Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Spyware


  • Please log in to reply

#1
Space-Man

Space-Man

    Member

  • Member
  • PipPip
  • 97 posts
I have got bad spyware again where it changes my homepage to about:blank. I can't get rid of this spyware no matter what program i use.

Please help.

Edited by Space-Man, 04 July 2005 - 06:10 AM.

  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
In order to assist you, we need to see the log from an Ad-Aware SE 1.06r1 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R52 30.06.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems

  • 0

#3
Space-Man

Space-Man

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Ok here's my logfile :

Ad-Aware SE Build 1.05
Logfile Created on:05 July 2005 23:12:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):22 total references
MRU List(TAC index:0):26 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05-07-2005 23:12:38 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-599103073-1694398658-3179630498-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 704
ThreadCreationTime : 05-07-2005 15:18:59
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 05-07-2005 15:19:00
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 05-07-2005 15:19:01
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 05-07-2005 15:19:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 05-07-2005 15:19:01
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1048
ThreadCreationTime : 05-07-2005 15:19:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1076
ThreadCreationTime : 05-07-2005 15:19:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1260
ThreadCreationTime : 05-07-2005 15:19:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 05-07-2005 15:19:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1488
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1516
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1560
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1624
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal


#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1656
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [fbguard.exe]
FilePath : C:\Program Files\Firebird\Firebird_1_5\bin\
ProcessID : 1708
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : WI-V1.5.1.4481
ProductVersion : 1.5.1.4481
ProductName : Firebird SQL Server
CompanyName : The Firebird Project
FileDescription : Firebird SQL Server
InternalName : Firebird
LegalCopyright : All Copyright © retained by individual contributors - original code Copyright © 2000 Inprise Corporation
Comments : This product created by The Firebird Project - All Copyright © retained by the individual contributors - original code Copyright © 2000 Inprise Corporation and predecessors.

#:16 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1792
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1820
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [tmntsrv.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ProcessID : 1856
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 9.0.3.1348
ProductVersion : 9.0.3
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1908
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [vcssecs.exe]
FilePath : C:\Program Files\Virtual CD v4 SDK\system\
ProcessID : 1972
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 4, 3, 0, 1
ProductVersion : 4, 3, 0, 0
ProductName : Virtual CD
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.3 SDK - Security Service
InternalName : VCSSecS
LegalCopyright : Copyright © 2001 by H+H Software GmbH
OriginalFilename : VCSSecS.exe

#:21 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2000
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal


#:22 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2036
ThreadCreationTime : 05-07-2005 15:19:03
BasePriority : Normal
FileVersion : 3.60.7.0
ProductVersion : 3.60.7.0
ProductName : BCM 802.11g Network Adapter Wireless Network Tray Applet
CompanyName : Broadcom Corporation
FileDescription : BCM 802.11g Network Adapter Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2003, Broadcom Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:23 [pccpfw.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ProcessID : 368
ThreadCreationTime : 05-07-2005 15:19:04
BasePriority : Normal


#:24 [fbserver.exe]
FilePath : C:\Program Files\Firebird\Firebird_1_5\bin\
ProcessID : 476
ThreadCreationTime : 05-07-2005 15:19:04
BasePriority : Normal
FileVersion : WI-V1.5.1.4481
ProductVersion : 1.5.1.4481
ProductName : Firebird SQL Server
CompanyName : The Firebird Project
FileDescription : Firebird SQL Server
InternalName : Firebird
LegalCopyright : All Copyright © retained by individual contributors - original code Copyright © 2000 Inprise Corporation
Comments : This product created by The Firebird Project - All Copyright © retained by the individual contributors - original code Copyright © 2000 Inprise Corporation and predecessors.

#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1356
ThreadCreationTime : 05-07-2005 15:19:13
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:26 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1884
ThreadCreationTime : 05-07-2005 15:19:14
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1964
ThreadCreationTime : 05-07-2005 15:19:14
BasePriority : Normal


#:28 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 164
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 5.1.0.24
ProductVersion : 5.1.0.24
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:29 [pop3trap.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ProcessID : 224
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 9.0.3.1359
ProductVersion : 9.0.3
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap

#:30 [pcmservice.exe]
FilePath : C:\Apps\Powercinema\
ProcessID : 264
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 3.0.1330
ProductVersion : 3.0.1330
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : PCMService.EXE

#:31 [pccguide.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ProcessID : 316
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 9.0.3.1348
ProductVersion : 9.0.3
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide

#:32 [pccclient.exe]
FilePath : C:\Program Files\Trend Micro\PC-cillin 2002\
ProcessID : 324
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 9.0.3.1348
ProductVersion : 9.0.3
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient

#:33 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 356
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:34 [aboard.exe]
FilePath : C:\apps\ABoard\
ProcessID : 544
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : Activboard Application
CompanyName : NEC Computers International
FileDescription : Activboard Application
InternalName : Activboard
LegalCopyright : Copyright © 2003
OriginalFilename : ABoard.exe

#:35 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 1244
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 8.0.3.1112
ProductVersion : 8.0.3.1112
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2003 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:36 [aosd.exe]
FilePath : C:\apps\ABoard\
ProcessID : 108
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : ?
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : ActivOSD Application
CompanyName : NEC Computers International
FileDescription : ActivOSD Application
InternalName : ActivOSD
LegalCopyright : Copyright © 2003
OriginalFilename : ActivOSD.exe

#:37 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1396
ThreadCreationTime : 05-07-2005 15:19:15
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:38 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1420
ThreadCreationTime : 05-07-2005 15:19:16
BasePriority : Normal


#:39 [alunotify.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1568
ThreadCreationTime : 05-07-2005 15:19:16
BasePriority : Normal
FileVersion : 2.6.14.0
ProductVersion : 2.6.14.0
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Symantec ALUNotify Module
InternalName : Symantec ALUNotify
LegalCopyright : Copyright © 1996-2004 Symantec Corporation
OriginalFilename : ALUNotify.exe

#:40 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1768
ThreadCreationTime : 05-07-2005 15:19:16
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : se.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\DOCUME~1\Owner\LOCALS~1\Temp\


Warning! CoolWebSearch Object found in memory(C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll)

"C:\WINDOWS\System32\rundll32.exe"Process terminated successfully

#:41 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2060
ThreadCreationTime : 05-07-2005 15:19:16
BasePriority : Normal
FileVersion : 6,0,0,1913
ProductVersion : 6,0,0,1913
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:42 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2084
ThreadCreationTime : 05-07-2005 15:19:16
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:43 [lvcoms.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2440
ThreadCreationTime : 05-07-2005 15:19:18
BasePriority : Normal
FileVersion : 7.3.0.1113
ProductVersion : 7.3.0.1113
ProductName : Logitech ImageStudio
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2002 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:44 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2852
ThreadCreationTime : 05-07-2005 15:19:21
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:45 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3024
ThreadCreationTime : 05-07-2005 21:33:14
BasePriority : Normal


#:46 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2204
ThreadCreationTime : 05-07-2005 22:06:21
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:47 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2976
ThreadCreationTime : 05-07-2005 22:11:46
BasePriority : Normal


#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 660
ThreadCreationTime : 05-07-2005 22:12:02
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : S-1-5-21-599103073-1694398658-3179630498-1003\software\microsoft\internet explorer\main
Value : HOMEOldSP

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sp"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : sp

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@servedby.advertising.com/
Expires : 04-08-2005 21:05:04
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@advertising.com/
Expires : 04-07-2010 00:06:24
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@imrworldwide.com/cgi-bin
Expires : 19-01-2009
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@bs.serving-sys.com/
Expires : 01-01-2038 06:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@paycounter[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@paycounter.com/
Expires : 31-12-2030 02:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:owner@as1.falkag.de/
Expires : 04-08-2005 22:16:16
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@bluestreak.com/
Expires : 02-07-2015 19:07:22
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@counter1.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@counter1.sextracker.com/
Expires : 05-07-2005 17:22:54
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:owner@sextracker.com/
Expires : 06-07-2005 00:26:12
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@fastclick.net/
Expires : 25-06-2007 17:01:14
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[2].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:owner@atdmt.com/
Expires : 02-07-2010 01:00:00
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.pointroll[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@ads.pointroll.com/
Expires : 01-01-2010 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:owner@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@www.needadvertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@www.needadvertising.com/
Expires : 05-07-2006 17:01:22
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@xxxcounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@xxxcounter.com/
Expires : 06-07-2005 00:17:02
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@stat.onestat[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:owner@stat.onestat.com/
Expires : 05-07-2015 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:owner@doubleclick.net/
Expires : 02-07-2008 23:56:12
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@counter13.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@counter13.sextracker.com/
Expires : 05-07-2005 06:46:02
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@serving-sys.com/
Expires : 01-01-2038 06:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 49



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 49




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Toolbars_Placement

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
Data : about:blank

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

CoolWebSearch Object Recognized!
Type : File
Data : se.dll
Category : Malware
Comment :
Object : C:\DOCUME~1\Owner\LOCALS~1\Temp\



CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
Category : Malware
Comment :
Object : C:\WINDOWS\System32\wbem\logs\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 68

23:21:21 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:43.500
Objects scanned:117857
Objects identified:41
Objects ignored:0
New critical objects:41
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP