Hi, Kristy, and (obviously) thank you for the help.
here are the logs
About buster (this is the second log, since it was overwritten on the first
)
Scanned at: 15.45.13 on: 31/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 28
No ADS found on system
Removed 2 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 28
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
Scanned at: 15.49.13 on: 31/05/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 28
No ADS found on system
Removed 3 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 28
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
here is the other one:
(5/31/05 15.53.30) SPSeHjFix started v1.1.2
(5/31/05 15.53.30) OS: WinXP Service Pack 1 (5.1.2600)
(5/31/05 15.53.30) Language: italiano
(5/31/05 15.53.30) Win-Path: C:\windows
(5/31/05 15.53.30) System-Path: C:\windows\System32
(5/31/05 15.53.30) Temp-Path: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\
(5/31/05 15.53.43) Disinfection started
(5/31/05 15.53.43) Bad-Dll(IEP): (not found)
(5/31/05 15.53.43) Bad-Dll(IEP) in BHO: (not found)
(5/31/05 15.53.43) UBF: 4 - UBB: 1 - UBR: 10
(5/31/05 15.53.43) UBF: 4 - UBB: 1 - UBR: 10
(5/31/05 15.53.43) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
(5/31/05 15.53.43) Stealth-String not found
(5/31/05 15.53.43) Not infected->END
as for the AVirus I ran the Symantec sice I have it constantly updated on the PC and it gave no viruses found
and finally the HiJackThis...
Logfile of HijackThis v1.99.1
Scan saved at 17.07.11, on 31/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\windows\LTSMMSG.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\windows\System32\ctfmon.exe
C:\Programmi\NETGEAR\MA401 Wireless PC Card\Config.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE
C:\Programmi\Asso2000\IR\irmon2k.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
C:\Programmi\Netscape\Netscape\Netscp.exe
C:\AboutBuster\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\windows\system32\awrul.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\windows\system32\awrul.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SIDeA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.sidea.it.priv:80;https=proxy.sidea.it.priv:80;ftp=proxy.sidea.it.priv:80;gopher=proxy.sidea.it.priv:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - Startup: IrDA virtuale (per Asso SGA).lnk = C:\Programmi\Asso2000\IR\irmon2k.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Programmi\NETGEAR\MA401 Wireless PC Card\Config.exe
O4 - Global Startup: Finestra di stato di Canon iR1200-1300.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sidea.it.priv
O17 - HKLM\Software\..\Telephony: DomainName = sidea.it.priv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sidea.it.priv
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Provvedere al Servizio Sicurezza (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
I "fixed"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\windows\system32\awrul.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\windows\system32\awrul.dll/sp.html#49977
(the dll was not present in the directory) and the new log is:
Logfile of HijackThis v1.99.1
Scan saved at 17.11.49, on 31/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\windows\LTSMMSG.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\windows\System32\ctfmon.exe
C:\Programmi\NETGEAR\MA401 Wireless PC Card\Config.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE
C:\Programmi\Asso2000\IR\irmon2k.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE
C:\Programmi\Netscape\Netscape\Netscp.exe
C:\AboutBuster\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SIDeA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.sidea.it.priv:80;https=proxy.sidea.it.priv:80;ftp=proxy.sidea.it.priv:80;gopher=proxy.sidea.it.priv:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - Startup: IrDA virtuale (per Asso SGA).lnk = C:\Programmi\Asso2000\IR\irmon2k.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Programmi\NETGEAR\MA401 Wireless PC Card\Config.exe
O4 - Global Startup: Finestra di stato di Canon iR1200-1300.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2LAK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sidea.it.priv
O17 - HKLM\Software\..\Telephony: DomainName = sidea.it.priv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sidea.it.priv
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Provvedere al Servizio Sicurezza (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
After that, though, AD Aware gave this log
Ad-Aware SE Build 1.05
Logfile Created on:martedì 31 maggio 2005 17.12.45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):11 total references
MRU List(TAC index:0):18 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Win32.Trojan.Agent.bi(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\Programmi\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:37 %
Total physical memory:522736 kb
Available physical memory:191000 kb
Total page file size:1279368 kb
Available on page file:1065692 kb
Total virtual memory:2097024 kb
Available virtual memory:2048544 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
31-05-2005 17.12.45 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 364
ThreadCreationTime : 31-05-2005 13.59.18
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 416
ThreadCreationTime : 31-05-2005 13.59.24
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 440
ThreadCreationTime : 31-05-2005 13.59.25
BasePriority : High
#:4 [services.exe]
FilePath : C:\windows\system32\
ProcessID : 484
ThreadCreationTime : 31-05-2005 13.59.25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\windows\system32\
ProcessID : 496
ThreadCreationTime : 31-05-2005 13.59.25
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 660
ThreadCreationTime : 31-05-2005 13.59.26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 684
ThreadCreationTime : 31-05-2005 13.59.26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 828
ThreadCreationTime : 31-05-2005 13.59.27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 852
ThreadCreationTime : 31-05-2005 13.59.27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
FilePath : C:\windows\system32\
ProcessID : 984
ThreadCreationTime : 31-05-2005 13.59.27
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [alg.exe]
FilePath : C:\windows\System32\
ProcessID : 1120
ThreadCreationTime : 31-05-2005 13.59.30
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:12 [defwatch.exe]
FilePath : C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1136
ThreadCreationTime : 31-05-2005 13.59.30
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:13 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 31-05-2005 13.59.30
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe
#:14 [inetinfo.exe]
FilePath : C:\WINDOWS\System32\inetsrv\
ProcessID : 1192
ThreadCreationTime : 31-05-2005 13.59.30
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : INETINFO.EXE
#:15 [rtvscan.exe]
FilePath : C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 1232
ThreadCreationTime : 31-05-2005 13.59.30
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:16 [nvsvc32.exe]
FilePath : C:\windows\System32\
ProcessID : 1316
ThreadCreationTime : 31-05-2005 13.59.31
BasePriority : Normal
FileVersion : 6.13.10.3100
ProductVersion : 6.13.10.3100
ProductName : NVIDIA Driver Helper Service, Version 31.00
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 31.00
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:17 [svchost.exe]
FilePath : C:\windows\System32\
ProcessID : 1380
ThreadCreationTime : 31-05-2005 13.59.31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [explorer.exe]
FilePath : C:\windows\
ProcessID : 1804
ThreadCreationTime : 31-05-2005 13.59.38
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE
#:19 [syntplpr.exe]
FilePath : C:\Programmi\Synaptics\SynTP\
ProcessID : 236
ThreadCreationTime : 31-05-2005 13.59.39
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPLpr.exe
#:20 [ltsmmsg.exe]
FilePath : C:\windows\
ProcessID : 320
ThreadCreationTime : 31-05-2005 13.59.39
BasePriority : Normal
FileVersion : 3.1.97 3.1.97 08/02/2001 14:13:11
ProductVersion : 3.1.97 3.1.97 08/02/2001 14:13:11
ProductName : Lucent SoftModem Messaging Applet
CompanyName : Lucent Technologies
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Lucent Technologies 1998-2000
OriginalFilename : smdmstat.exe
#:21 [launchap.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 300
ThreadCreationTime : 31-05-2005 13.59.39
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LAUNCHAP Application
FileDescription : LAUNCHAP
InternalName : LAUNCHAP
LegalCopyright : Copyright 1999 - 2000
OriginalFilename : LAUNCHAP.EXE
#:22 [hotkeyapp.exe]
FilePath : C:\Program Files\Launch Manager\
ProcessID : 348
ThreadCreationTime : 31-05-2005 13.59.39
BasePriority : Normal
#:23 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 256
ThreadCreationTime : 31-05-2005 13.59.39
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002
#:24 [logitray.exe]
FilePath : C:\Programmi\Logitech\Video\
ProcessID : 396
ThreadCreationTime : 31-05-2005 13.59.40
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:25 [ctfmon.exe]
FilePath : C:\windows\System32\
ProcessID : 112
ThreadCreationTime : 31-05-2005 13.59.40
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:26 [config.exe]
FilePath : C:\Programmi\NETGEAR\MA401 Wireless PC Card\
ProcessID : 712
ThreadCreationTime : 31-05-2005 13.59.41
BasePriority : Normal
FileVersion : 4.06.4.7
CompanyName : Neesus Datacom Inc.
FileDescription : Configuration Utility for Intersil driver
LegalCopyright : © Neesus Datacom Inc., 1997-2000
OriginalFilename : Config.exe
#:27 [capm2lak.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 808
ThreadCreationTime : 31-05-2005 13.59.41
BasePriority : Normal
FileVersion : 1.00.0.010
ProductVersion : 1.00.0.010
ProductName : Canon Advanced Printing Technology
CompanyName : CANON INC.
FileDescription : CAPM2 PSW Launcher
InternalName : CAPM2LAK
LegalCopyright : Copyright CANON INC. 1998-2002
OriginalFilename : CAPM2LAK.EXE
#:28 [irmon2k.exe]
FilePath : C:\Programmi\Asso2000\IR\
ProcessID : 864
ThreadCreationTime : 31-05-2005 13.59.41
BasePriority : Normal
FileVersion : 2.0.0.35-alpha7
ProductVersion : 2.0.0-alpha7
ProductName : IrCOMM2k
CompanyName : Jan Kiszka
FileDescription : Virtual Infrared COM Port, Service Program
InternalName : irmon2k.exe
LegalCopyright : Copyright © 2001-2003 Jan Kiszka
OriginalFilename : irmon2k.exe
#:29 [fxsvr2.exe]
FilePath : C:\Programmi\Logitech\Video\
ProcessID : 1396
ThreadCreationTime : 31-05-2005 13.59.48
BasePriority : Normal
FileVersion : 8.2.0.1192
ProductVersion : 8.2.0.1192
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:30 [capm2swk.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 2116
ThreadCreationTime : 31-05-2005 13.59.51
BasePriority : Normal
FileVersion : 1.00.0.010
ProductVersion : 1.00.0.010
ProductName : Canon Advanced Printing Technology
CompanyName : CANON INC.
FileDescription : Canon Advanced Printing Technology Printer Status Window
InternalName : CAPM2SWK
LegalCopyright : Copyright CANON INC. 1998-2002
OriginalFilename : CAPM2SWK.EXE
#:31 [netscp.exe]
FilePath : C:\Programmi\Netscape\Netscape\
ProcessID : 2372
ThreadCreationTime : 31-05-2005 14.00.04
BasePriority : Normal
#:32 [hijackthis.exe]
FilePath : C:\AboutBuster\
ProcessID : 1276
ThreadCreationTime : 31-05-2005 15.07.01
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section
#:33 [notepad.exe]
FilePath : C:\windows\system32\
ProcessID : 2316
ThreadCreationTime : 31-05-2005 15.10.06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE
#:34 [notepad.exe]
FilePath : C:\windows\system32\
ProcessID : 3560
ThreadCreationTime : 31-05-2005 15.11.49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE
#:35 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3812
ThreadCreationTime : 31-05-2005 15.12.33
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Agent.bi Object Recognized!
Type : File
Data : d3yv32.exe
Category : Malware
Comment :
Object : C:\windows\
CoolWebSearch Object Recognized!
Type : File
Data : vehii.dll
Category : Malware
Comment :
Object : C:\windows\
Disk Scan Result for C:\windows
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
CoolWebSearch Object Recognized!
Type : File
Data : vsydp.dat
Category : Malware
Comment :
Object : C:\windows\System32\
CoolWebSearch Object Recognized!
Type : File
Data : zqcci.dat
Category : Malware
Comment :
Object : C:\windows\System32\
Disk Scan Result for C:\windows\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Disk Scan Result for C:\DOCUME~1\Distante\IMPOST~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered:
http://www.onlysex.ws/ Object : C:\Documents and Settings\Distante\Preferiti\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered:
http://www.lookfor.cc/ Object : C:\Documents and Settings\Distante\Preferiti\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered:
http://www.7days.ws/ Object : C:\Documents and Settings\Distante\Preferiti\
MRU List Object Recognized!
Location: : C:\Documents and Settings\Distante\Dati applicazioni\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Distante\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : software\microsoft\office\8.0\publisher\recent file list
Description : list of recent files used by microsoft publisher
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-182280796-466822058-305008010-1012\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {E68FF21A-1D01-4C00-EDC8-A80470B5A15F}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : File
Data : apijm32.dll
Category : Malware
Comment :
Object : C:\windows\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 34
17.15.38 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.02.53.89
Objects scanned:68953
Objects identified:16
Objects ignored:0
New critical objects:16
I removed all this , booted again, updated Adaware, found other objects, removed them, booted once more (
) and now both hiJack and Adaware seem to find no problems....
hope it is true!
anyway... if you have some suggestions, please "help yourself!" and if not... thanx again.
fausto