Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Another Smitfraud victum


  • Please log in to reply

#1
barbados

barbados

    New Member

  • Member
  • Pip
  • 6 posts
First, I must apologize for posting my HiJack log on the other forum. I had already done many of the things suggested to delete Smitfraud, but I can now see that there is more involved and every case is specific. Can't start baking a cake in the middle, yes?

Following is my Ad-Aware log for this machine on WIN98SE....Any help, and I mean ANY, will be greatly appreciated. Thanks, -dave-


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 1:20:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):23 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Tracking Cookie(TAC index:3):3 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:73 %
Total physical memory:523720 kb
Available physical memory:329772 kb
Total page file size:1573428 kb
Available on page file:1446136 kb
Total virtual memory:2093056 kb
Available virtual memory:2044032 kb
OS:Microsoft Windows 98

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-05 1:20:16 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291772387
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928879
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933375
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [NVSVC.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294896383
Threads : 2
Priority : Normal
FileVersion : 4.14.10.5655
ProductVersion : 4.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc.exe

#:5 [ADSERVICE.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294875111
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:6 [AGRSMMSG.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294838527
Threads : 2
Priority : Normal
FileVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:7 [MDM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294837631
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe

#:8 [ASHSERV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294894507
Threads : 25
Priority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:9 [SYSGT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294868563
Threads : 1
Priority : Normal


VX2 Object Recognized!
Type : Process
Data : SYSGT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\SYSGT.EXE)

"C:\WINDOWS\SYSTEM\SYSGT.EXE"Process terminated successfully

#:10 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294801523
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:11 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294759727
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:12 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294611443
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294587775
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE

#:14 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294547363
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294639243
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:16 [INCD.EXE]
FilePath : C:\PROGRAM FILES\AHEAD\INCD\
ProcessID : 4294522239
Threads : 4
Priority : Normal
FileVersion : 4, 0, 5, 4
ProductVersion : 4, 0, 5, 4
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:17 [ADUSERMON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294487323
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe

#:18 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\DRIVEICONS\
ProcessID : 4294492723
Threads : 1
Priority : Normal


#:19 [POINT32.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
ProcessID : 4294477835
Threads : 1
Priority : Normal


#:20 [ASHWEBSV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294468803
Threads : 15
Priority : Normal


#:21 [NETWT.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294473043
Threads : 4
Priority : Normal


#:22 [OSA.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
ProcessID : 4294412847
Threads : 1
Priority : Normal


#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294355887
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:24 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294387803
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:25 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294364871
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows™ Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:26 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294162487
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:27 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294368935
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : barbados@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:barbados@questionmarket.com/
Expires : 7-2-06 3:47:46 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : barbados@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:barbados@imrworldwide.com/cgi-bin
Expires : 5-9-15 12:16:50 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : barbados@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:barbados@z1.adserver.com/
Expires : 5-11-06 12:53:32 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : fevpw.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : wklktp.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : CRLZ.EXE.$$$.vir.vir.vir
Category : Malware
Comment :
Object : C:\Program Files\Alwil Software\Avast4\DATA\moved\



CoolWebSearch Object Recognized!
Type : File
Data : SDKUI32.EXE.vir.vir.vir.vir
Category : Malware
Comment :
Object : C:\Program Files\Alwil Software\Avast4\DATA\moved\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\WINDOWS\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\WINDOWS\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {93587622-0E15-2933-A432-4FC8AFF51981}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 30

1:23:08 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:51.970
Objects scanned:72525
Objects identified:30
Objects ignored:0
New critical objects:30
  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please only remove Coolwebsearch first

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
barbados

barbados

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, Andy for helping. I slept better last night!

I followed your instructions as best as I could…….Some question about CCLEANER, however.

The default scan selection of CCLEANER covers more than C:\windows\temp and C:\windows\temporary files, however you only showed these as referenced for deletion of the contents, so those are the only scans that I ran and deleted all the entries in them.

Then ran Ad-Aware from the command line and only found reference of CoolWebSearch (27 instances) and 3 minor hits on my ‘favorites. ’ Deleted CWS first, scanned again and removed the 3 bad favorites.

Scan now showed clean in safe-mode.

After reboot and still severed from the web, ran the scan you’ll see below. WOW! They're back! Was this because I didn’t use the full CCLEANER scan/clean?

Andy, I await your astute advice. Thank you! -dave-


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 8:10:41 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):17 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:75 %
Total physical memory:523720 kb
Available physical memory:346168 kb
Total page file size:1573428 kb
Available on page file:1453108 kb
Total virtual memory:2093056 kb
Available virtual memory:2044032 kb
OS:Microsoft Windows 98

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-05 8:10:41 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291767797
Threads : 7
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933497
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928149
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [AGRSMMSG.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294869429
Threads : 2
Priority : Normal
FileVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:5 [NVSVC.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294897093
Threads : 2
Priority : Normal
FileVersion : 4.14.10.5655
ProductVersion : 4.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc.exe

#:6 [ADSERVICE.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294900549
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:7 [MDM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294839665
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe

#:8 [ASHSERV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294895497
Threads : 26
Priority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:9 [SYSGT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294867325
Threads : 1
Priority : Normal


VX2 Object Recognized!
Type : Process
Data : SYSGT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\SYSGT.EXE)

"C:\WINDOWS\SYSTEM\SYSGT.EXE"Process terminated successfully

#:10 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294827265
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:11 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294803761
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:12 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294711433
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294607145
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE

#:14 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294627517
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294590017
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:16 [INCD.EXE]
FilePath : C:\PROGRAM FILES\AHEAD\INCD\
ProcessID : 4294582477
Threads : 4
Priority : Normal
FileVersion : 4, 0, 5, 4
ProductVersion : 4, 0, 5, 4
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:17 [ADUSERMON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294562765
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe

#:18 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\DRIVEICONS\
ProcessID : 4294573129
Threads : 1
Priority : Normal


#:19 [POINT32.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
ProcessID : 4294629629
Threads : 1
Priority : Normal


#:20 [ASHWEBSV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294531833
Threads : 16
Priority : Normal


#:21 [NETWT.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294482173
Threads : 4
Priority : Normal


#:22 [OSA.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
ProcessID : 4294565249
Threads : 1
Priority : Normal


#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294318417
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:24 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294424625
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Value :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {93587622-0E15-2933-A432-4FC8AFF51981}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 19

8:13:26 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:45.540
Objects scanned:54662
Objects identified:19
Objects ignored:0
New critical objects:19
  • 0

#4
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please try my removal advice using the full system scan option.
  • 0

#5
barbados

barbados

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
WoW! Big difference, Andy! Only a couple left (that's BEFORE I connected to the net!) LOL

Still see the Browser hijack "about blank" and couple of sex sites added to my browser......I'm starting to feel a little more confident of success thanks to you.


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 10:06:37 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:76 %
Total physical memory:523720 kb
Available physical memory:346268 kb
Total page file size:1573428 kb
Available on page file:1454944 kb
Total virtual memory:2093056 kb
Available virtual memory:2044032 kb
OS:Microsoft Windows 98

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-05 10:06:37 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291766391
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294934139
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294926999
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [AGRSMMSG.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294870071
Threads : 2
Priority : Normal
FileVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:5 [NVSVC.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294895687
Threads : 2
Priority : Normal
FileVersion : 4.14.10.5655
ProductVersion : 4.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc.exe

#:6 [ADSERVICE.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294901447
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe

#:7 [MDM.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294838335
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe

#:8 [ASHSERV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294894459
Threads : 26
Priority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:9 [SYSGT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294868987
Threads : 1
Priority : Normal


VX2 Object Recognized!
Type : Process
Data : SYSGT.EXE
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\SYSGT.EXE)

"C:\WINDOWS\SYSTEM\SYSGT.EXE"Process terminated successfully

#:10 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294802931
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:11 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294819675
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:12 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294736715
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294613627
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE

#:14 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294625875
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294576167
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:16 [INCD.EXE]
FilePath : C:\PROGRAM FILES\AHEAD\INCD\
ProcessID : 4294586511
Threads : 4
Priority : Normal
FileVersion : 4, 0, 5, 4
ProductVersion : 4, 0, 5, 4
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:17 [ADUSERMON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\AUTODISK\
ProcessID : 4294605751
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe

#:18 [IMGICON.EXE]
FilePath : C:\PROGRAM FILES\IOMEGA\DRIVEICONS\
ProcessID : 4294550523
Threads : 1
Priority : Normal


#:19 [POINT32.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\
ProcessID : 4294623203
Threads : 1
Priority : Normal


#:20 [ASHWEBSV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294615255
Threads : 16
Priority : Normal


#:21 [NETWT.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294530111
Threads : 4
Priority : Normal


#:22 [OSA.EXE]
FilePath : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\
ProcessID : 4294530403
Threads : 1
Priority : Normal


#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294433363
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:24 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294632079
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2

10:09:20 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:42.360
Objects scanned:54300
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#6
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please make sure you use the Full system scan option for all my instructions, especially checking your logfile :tazz:

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#7
barbados

barbados

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Andy, pardon me for not being the brightest LED on the panel, but I've done the whole drill five times and Ad-Alert shows clear BUT I still have a hijacked home page and 'about blank'.

Is this the time to post a HijackThis log on the other forum, or am I just missing something?

Thanks for your help and patience. -dave-

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 1:05:56 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:76 %
Total physical memory:523720 kb
Available physical memory:346560 kb
Total page file size:1573428 kb
Available on page file:1457024 kb
Total virtual memory:2093056 kb
Available virtual memory:2044032 kb
OS:Microsoft Windows 98

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Use permanent archive caching
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-05 1:05:56 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291764473
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
Scanning Module:C:\WINDOWS\SYSTEM\USER32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\GDI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ADVAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\KERNEL32.DLL...

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294932213
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\MSH_ZWF.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\CFGMGR32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NTDLL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MPR.DLL...

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294928921
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
Scanning Module:C:\WINDOWS\SYSTEM\MSNP32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSNET32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MPREXE.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\MPRSERV.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSPWL32.DLL...

#:4 [AGRSMMSG.EXE]
ModuleName : C:\WINDOWS\AGRSMMSG.EXE
Command Line : C:\WINDOWS\AGRSMMSG.exe
ProcessID : 4294872249
Threads : 2
Priority : Normal
FileVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductVersion : 2.1.33 2.1.33 08/20/2003 13:18:33
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe
Scanning Module:C:\WINDOWS\AGRSMMSG.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\WINMM.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHELL32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\COMCTL32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHLWAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCRT.DLL...

#:5 [NVSVC.EXE]
ModuleName : C:\WINDOWS\SYSTEM\NVSVC.EXE
Command Line : C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
ProcessID : 4294893769
Threads : 2
Priority : Normal
FileVersion : 4.14.10.5655
ProductVersion : 4.14.10.5655
ProductName : NVIDIA Driver Helper Service, Version 56.55
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.55
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc.exe
Scanning Module:C:\WINDOWS\SYSTEM\OLEAUT32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLE32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NVARCH32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NVSVC.EXE...

#:6 [ADSERVICE.EXE]
ModuleName : C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
Command Line : "C:\Program Files\Iomega\AutoDisk\ADService.exe"
ProcessID : 4294899273
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE...
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\IOREADY.DLL...
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\IOMICONS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VERSION.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WINSPOOL.DRV...

#:7 [MDM.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MDM.EXE
Command Line : C:\WINDOWS\SYSTEM\MDM.EXE
ProcessID : 4294836393
Threads : 2
Priority : Normal
FileVersion : 6.00.8149
ProductVersion : 6.00.8149
ProductName : Microsoft ® Visual Studio
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-1998
OriginalFilename : mdm.exe
Scanning Module:C:\WINDOWS\SYSTEM\RPCRT4.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SVRAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSDBGEN.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NETAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\NETBIOS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MDM.EXE...

#:8 [ASHSERV.EXE]
ModuleName : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 4294896261
Threads : 27
Priority : Normal
FileVersion : 4, 6, 622, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2005 ALWIL Software
OriginalFilename : aswServ.exe
Scanning Module:C:\WINDOWS\SYSTEM\MSAFD.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RNR20.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SENSAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHFOLDER.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ENGLISH\LANG.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MFC71.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ICMP.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RASAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SECUR32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCRT20.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\TAPI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\EXPSRV.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\VBAJET32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSJTES40.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ODBCJT32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSJTER40.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSJINT40.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ODBCJI32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSJET40.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSWSTR10.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ODBCCP32.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSODBC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ODBC32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ODBCINT.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\COMDLG32.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESWS.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWMON9X.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESSTD.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESP2P.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESOUT.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESMES.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESMAI.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\UNACEV2.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ENGLISH\BASE.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AAVM4H.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWINTEG.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHTASK.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHBASE.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWENGIN.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNS.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWSCAN.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWAUX.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNB.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNOS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WSOCK32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSWSOCK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WS2_32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WININET.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\CRYPT32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSOSS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WS2HELP.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCP71.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCR71.DLL...

#:9 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294815813
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:10 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294831957
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGHOOK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IPHLPAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IPCFGDLL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\DHCPCSVC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ES.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SENS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ESTIER2.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ESSHARED.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\LINKINFO.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IMM32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WEBCHECK.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSLS31.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHDOCLC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MYDOCS.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSHTML.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MLANG.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\URLMON.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHD401LC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\BROWSEUI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHDOC401.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SHDOCVW.DLL...
Scanning Module:C:\WINDOWS\EXPLORER.EXE...

#:11 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4294802513
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
Scanning Module:C:\WINDOWS\SYSTEM\RPCLTSCM.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\DIGEST.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSNSSPC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSAPSSPC.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCRT40.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\RPCSS.EXE...

#:12 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294682833
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE
Scanning Module:C:\WINDOWS\SYSTEM\USBUI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\WMI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SYSTRAY.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\BATMETER.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\POWRPROF.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\SETUPAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\LZ32.DLL...

#:13 [RUNDLL32.EXE]
ModuleName : C:\WINDOWS\RUNDLL32.EXE
Command Line : "C:\WINDOWS\RunDll32.exe"
ProcessID : 4294702525
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\SYSTEM32\UDAPROP.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\CMICNFG.CPL...
Scanning Module:C:\WINDOWS\RUNDLL32.EXE...

#:14 [RUNDLL32.EXE]
ModuleName : C:\WINDOWS\RUNDLL32.EXE
Command Line : "C:\WINDOWS\RUNDLL32.EXE"
ProcessID : 4294655429
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Scanning Module:C:\WINDOWS\SYSTEM\NVMCTRAY.DLL...

#:15 [INCD.EXE]
ModuleName : C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 4294648881
Threads : 4
Priority : Normal
FileVersion : 4, 0, 5, 4
ProductVersion : 4, 0, 5, 4
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright © 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe
Scanning Module:C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\DRIVELOCKER.DLL...
Scanning Module:C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE...
Scanning Module:C:\PROGRAM FILES\AHEAD\INCD\INCDAPI.DLL...
Scanning Module:C:\PROGRAM FILES\AHEAD\INCD\INCDU95.DLL...

#:16 [ADUSERMON.EXE]
ModuleName : C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
Command Line : "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
ProcessID : 4294622813
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\AUTOLIB.DLL...
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\SHFOLDER.DLL...
Scanning Module:C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\OLEDLG.DLL...

#:17 [IMGICON.EXE]
ModuleName : C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
Command Line : "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
ProcessID : 4294636209
Threads : 1
Priority : Normal

Scanning Module:C:\PROGRAM FILES\IOMEGA\COMMON\IOATLDRV.DLL...
Scanning Module:C:\PROGRAM FILES\IOMEGA\COMMON\IOREADY.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\IOMICONS.DLL...
Scanning Module:C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE...

#:18 [POINT32.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 4294582121
Threads : 1
Priority : Normal

Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE...
Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\CMTOOL32.DLL...
Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\MSHLOCAL.DLL...
Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\MSLNG32.DLL...
Scanning Module:C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.DLL...

#:19 [ASHWEBSV.EXE]
ModuleName : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
Command Line : "C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE"
ProcessID : 4294591945
Threads : 16
Priority : Normal

Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWSFTR.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLEACC.DLL...
Scanning Module:C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE...

#:20 [NETWT.EXE]
ModuleName : C:\WINDOWS\NETWT.EXE
Command Line : "C:\WINDOWS\NETWT.EXE"
ProcessID : 4294606397
Threads : 4
Priority : Normal

Scanning Module:C:\WINDOWS\SNMPAPI.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MSVCIRT.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\ATL.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\MFC42.DLL...
Scanning Module:C:\WINDOWS\NETWT.EXE...

#:21 [OSA.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\OSA.EXE" -b
ProcessID : 4294610249
Threads : 1
Priority : Normal

Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE...
Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSAINTL.DLL...
Scanning Module:C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSO97.DLL...

#:22 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe 52
ProcessID : 4294379969
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
Scanning Module:C:\WINDOWS\SYSTEM\WMIEXE.EXE...
Scanning Module:C:\WINDOWS\SYSTEM\WMICORE.DLL...

#:23 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294552705
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\WINDOWS\SYSTEM\RICHED32.DLL...
Scanning Module:C:\WINDOWS\SYSTEM\OLEPRO32.DLL...
Scanning Module:C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\~MSSETUP.T\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\My Documents\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\Program Files\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\Reconciler\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\RECYCLED\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\Tools_95\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\UPS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\UPSTools\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\win98\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WUTemp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
1:08:29 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:32.530
Objects scanned:68145
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#8
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
I will refer you to HJT.

This will assist in your problems.

Thanks :tazz:
  • 0

#9
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#10
barbados

barbados

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the current HJT log.

Your help, as was Andy's, is greatly appreciated. Thanks! -dave-

Logfile of HijackThis v1.99.1
Scan saved at 2:52:20 PM, on 5/12/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\NETWT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gznus.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gznus.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gznus.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gznus.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gznus.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gznus.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {93587622-0E15-2933-A432-4FC8AFF51981} - C:\WINDOWS\IELI32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [agrsmMSG] agrsmMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [MFCZQ32.EXE] C:\WINDOWS\SYSTEM\MFCZQ32.EXE
O4 - HKLM\..\Run: [CRLZ.EXE] C:\WINDOWS\CRLZ.EXE
O4 - HKLM\..\Run: [NETWT.EXE] C:\WINDOWS\NETWT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SYSGT.EXE] C:\WINDOWS\SYSTEM\SYSGT.EXE /s
O4 - HKLM\..\RunOnce: [winsb32.exe] C:\WINDOWS\system\winsb32.exe
O4 - HKLM\..\RunOnce: [systj.exe] C:\WINDOWS\systj.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = scala
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.171.129.13,209.218.76.6
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP