory:522228 kb
Available physical memory:168528 kb
Total page file size:1276916 kb
Available on page file:1053180 kb
Total virtual memory:2097024 kb
Available virtual memory:2049240 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-2005 10:01:29 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 556
ThreadCreationTime : 5-10-2005 1:18:20 PM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 644
ThreadCreationTime : 5-10-2005 1:18:22 PM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 696
ThreadCreationTime : 5-10-2005 1:18:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 708
ThreadCreationTime : 5-10-2005 1:18:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 908
ThreadCreationTime : 5-10-2005 1:18:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1008
ThreadCreationTime : 5-10-2005 1:18:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1264
ThreadCreationTime : 5-10-2005 1:18:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [asfagent.exe]
ModuleName : C:\Program Files\Intel\ASF Agent\ASFAgent.exe
Command Line : n/a
ProcessID : 1404
ThreadCreationTime : 5-10-2005 1:18:32 PM
BasePriority : Normal
FileVersion : 3.0
ProductVersion : 3.0
ProductName : Intel® PRO Alerting Suite ASF 1.0 Compatible
CompanyName : Intel Corporation
FileDescription : ASF Agent COM Service
InternalName : ASFAgent
LegalCopyright : Copyright © 2000-2002 Intel Corporation
OriginalFilename : ASFAgent.EXE

#:9 [iap.exe]
ModuleName : C:\Program Files\Dell\OpenManage\Client\Iap.exe
Command Line : n/a
ProcessID : 1456
ThreadCreationTime : 5-10-2005 1:18:32 PM
BasePriority : Normal
FileVersion : 7, 0, 316, 0
ProductVersion : 7, 0, 316, 0
ProductName : OpenManage Client Instrumentation
CompanyName : Dell Computer Corporation
FileDescription : Iap Module
InternalName : Iap
LegalCopyright : Copyright © Dell Computer Corporation 2000-2001
OriginalFilename : Iap.EXE

#:10 [ntrtscan.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
Command Line : n/a
ProcessID : 1480
ThreadCreationTime : 5-10-2005 1:18:32 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:11 [tmlisten.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Command Line : n/a
ProcessID : 1524
ThreadCreationTime : 5-10-2005 1:18:32 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:12 [ofcdog.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
Command Line : n/a
ProcessID : 2032
ThreadCreationTime : 5-10-2005 1:18:42 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 460
ThreadCreationTime : 5-11-2005 1:13:48 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1328
ThreadCreationTime : 5-11-2005 1:13:50 PM
BasePriority : Normal


#:15 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : "C:\WINDOWS\System32\shnlog.exe"
ProcessID : 1436
ThreadCreationTime : 5-11-2005 1:13:50 PM
BasePriority : Normal

ProductVersion : 1.7

#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 988
ThreadCreationTime : 5-11-2005 1:13:50 PM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:17 [pccntmon.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
ProcessID : 2600
ThreadCreationTime : 5-11-2005 1:13:51 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
OriginalFilename : PCCNTMON.EXE

#:18 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2856
ThreadCreationTime : 5-11-2005 1:13:51 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:19 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 1344
ThreadCreationTime : 5-11-2005 1:13:51 PM
BasePriority : Normal


#:20 [javaw.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 2988
ThreadCreationTime : 5-11-2005 1:13:56 PM
BasePriority : Normal


#:21 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i1c -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 1128
ThreadCreationTime : 5-11-2005 1:14:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

#:22 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\WISPTIS.EXE
Command Line : "C:\WINDOWS\System32\WISPTIS.EXE" -Embedding
ProcessID : 4016
ThreadCreationTime : 5-11-2005 2:17:14 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE

#:23 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3888
ThreadCreationTime : 5-11-2005 3:00:40 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-11-2006 8:22:36 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

10:06:57 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:27.784
Objects scanned:110360
Objects identified:2
Objects ignored:0
New critical objects:2


This is my work computer and I am trying to get it fixed as best as possible on my own...I am unable to strat in safe mode due to that requiring administrator login which i don't have (fyi)
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 11 May 2005 - 04:33 PM

Guest_Andy_veal_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

List any files going to be deleted that are running

Exit Task Manager.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it for use while in Safe Mode.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop but do NOT run it yet.

* Please reboot into Safe Mode by restarting your computer and tapping F8 continuously as your computer is booting up until a menu appears. use your up arrow key to highlight "Safe Mode", then hit enter

* Once in Safe Mode, please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually. While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Yes, we need you to go back into Safe Mode!

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new Ad-aware SE Logfile.
  • 0

#3
Guest_Andy_veal_*
Posted 11 May 2005 - 04:34 PM

Guest_Andy_veal_*
  • Guest
I have just noticed your notice about safe mode.

Please then try the above instructions in normal mode :tazz:
  • 0

#4
connor_in
Posted 12 May 2005 - 09:01 AM

connor_in

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I tried to go thru this step by step but ran into many problems.

Security IGuard
Virtual Maid
Search Maid

These were not found in add and remove programs (and I do have it set up to show hidden files)

"List any files going to be deleted that are running", by this I guess you mean:
Security IGuard
Virtual Maid
Search Maid
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe


However, intmon.exe (there was no p in mine) would not end. It kept popping up elsewhere in the list no matter how many times i ended it.

I did the killbox, but it would not list :
C:\wp.exe
C:\Windows\popuper.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe


Then, of these:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
the only one I could find was :
C:\Windows\System32\Log Files, which I deleted

I did the registerlite thing.

The Hoster program would not let me use "Restore Original Hosts" (I got a message saying that items were read only and to push putton at right if you want to be able to write, but nothing happened when I pushed that button.

Then I did CLeanup and tried to do ActiveScan, but the window that opened was the quicknavigate screen (just like when I try to go to sites like yahoo)

Here is my NEW Ad-aware SE Logfile:

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 9:22:43 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName(TAC index:7):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:48 %
Total physical memory:522228 kb
Available physical memory:249564 kb
Total page file size:1276916 kb
Available on page file:1070108 kb
Total virtual memory:2097024 kb
Available virtual memory:2049352 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2005 9:22:43 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 572
ThreadCreationTime : 5-12-2005 2:12:30 PM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 660
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 704
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 716
ThreadCreationTime : 5-12-2005 2:12:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 916
ThreadCreationTime : 5-12-2005 2:12:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1016
ThreadCreationTime : 5-12-2005 2:12:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1264
ThreadCreationTime : 5-12-2005 2:12:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [asfagent.exe]
ModuleName : C:\Program Files\Intel\ASF Agent\ASFAgent.exe
Command Line : n/a
ProcessID : 1424
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 3.0
ProductVersion : 3.0
ProductName : Intel® PRO Alerting Suite ASF 1.0 Compatible
CompanyName : Intel Corporation
FileDescription : ASF Agent COM Service
InternalName : ASFAgent
LegalCopyright : Copyright © 2000-2002 Intel Corporation
OriginalFilename : ASFAgent.EXE

#:9 [iap.exe]
ModuleName : C:\Program Files\Dell\OpenManage\Client\Iap.exe
Command Line : n/a
ProcessID : 1476
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 7, 0, 316, 0
ProductVersion : 7, 0, 316, 0
ProductName : OpenManage Client Instrumentation
CompanyName : Dell Computer Corporation
FileDescription : Iap Module
InternalName : Iap
LegalCopyright : Copyright © Dell Computer Corporation 2000-2001
OriginalFilename : Iap.EXE

#:10 [ntrtscan.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
Command Line : n/a
ProcessID : 1500
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:11 [tmlisten.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Command Line : n/a
ProcessID : 1568
ThreadCreationTime : 5-12-2005 2:12:42 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:12 [ofcdog.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
Command Line : n/a
ProcessID : 184
ThreadCreationTime : 5-12-2005 2:12:46 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 632
ThreadCreationTime : 5-12-2005 2:20:54 PM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe"
ProcessID : 640
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:15 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : "C:\WINDOWS\System32\shnlog.exe"
ProcessID : 260
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal

ProductVersion : 1.7

#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 428
ThreadCreationTime : 5-12-2005 2:20:55 PM
BasePriority : Normal
FileVersion : 3.0.0.2285
ProductVersion : 7.0.0.2285
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:17 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 2176
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal


#:18 [pccntmon.exe]
ModuleName : C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
Command Line : "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
ProcessID : 2568
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal
FileVersion : 6.0.0.1250
ProductVersion : 6.0
ProductName : Trend Micro OfficeScan
CompanyName : Trend Micro Inc.
FileDescription : I/O Monitor
InternalName : PCCNTMON
LegalCopyright : Copyright © 1999-2003 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro, Inc.
OriginalFilename : PCCNTMON.EXE

#:19 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2548
ThreadCreationTime : 5-12-2005 2:20:56 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:20 [javaw.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 2728
ThreadCreationTime : 5-12-2005 2:21:00 PM
BasePriority : Normal


#:21 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 4016
ThreadCreationTime : 5-12-2005 2:21:24 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:22 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2140
ThreadCreationTime : 5-12-2005 2:22:30 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}

CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

9:30:33 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:50.305
Objects scanned:105606
Objects identified:4
Objects ignored:0
New critical objects:4


Here is the Spybot report which did find securityIguard and coolwebsearch


--- Search result list ---
Cache: Cache (167) (Cache, nothing done)


Adobe Acrobat Reader 6: Recent file #1 (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c1

Common Dialogs: History (16 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Cookie: Cookie (3) (Cookie, nothing done)


CoolWWWSearch.ToonComics: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}

CoolWWWSearch.ToonComics: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}

Internet Explorer: AutoComplete data (36 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Internet Explorer\IntelliForms\SPW

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Internet Explorer\Download Directory!=

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: Active Setup Log.txt (Backup file, nothing done)
C:\WINDOWS\Active Setup Log.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Media Player: Manually modified tags history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit

MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Office 10.0 (Word): Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Office 11.0 (Document Imaging): Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MSPaper 11.0\Recent File List

MS Office 11.0 (Document Imaging): Persistent filename list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\MSPaper 11.0\Persist File Name

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Search Assistant\ACMru

RealOne Player 2 (aka RealPlayer 6.0): Last open file directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\!=

Security IGuards: Autorun settings (Security iGuard) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security iGuard

Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Network map history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent wallpaper list (46 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files (936 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE (57 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows.OpenWith: Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .001 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: Open with list - .005 extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

Windows.OpenWith: Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3400146417-882468409-1809229452-1242\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-04-27 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-04-27 Includes\Malware.sbi
2005-04-27 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-04-27 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-04-27 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP1: Windows XP Hotfix - KB824146
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329048
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329256 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q331060 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q816982
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Advanced Networking Pack for Windows XP
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB822603
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB826942
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB829558
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329048
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See q329256 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q331060 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q816982
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696


--- Startup entries list ---
Located: HK_LM:Run,
command:

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 118784
MD5: 07e2751e246bff288c76a86f9ecd9ac0

Located: HK_LM:Run, iexplore.exe
command: C:\Program Files\Internet Explorer\iexplore.exe
file: C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418d301c3b1fa94b19584aeeb3d65166

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 2454d762448b0bc5f2e9ee642804af8f

Located: HK_LM:Run, MSN Messenger
command: C:\WINDOWS\System32\msmsgs.exe

Located: HK_LM:Run, OfficeScanNT Monitor
command: "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
file: C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
size: 303104
MD5: a0c6fa7bf2fa2a831ad517ca97df313b

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: fc9f5c5d87d0a6d1e10773d20cb3c3ef

Located: HK_LM:Run, Security iGuard
command: C:\Program Files\Security iGuard\Security iGuard.exe

Located: HK_LM:Run, TomcatStartup
command: C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
file: C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
size: 143360
MD5: dbfc15a757470302b3a81ccde3feea28

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1498032
MD5: f5c2f0308d0aa91457059ec7227a06f7

Located: HK_CU:Run, WindowsFY
command: c:\bsw.exe



--- Browser helper object list ---
{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} (VMHomepage Class)
BHO name:
CLSID name: VMHomepage Class
Path: C:\WINDOWS\System32\
Long name: hpE964.tmp
Short name:
Date (created): 5/12/2005 9:20:56 AM
Date (last access): 5/12/2005 9:20:56 AM
Date (last write): 5/12/2005 9:20:56 AM
Filesize: 52736
Attributes: archive
MD5: C221E7AD873EE6A52CF590FD667FC648
CRC32: ABBE297A
Version: 255.255.255.255



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name:
Date (created): 4/9/2005 3:12:42 AM
Date (last access): 5/10/2005 8:01:50 AM
Date (last write): 4/9/2005 3:12:42 AM
Filesize: 475190
Attributes: archive
MD5: FC295A70672646B4B0884288F6DB5BF9
CRC32: 256969EA
Version: 0.6.0.0

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 6/9/2004 4:56:02 PM
Date (last access): 5/10/2005 7:51:36 AM
Date (last write): 6/9/2004 4:56:02 PM
Filesize: 435712
Attributes: archive
MD5: DCFFCA7F818B4CF4DF29B8932907735D
CRC32: 89BBB9BF
Version: 0.5.0.70

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 8/31/2004 1:16:06 PM
Date (last access): 5/12/2005 9:23:26 AM
Date (last write): 8/31/2004 1:16:06 PM
Filesize: 62464
Attributes: archive
MD5: 2969926045E76630F7741FF2DE37205C
CRC32: AA4252EF
Version: 0.1.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 5/12/2005 9:52:51 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 184 (1500) C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
PID: 260 ( 632) C:\WINDOWS\System32\shnlog.exe
PID: 428 ( 632) C:\WINDOWS\System32\hkcmd.exe
PID: 572 ( 4) \SystemRoot\System32\smss.exe
PID: 632 (1104) C:\WINDOWS\Explorer.EXE
PID: 636 ( 572) CSRSS.EXE
PID: 640 ( 632) C:\Program Files\Messenger\msmsgs.exe
PID: 660 ( 572) \??\C:\WINDOWS\system32\winlogon.exe
PID: 704 ( 660) C:\WINDOWS\system32\services.exe
PID: 716 ( 660) C:\WINDOWS\system32\lsass.exe
PID: 916 ( 704) C:\WINDOWS\system32\svchost.exe
PID: 1016 ( 704) C:\WINDOWS\System32\svchost.exe
PID: 1088 ( 704) SVCHOST.EXE
PID: 1132 ( 704) SVCHOST.EXE
PID: 1264 ( 704) C:\WINDOWS\system32\spoolsv.exe
PID: 1424 ( 704) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PID: 1476 ( 704) C:\Program Files\Dell\OpenManage\Client\Iap.exe
PID: 1500 ( 704) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PID: 1568 ( 704) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
PID: 1648 ( 704) wdfmgr.exe
PID: 2140 ( 632) C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
PID: 2176 ( 260) C:\WINDOWS\System32\intmon.exe
PID: 2260 ( 632) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2548 ( 632) C:\Program Files\QuickTime\qttask.exe
PID: 2568 ( 632) C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
PID: 2728 (2216) C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
PID: 3696 ( 916) wmiprvse.exe
PID: 4016 ( 632) C:\Program Files\Internet Explorer\iexplore.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 5/12/2005 9:52:51 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.quicknavigate.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.quicknavi...earch.php?qq=%1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.quicknavigate.com/bar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.quicknavi...earch.php?qq=%1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.quicknavi...earch.php?qq=%1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.quicknavi...earch.php?qq=%1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.quicknavi...earch.php?qq=%1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
http://www.qfind.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.qfind.net/search.php?qq=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://qfind.net/bar/index.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.qfind.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.qfind.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.qfind.net/search.php?qq=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.qfind.net/search.php?qq=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.qfind.net/search.php?qq=%s


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A755912-ED41-4491-BE37-3A7292EBFD42}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A755912-ED41-4491-BE37-3A7292EBFD42}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6518CA11-FCBF-4B60-BF0D-A7E7050C3D48}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6518CA11-FCBF-4B60-BF0D-A7E7050C3D48}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC3A8FE7-9F17-4BA5-8355-DC05DD003F85}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC3A8FE7-9F17-4BA5-8355-DC05DD003F85}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
  • 0

#5
connor_in
Posted 12 May 2005 - 09:03 AM

connor_in

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Should I let Spybot and AdAwareSE take care of these things that they found or not (as they would only come back?)
  • 0

#6
Guest_Andy_veal_*
Posted 12 May 2005 - 09:46 AM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#7
connor_in
Posted 12 May 2005 - 11:28 AM

connor_in

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hijack this log:

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #75 - Path/File access error

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

Logfile of HijackThis v1.99.1
Scan saved at 12:15:33 PM, on 5/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\intmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\mholderman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hpE964.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {56FB20EE-8913-48C4-AAF1-5DB9F209BC51} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {56FB20EE-8913-48C4-AAF1-5DB9F209BC51} - (no file) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://www.webmeeti...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VALLEYAGENCY.COM
O17 - HKLM\Software\..\Telephony: DomainName = VALLEYAGENCY.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VALLEYAGENCY.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VALLEYAGENCY.COM
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Please note the error message that HijackThis generated and it listed before the log.

I also go a message tha stated:

for some reason your system denied write access to the Hosts file.
If any hijacked domains are in this file, Hijack this may not ba able to fix this

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad "C:\WINDOWS\System32\drivers\etc\hosts"

and press Enter. Find the line(s) Hijackthis reports and delete them. Save the file as "hosts." (with quotes), and reboot.





DOES that mean there should be a period after hosts or was that just grammar?
Also, please let me know if i should do that as well.

Thanks in advance!
  • 0

#8
connor_in
Posted 16 May 2005 - 01:14 PM

connor_in

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I know there are a lot of people with problems, but I just wanted to bump myself back onto the list from last Thursday when I sent (in case mine got way too far down the list).
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP