Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

review pls (suspected"Trojan-spy.html.smitfraud.c)

Started by mullered , May 12 2005 03:57 PM

  • This topic is locked This topic is locked

#1
mullered
Posted 12 May 2005 - 03:57 PM

mullered

    New Member

  • Member
  • Pip
  • 8 posts
I have a blue desktop with "security Warning" on it. n I think it is a "Trojan-spy.html.smitfraud.c" as it says this on the desktop. I have reviewed other posts about this but they have all requirede HJT logs to be posted to sort it out so i though i better start a thread.

It mite be of help for you to know i also found the program virtual maid in add/remove programs but i havent removed it.

Also i cannot connect the computer to the internet untill it is cleaned so i can transfer programs on and copy logs off it but updating programs is hard unless there is a way around it . Please bae this in mind when help is given .

Thankyou for any help and sorry for the long post . Anything is much appreciated.

I have included an adaware log below , if any help

Ad- aware log:


Ad-Aware SE Build 1.05
Logfile Created on:12 May 2005 22:37:46
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2020Search(TAC index:4):6 total references
Claria(TAC index:7):21 total references
CommonName(TAC index:7):3 total references
Lop(TAC index:7):2 total references
Other(TAC index:5):3 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Redirected hostfile entry(TAC index:4):1 total references
TopSearch(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
WhenU(TAC index:10):46 total references
Windows(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~2\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:43 %
Total physical memory:392496 kb
Available physical memory:165184 kb
Total page file size:551396 kb
Available on page file:396492 kb
Total virtual memory:2097024 kb
Available virtual memory:2046228 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


12-05-2005 22:37:46 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 380
ThreadCreationTime : 12-05-2005 20:38:01
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 428
ThreadCreationTime : 12-05-2005 20:38:04
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 456
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 500
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 512
ThreadCreationTime : 12-05-2005 20:38:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 776
ThreadCreationTime : 12-05-2005 20:38:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 820
ThreadCreationTime : 12-05-2005 20:38:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 960
ThreadCreationTime : 12-05-2005 20:38:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 972
ThreadCreationTime : 12-05-2005 20:38:10
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1052
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1128
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [logwatnt.exe]
ModuleName : C:\WINDOWS\LogWatNT.exe
Command Line : C:\WINDOWS\LogWatNT.exe
ProcessID : 1180
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal


#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1200
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:14 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1296
ThreadCreationTime : 12-05-2005 20:38:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1872
ThreadCreationTime : 12-05-2005 20:38:54
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : C:\WINDOWS\System32\msole32.exe
ProcessID : 148
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal


#:17 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : C:\WINDOWS\System32\shnlog.exe
ProcessID : 176
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal

ProductVersion : 1.7

#:18 [popuper.exe]
ModuleName : C:\WINDOWS\popuper.exe
Command Line : C:\WINDOWS\popuper.exe
ProcessID : 184
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe

#:19 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ProcessID : 208
ThreadCreationTime : 12-05-2005 20:38:55
BasePriority : Normal


#:20 [jshepeai.exe]
ModuleName : C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe
Command Line : C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe -QuieT
ProcessID : 224
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal


#:21 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 244
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal


#:22 [save.exe]
ModuleName : C:\PROGRA~1\Save\Save.exe
Command Line : C:\PROGRA~1\Save\Save.exe
ProcessID : 284
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2, 6, 4, 7
ProductVersion : 2, 6, 4, 7
ProductName : Save!
CompanyName : WhenU.com, Inc.
FileDescription : Save!
InternalName : WhenUSave
LegalCopyright : Copyright 2001
OriginalFilename : Save.exe

#:23 [hpztsb04.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
Command Line : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
ProcessID : 328
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

#:24 [search.exe]
ModuleName : C:\Program Files\WhenUSearch\Search.exe
Command Line : "C:\Program Files\WhenUSearch\Search.exe"
ProcessID : 340
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe

#:25 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : C:\WINDOWS\System32\ctfmon.exe
ProcessID : 356
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:26 [bsw.exe]
ModuleName : C:\bsw.exe
Command Line : C:\bsw.exe
ProcessID : 400
ThreadCreationTime : 12-05-2005 20:38:56
BasePriority : Normal


#:27 [dvzmsgr.exe]
ModuleName : C:\WINDOWS\DvzCommon\DvzMsgr.exe
Command Line : C:\WINDOWS\DvzCommon\DvzMsgr.exe
ProcessID : 112
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal


#:28 [hotsync.exe]
ModuleName : C:\Program Files\Sony Handheld\HOTSYNC.EXE
Command Line : "C:\Program Files\Sony Handheld\HOTSYNC.EXE"
ProcessID : 632
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:29 [owv1.exe]
ModuleName : C:\DOCUME~1\Sami\LOCALS~1\Temp\Owv1.exe
Command Line : -F:C:\DOCUME~1\Sami\LOCALS~1\Temp\Owv2.Owd -BxPxF: -MxRxE:C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe -QuieT
ProcessID : 1524
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal


#:30 [intmonp.exe]
ModuleName : C:\WINDOWS\System32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1528
ThreadCreationTime : 12-05-2005 20:38:57
BasePriority : Normal


#:31 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 560
ThreadCreationTime : 12-05-2005 20:38:59
BasePriority : Normal


#:32 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 1864
ThreadCreationTime : 12-05-2005 20:39:00
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:33 [rasautou.exe]
ModuleName : C:\WINDOWS\System32\rasautou.exe
Command Line : rasautou -a "zxserv0.com" -e "Doctors.net"
ProcessID : 2464
ThreadCreationTime : 12-05-2005 21:22:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Access Dialer
InternalName : rasdlui.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : rasdlui.exe

#:34 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
Command Line : C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe /598853
ProcessID : 3364
ThreadCreationTime : 12-05-2005 21:33:41
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

2020Search Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search

2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search
Value :

2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\microsoft\internet explorer\menuext\&rsdn search
Value : Contexts

2020Search Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search

2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search
Value :

2020Search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\microsoft\internet explorer\menuext\&rsdn search
Value : Contexts

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc90cda0-74a0-45b4-80ef-d89ca8c249b8}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cc90cda0-74a0-45b4-80ef-d89ca8c249b8}
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj.1

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dashbartoolbar.searchscoutbandobj.1
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8642d0f2-37cc-46b7-aa5b-399e6e68c626}

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\software\gator.com

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1343024091-1202660629-2146894131-1004\\software\gator.com

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}

CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}

WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wuse.1
Value : WUSE_Id

WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusave
Value : FullDBTime

WhenU Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : InstallDir

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : Version

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : pats_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : pat_chunks_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : update_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : ziptomsa_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : iptomsa_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : coupondataurl

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : InstallTime

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : zip

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : newuser_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : startTime_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_script_update

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : HeartbeatTime

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : flagCR_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : readingTime_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : script_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : searchdataurl

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : showSplash

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : sliderThemes

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : themesSliderBgAlt

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : themesSliderBgPulse

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : uiupdate_url

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : IPToMsaTime_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : MSA

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_stamp_rs

WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\whenusearch
Value : db_server_update

Windows Object Recognized!
Type : RegData
Data : %1 %*
Category : Vulnerability
Comment : Possible virus infection, executable file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : exefile\shell\open\command
Value :
Data : %1 %*

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 52
Objects found so far: 52


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 52



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : oliver@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Oliver\Cookies\oliver@serving-sys[2].txt

WhenU Object Recognized!
Type : File
Data : A0097880.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP615\
FileVersion : 1, 5, 1, 1
ProductVersion : 1, 5, 1, 1
ProductName : Weather
FileDescription : Weather
InternalName : Weather
LegalCopyright : Copyright 2002
OriginalFilename : Weather.exe


Lop Object Recognized!
Type : File
Data : A0099326.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\



Lop Object Recognized!
Type : File
Data : A0099327.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\



TopSearch Object Recognized!
Type : File
Data : A0099328.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{68AAC1F9-70C1-4F4B-A2D5-3EB60A507ABD}\RP631\
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Inc. TopSearch
CompanyName : Altnet Inc.
FileDescription : TopSearch
InternalName : TopSearch
LegalCopyright : Copyright Altnet Inc. © 2002
OriginalFilename : TopSearch.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 57


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Warning!
Bad Hosts file entry:1123694712:auto.search.msn.com


Redirected hostfile entry Object Recognized!
Type : Hosts file
Data : 1123694712
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 1123694712:auto.search.msn.com

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
45 entries scanned.
New critical objects:1
Objects found so far: 58



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : program cracks.url
Category : Misc
Comment : Problematic URL discovered: http://mscracks.com/cracks/C14.php
Object : C:\Documents and Settings\Sami\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : DisplayIcon

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : DisplayName

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dashbar
Value : UninstallString

Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\DashBar

Claria Object Recognized!
Type : File
Data : DashBar15.dll
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\
FileVersion : 1, 5, 0, 5
ProductVersion : 1, 5, 0, 5
ProductName : DashBar Toolbar Module
CompanyName : GAIN Publishing
FileDescription : DashBar Toolbar Module
InternalName : DashBar
LegalCopyright : Copyright © 1999-2003 GAIN Publishing
OriginalFilename : DashBar15.dll
Comments : An internet search toolbar


Claria Object Recognized!
Type : File
Data : DashBarSetup.log
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\



Claria Object Recognized!
Type : File
Data : DASHBARWEBSITE.URL
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\



Claria Object Recognized!
Type : File
Data : SSTREG.EXE
Category : Data Miner
Comment :
Object : C:\Program Files\dashbar\



WhenU Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WhenUSearch

WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Save

WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WeatherCast

WhenU Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WhenUSearch

WhenU Object Recognized!
Type : File
Data : Save.exe
Category : Data Miner
Comment :
Object : C:\Program Files\save\
FileVersion : 2, 6, 4, 7
ProductVersion : 2, 6, 4, 7
ProductName : Save!
CompanyName : WhenU.com, Inc.
FileDescription : Save!
InternalName : WhenUSave
LegalCopyright : Copyright 2001
OriginalFilename : Save.exe


WhenU Object Recognized!
Type : File
Data : Weather.exe
Category : Data Miner
Comment :
Object : C:\Program Files\weathercast\
FileVersion : 1, 5, 2, 2
ProductVersion : 1, 5, 2, 2
ProductName : Weather
FileDescription : Weather
InternalName : Weather
LegalCopyright : Copyright 2002
OriginalFilename : Weather.exe


WhenU Object Recognized!
Type : File
Data : search.db
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\



WhenU Object Recognized!
Type : File
Data : search.dll
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch Module
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch Module
InternalName : WhenUSearch
LegalCopyright : Copyright 2003
OriginalFilename : Search.DLL


WhenU Object Recognized!
Type : File
Data : Search.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe


WhenU Object Recognized!
Type : File
Data : search.htm
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\



WhenU Object Recognized!
Type : File
Data : store.db
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\



WhenU Object Recognized!
Type : File
Data : Uninst.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch Uninstall
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch Uninstall
InternalName : Uninst
LegalCopyright : Copyright 2001
OriginalFilename : Uninst.exe


WhenU Object Recognized!
Type : File
Data : whse.exe
Category : Data Miner
Comment :
Object : C:\Program Files\whenusearch\
FileVersion : 2, 2, 3, 15
ProductVersion : 2, 2, 3, 15
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe


Claria Object Recognized!
Type : File
Data : Dashbar Website.lnk
Category : Data Miner
Comment : Shortcut to bad file : C:\Documents and Settings\Sami\Start Menu\Programs\DashBar\Dashbar Website.lnk
Object : C:\Documents and Settings\Sami\Start Menu\Programs\DashBar\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 87

22:50:08 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:22.277
Objects scanned:103014
Objects identified:87
Objects ignored:0
New critical objects:87
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 12 May 2005 - 04:13 PM

Guest_Andy_veal_*
  • Guest

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
45 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#3
Guest_Andy_veal_*
Posted 12 May 2005 - 04:13 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#4
mullered
Posted 13 May 2005 - 08:23 AM

mullered

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi , i am just going to follow the instructions in post 3 by andy_veal about c cleaner ect...

I dont understand the 2nd post about host and restoring it to its default. I am pretty low tech minded but i dont belive anyone has changed the hosts on the pc.

Will post a ad-aware post in a minute

Cheers

Rohan
  • 0

#5
mullered
Posted 13 May 2005 - 12:00 PM

mullered

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my new ad-adware log, thanks for anymore help. i am using the lastest definit ions.


Ad-Aware SE Build 1.05
Logfile Created on:13 May 2005 18:43:28
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CommonName(TAC index:7):3 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:58 %
Total physical memory:392496 kb
Available physical memory:227280 kb
Total page file size:551396 kb
Available on page file:443976 kb
Total virtual memory:2097024 kb
Available virtual memory:2047436 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


13-05-2005 18:43:28 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 376
ThreadCreationTime : 13-05-2005 17:37:12
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 424
ThreadCreationTime : 13-05-2005 17:37:14
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\SYSTEM32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 452
ThreadCreationTime : 13-05-2005 17:37:16
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 496
ThreadCreationTime : 13-05-2005 17:37:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 508
ThreadCreationTime : 13-05-2005 17:37:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 776
ThreadCreationTime : 13-05-2005 17:37:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 820
ThreadCreationTime : 13-05-2005 17:37:17
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 928
ThreadCreationTime : 13-05-2005 17:37:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 968
ThreadCreationTime : 13-05-2005 17:37:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1032
ThreadCreationTime : 13-05-2005 17:37:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1112
ThreadCreationTime : 13-05-2005 17:37:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [logwatnt.exe]
ModuleName : C:\WINDOWS\LogWatNT.exe
Command Line : C:\WINDOWS\LogWatNT.exe
ProcessID : 1160
ThreadCreationTime : 13-05-2005 17:37:19
BasePriority : Normal


#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1172
ThreadCreationTime : 13-05-2005 17:37:19
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:14 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1232
ThreadCreationTime : 13-05-2005 17:37:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1896
ThreadCreationTime : 13-05-2005 17:38:22
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [shnlog.exe]
ModuleName : C:\WINDOWS\System32\shnlog.exe
Command Line : "C:\WINDOWS\System32\shnlog.exe"
ProcessID : 2040
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal

ProductVersion : 1.7

#:17 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 2\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
ProcessID : 148
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal


#:18 [jshepeai.exe]
ModuleName : C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe
Command Line : "C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe" -QuieT
ProcessID : 172
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal


#:19 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 200
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal


#:20 [hpztsb04.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe"
ProcessID : 164
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

#:21 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 220
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [bsw.exe]
ModuleName : C:\bsw.exe
Command Line : "C:\bsw.exe"
ProcessID : 240
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal


#:23 [dvzmsgr.exe]
ModuleName : C:\WINDOWS\DvzCommon\DvzMsgr.exe
Command Line : "C:\WINDOWS\DvzCommon\DvzMsgr.exe"
ProcessID : 256
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal


#:24 [hotsync.exe]
ModuleName : C:\Program Files\Sony Handheld\HOTSYNC.EXE
Command Line : "C:\Program Files\Sony Handheld\HOTSYNC.EXE"
ProcessID : 264
ThreadCreationTime : 13-05-2005 17:38:24
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:25 [ips1.exe]
ModuleName : C:\DOCUME~1\Sami\LOCALS~1\Temp\Ips1.exe
Command Line : -F:C:\DOCUME~1\Sami\LOCALS~1\Temp\Ips2.Ipr -BxPxF: -MxRxE:C:\DOCUME~1\Sami\APPLIC~1\jshepeai.exe -QuieT
ProcessID : 1224
ThreadCreationTime : 13-05-2005 17:38:25
BasePriority : Normal


#:26 [intmon.exe]
ModuleName : C:\WINDOWS\System32\intmon.exe
Command Line : intmon.exe
ProcessID : 1348
ThreadCreationTime : 13-05-2005 17:38:26
BasePriority : Normal


#:27 [devldr32.exe]
ModuleName : C:\WINDOWS\System32\devldr32.exe
Command Line : C:\WINDOWS\System32\devldr32.exe
ProcessID : 1496
ThreadCreationTime : 13-05-2005 17:38:28
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 800
ThreadCreationTime : 13-05-2005 17:43:17
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}

CommonName Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f}
Value :

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f}

Windows Object Recognized!
Type : RegData
Data : explorer.exe, msmsgs.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe, msmsgs.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

18:54:26 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:57.525
Objects scanned:106153
Objects identified:4
Objects ignored:0
New critical objects:4
  • 0

#6
Guest_Andy_veal_*
Posted 13 May 2005 - 06:00 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R45 13.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#7
Guest_Andy_veal_*
Posted 13 May 2005 - 06:01 PM

Guest_Andy_veal_*
  • Guest
Your host file can contain good and bad results.

Something has been adding entries into your host file, these could be good or bad,

If you dont know what has been adding the entries please reset your host file to default.

:tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP