Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wallpaper Disabled Post-Cleanup


  • Please log in to reply

#1
milehighguy

milehighguy

    Member

  • Member
  • PipPip
  • 11 posts
Greetings,

I'm running Windows 2000 on a laptop which I use with a wireless hub at home, then bring to the office to connect to an ISP/LAN which browses via a DSL.

I recently cleaned out some viruses and Trojans, and now find my desktop wallpaper locked up with desktops icons against a black background. (Wallpaper is visible during boot-up, but once the desktop icons appear, the desktop goes black). Certain other changes have taken place as well - such as the removal of my PopUpCop toolbar button, and toolbar lockup - upon reinstall of PopUpCop, I'm not allowed to have it add its toolbar button.

My post clean-up scans were running clean, so I'm wondering if I was a little too zealous in deleting files and screwed up my registry targets ... or do I still have an infection?

Recent experience with a disabled Task Manager has taught me malware can lock features. As a result, I've become familiar with registry settings such as NoChangingWallpaper. It seems to be in normal (not disabled) setting:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper = 0

However, when I click Start/Settings/Control Panel/Display/Background, I'm unable to activate any choices, and wallpaper is locked to an IE icon with the word "desktop". Elsewhere in these forums I've read about "desktop.html"
and in fact found the following registry setting:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper REG_SZ C:\WINDOWS\desktop.html

... although there is no such file "desktop.html".

So I'm wondering - if this System Wallpaper setting is the source of the wallpaper lockup, what should this entry actually read? Are there other wallpaper settings elsewhere in the registry I should check? And what about registry settings that have locked the toolbar from adding buttons?

(Note: Even though I suspect registry problems, Ad-Aware did find 4 critical objects.)

I registered here then went through the drill:

CleanUp! - Installed and ran.
Ad-aware SE - Installed and ran - log below
CWShredder - Clean report
Spybot S&D - Clean report
Ewido - Clean report
Trend Housecall - Clean report
Hijack This - log below

Thanks for any help!

Milehighguy

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, June 02, 2005 12:50:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
MRU List(TAC index:0):45 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-2-2005 12:46:11 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692


6-2-2005 12:46:17 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:76 %
Total physical memory:1015276 kb
Available physical memory:761552 kb
Total page file size:2444672 kb
Available on page file:2280220 kb
Total virtual memory:2097024 kb
Available virtual memory:2038128 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-2-2005 12:50:57 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 176
ThreadCreationTime : 6-2-2005 6:19:03 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 200
ThreadCreationTime : 6-2-2005 6:19:13 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 220
ThreadCreationTime : 6-2-2005 6:19:15 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 248
ThreadCreationTime : 6-2-2005 6:19:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 260
ThreadCreationTime : 6-2-2005 6:19:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 436
ThreadCreationTime : 6-2-2005 6:19:24 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 472
ThreadCreationTime : 6-2-2005 6:19:27 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 524
ThreadCreationTime : 6-2-2005 6:19:27 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 552
ThreadCreationTime : 6-2-2005 6:19:27 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:10 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 568
ThreadCreationTime : 6-2-2005 6:19:28 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:11 [gearsec.exe]
ModuleName : C:\WINDOWS\system32\gearsec.exe
Command Line : system32\gearsec.exe
ProcessID : 624
ThreadCreationTime : 6-2-2005 6:19:30 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:12 [gearsec.exe]
ModuleName : C:\WINDOWS\system32\gearsec.exe
Command Line : system32\gearsec.exe
ProcessID : 644
ThreadCreationTime : 6-2-2005 6:19:30 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:13 [regsvc.exe]
ModuleName : C:\WINDOWS\system32\regsvc.exe
Command Line : C:\WINDOWS\system32\regsvc.exe
ProcessID : 676
ThreadCreationTime : 6-2-2005 6:19:31 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:14 [mstask.exe]
ModuleName : C:\WINDOWS\system32\MSTask.exe
Command Line : C:\WINDOWS\system32\MSTask.exe
ProcessID : 696
ThreadCreationTime : 6-2-2005 6:19:32 PM
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:15 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : slserv.exe
ProcessID : 724
ThreadCreationTime : 6-2-2005 6:19:32 PM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:16 [stisvc.exe]
ModuleName : C:\WINDOWS\system32\stisvc.exe
Command Line : C:\WINDOWS\system32\stisvc.exe
ProcessID : 760
ThreadCreationTime : 6-2-2005 6:19:32 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:17 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 792
ThreadCreationTime : 6-2-2005 6:19:33 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:18 [wfxsvc.exe]
ModuleName : C:\WINDOWS\system32\WFXSVC.EXE
Command Line : C:\WINDOWS\system32\WFXSVC.EXE
ProcessID : 832
ThreadCreationTime : 6-2-2005 6:19:33 PM
BasePriority : Normal
FileVersion : 10.00.2000.0214
ProductVersion : 10.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : Symantec WinFax PRO NT Service
InternalName : WFXSVC
LegalCopyright : Copyright © Symantec Corporation. 1990-2000
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation

#:19 [winmgmt.exe]
ModuleName : C:\WINDOWS\System32\WBEM\WinMgmt.exe
Command Line : C:\WINDOWS\System32\WBEM\WinMgmt.exe
ProcessID : 844
ThreadCreationTime : 6-2-2005 6:19:33 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:20 [wfxmod32.exe]
ModuleName : C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
Command Line : /0
ProcessID : 852
ThreadCreationTime : 6-2-2005 6:19:33 PM
BasePriority : High
FileVersion : 10.00.2000.0214
ProductVersion : 10.00
ProductName : Symantec WinFax PRO
CompanyName : Symantec Corporation
FileDescription : WinFax Pro Serial Modem Driver
InternalName : WFXMOD32.EXE
LegalCopyright : Copyright © Symantec Corporation. 1990-2000
LegalTrademarks : Symantec WinFax PRO ® is a registered trademark of Symantec Corporation
Comments : This is the Class1/Class2/SendFax/WorldPort Driver Program

#:21 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k wugroup
ProcessID : 864
ThreadCreationTime : 6-2-2005 6:19:34 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 312
ThreadCreationTime : 6-2-2005 6:41:05 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:23 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 1396
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 6.7.4 01Aug02
ProductVersion : 6.7.4 01Aug02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:24 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 1408
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 6.7.4 01Aug02
ProductVersion : 6.7.4 01Aug02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:25 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 1356
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 5.0
ProductVersion : 5.0
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:26 [wfxsnt40.exe]
ModuleName : C:\WINDOWS\system32\wfxsnt40.exe
Command Line : "C:\WINDOWS\system32\wfxsnt40.exe"
ProcessID : 1368
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 7.00 (Build 019)
ProductVersion : 7.00 (Build 019)
ProductName : Microsoft ® Windows NT™ WinFax Printer Driver
CompanyName : Microsoft Corporation
FileDescription : Delrina Fax Port Launcher
InternalName : WFXSNT40.DLL
LegalCopyright : Copyright © Symantec Corp. 1990-1997
OriginalFilename : WFXSNT40.DLL

#:27 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1428
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:28 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 1060
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:29 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe"
ProcessID : 1344
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:30 [wlanmonitor.exe]
ModuleName : C:\Program Files\11Wave\WaveBuddy WLAN Card & Adapter Utility\WlanMonitor.exe
Command Line : "C:\Program Files\11Wave\WaveBuddy WLAN Card & Adapter Utility\WlanMonitor.exe"
ProcessID : 980
ThreadCreationTime : 6-2-2005 6:41:06 PM
BasePriority : Normal
FileVersion : 3, 3, 4, 48
ProductVersion : 1, 0, 0, 1
ProductName : Wireless LAN Monitor Utility
CompanyName : ATMEL
FileDescription : Wireless LAN Monitor Utility
InternalName : WlanMonitor
LegalCopyright : Copyright © 2002
OriginalFilename : WlanMonitor.exe
Comments : Wireless LAN Monitor Utility

#:31 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +483832
ProcessID : 1496
ThreadCreationTime : 6-2-2005 6:46:08 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jesse Smith.K2L9U8\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Jesse Smith.K2L9U8\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\editor
Description : last used folder in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\editor
Description : folder of the last used web in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\editor\insert hyperlink\recently used urls
Description : list of recently used urls in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\editor\insert image\recently used urls
Description : list of recently used urls in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\editor\recently used urls
Description : list of recently used urls in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\webs\opened
Description : list of recently opened webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\frontpage\webs\published
Description : list of recently published webs in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\ntbackup\log files
Description : list of recent logfiles in microsoft backup


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-606747145-1993962763-1060284298-1000\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
697 entries scanned.
New critical objects:0
Objects found so far: 47



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Software cracks, serial numbers, keygens, patches. Present by TheBUGS.ws.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://cracks.thebug...pages/W/8.shtml
Object : C:\Documents and Settings\Jesse Smith.K2L9U8\Favorites\Software Cracks\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Trinsic.org - Browsing serials begining with the letter W, page 22.url
TAC Rating : 3
Category : Misc
Comment : Problematic URL discovered: http://www.trinsic.o...x.php?t=87&n=22
Object : C:\Documents and Settings\Jesse Smith.K2L9U8\Favorites\Software Cracks\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

12:57:15 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:17.953
Objects scanned:110516
Objects identified:4
Objects ignored:0
New critical objects:4


Logfile of HijackThis v1.99.1
Scan saved at 3:09:22 PM, on 6/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\11Wave\WaveBuddy WLAN Card & Adapter Utility\WlanMonitor.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Acrobat Assistant.lnk = Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WLAN Configuration & Monitor Utility.lnk = 11Wave\WaveBuddy WLAN Card & Adapter Utility\WlanMonitor.exe
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{742D85CE-90EE-4A2B-B6E6-B62C03C94EB0}: NameServer = 67.97.234.4,151.164.1.8
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity_BackUp - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GoToMyPC - Unknown owner - \\Jesse\jesse\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP