Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What happened [RESOLVED] [CLOSED]

Started by Blane64 , May 12 2005 08:36 PM

  • This topic is locked This topic is locked

#1
Blane64
Posted 12 May 2005 - 08:36 PM

Blane64

    New Member

  • Member
  • Pip
  • 6 posts
When I open my internet, the home page initially comes up, but is then redirected to an E search - quick web serch screen. There are maybe six different search subjects that randomly come up. Also, after about five minutes on the internet, a prompt on my tool bar says there may be spyware on my computer and offers a link to go about having it removed. There also seems to be an adware scanner on my desktop that I don't recall adding - WareOut Scanner & Monitor. If there is anyone out there that can help me get out of this mess I'd really appreciate it.

Bob

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 12, 2005 8:44:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):2 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:0 %
Total physical memory:130588 kb
Available physical memory:856 kb
Total page file size:1966560 kb
Available on page file:1809508 kb
Total virtual memory:2093056 kb
Available virtual memory:1768896 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-05 8:44:19 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279235445
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294944125
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294946149
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294854613
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [VSSTAT.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
Command Line : "c:\Program Files\McAfee\McAfee VirusScan\VSSTAT.EXE" /SHOWWARNING
ProcessID : 4294849393
Threads : 2
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : McAfee VirusScan
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : VSStat.exe

#:6 [WEBSCANX.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe" /RUNSERVICES
ProcessID : 4294893517
Threads : 2
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : McAfee VirusScan
CompanyName : Network Associates, Inc.
FileDescription : WebScanX
InternalName : McAfee WebScanX
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : WebScanX.exe

#:7 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294881125
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:8 [ABCD.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ABCD.EXE
Command Line : "C:\WINDOWS\SYSTEM\abcd.exe" /S
ProcessID : 4294873517
Threads : 2
Priority : Normal
FileVersion : 1, 3, 0, 120
ProductVersion : 1, 3, 0, 0
ProductName : abCD
CompanyName : Prassi ™ Software USA, Inc.
FileDescription : abCD Interface application
InternalName : abCD
LegalCopyright : Copyright© 1998-99 by Prassi Software USA, Inc.
LegalTrademarks : "Prassi abCD" is a Trademark of Prassi Software USA, Inc.
OriginalFilename : abCD.exe

#:9 [LXBTPPLS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\LXBTPPLS.EXE
Command Line : "C:\WINDOWS\SYSTEM\LXBTppls.exe"
ProcessID : 4294785277
Threads : 2
Priority : Normal
FileVersion : 1.27.12.0
ProductVersion : 1.27.12.0
ProductName : Lexmark Communication System
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Communication System
InternalName : LXBTppls.exe
LegalCopyright : © Lexmark International, Inc. 2001-2004
OriginalFilename : LXBTppls.exe

#:10 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4294817525
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:11 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294801701
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:12 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294720469
Threads : 4
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:13 [ALOGSERV.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
Command Line : "C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe"
ProcessID : 4294718621
Threads : 2
Priority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : Part of VirusScan 2000
CompanyName : Network Associates
FileDescription : AlogServ
InternalName : AlogServ
LegalCopyright : Copyright © 1999 Network Associates
OriginalFilename : AlogServ.exe
Comments : Activity Log Server

#:14 [AVCONSOL.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
Command Line : "C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe" /minimize
ProcessID : 4294747533
Threads : 1
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : VirusScan
CompanyName : Network Associates Inc
FileDescription : McAfee VirusScan Scheduler File
InternalName : VirusScan Scheduler
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : Schedule.exe

#:15 [CMGRDIAN.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
ProcessID : 4294753461
Threads : 1
Priority : Normal
FileVersion : 2.0.0.3
ProductVersion : 2.0.0.3
ProductName : First Aid Guardian
CompanyName : Network Associates, Inc.
FileDescription : First Aid Guardian
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-1999 Network Associates, Inc.
OriginalFilename : CMGrdian.exe

#:16 [LXBTBMGR.EXE]
ModuleName : C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMGR.EXE
Command Line : "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
ProcessID : 4294640381
Threads : 1
Priority : Normal
FileVersion : 1.0.5.7
ProductVersion : 1.0.5.7
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Manager
InternalName : lxbtbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmgr.exe

#:17 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294690577
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:18 [MSNMSGR.EXE]
ModuleName : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 4294667497
Threads : 2
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:19 [LXBTBMON.EXE]
ModuleName : C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMON.EXE
Command Line : "C:\PROGRAM FILES\LEXMARK 5200 SERIES\lxbtbmon.exe"
ProcessID : 4294654669
Threads : 2
Priority : Normal
FileVersion : 1.0.5.7
ProductVersion : 1.0.5.7
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Monitor
InternalName : lxbtbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmon.exe

#:20 [SPYSUB.EXE]
ModuleName : C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 4294598433
Threads : 9
Priority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:21 [CRASHMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CRASHMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CRASHMON.EXE" /16:1 /32:1 /kernel:1
ProcessID : 4294690533
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : Crash Protector
CompanyName : Network Associates, Inc.
FileDescription : McAfee Crash Monitor Application
InternalName : crashmon.exe
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : crashmon.exe

#:22 [FACPRMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\FACPRMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\FACPRMON.EXE" /cad:1
ProcessID : 4294537401
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : Crash Protector
CompanyName : Network Associates, Inc.
FileDescription : cprmon Application
InternalName : cprmon.exe
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : cprmon.rc

#:23 [FAMONHKW.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FAMONHKW.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FAMONHKW.EXE" /START
ProcessID : 4294540737
Threads : 1
Priority : Normal
FileVersion : 6.0.0.5
ProductVersion : 6.0.0.5
ProductName : First Aid
CompanyName : Network Associates, Inc.
FileDescription : Event Monitor Hook Exe
InternalName : FAMONHKW
LegalCopyright : Copyright © 1998-1999 Network Associates, Inc.
OriginalFilename : FAMONHKW.EXE

#:24 [RESMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\RESMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\RESMON.EXE"
ProcessID : 4294511485
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : FirstAid
CompanyName : Network Associates, Inc.
FileDescription : resmon
InternalName : resmon
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : resmon.exe

#:25 [FADSKMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FADSKMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FADSKMON.EXE"
ProcessID : 4294674605
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NAI FADskmon
CompanyName : NAI
FileDescription : FADskmon
InternalName : FADskmon
LegalCopyright : Copyright © 1998
OriginalFilename : FADskmon.exe

#:26 [FASMTMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FASMTMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FASMTMON.EXE"
ProcessID : 4294671001
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : First Aid
CompanyName : Network Associates, Inc.
FileDescription : S.M.A.R.T. Disk Monitor
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : fasmtmon.exe

#:27 [CMCP16.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CMCP16.EXE
Command Line : n/a
ProcessID : 4294522985
Threads : 1
Priority : Normal


#:28 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294556453
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:29 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294552185
Threads : 4
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:30 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294278229
Threads : 5
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:31 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 4294274557
Threads : 13
Priority : Normal
FileVersion : 6.00.2600.0000
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

CoolWebSearch Object Recognized!
Type : Process
Data : MSSNQ.DLL
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! CoolWebSearch Object found in memory(C:\WINDOWS\SYSTEM\MSSNQ.DLL)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 5-5-35 8:45:40 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@2o7[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 5-11-10 8:47:50 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 7-3-06 12:44:30 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@questionmarket[1].txt
Category : Data Miner
Comment :
Value : c:\Windows\Profiles\Bob\Cookies\bob@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\Windows\Profiles\Bob\Cookies\bob@2o7[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 7

9:11:57 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:27:38.970
Objects scanned:115124
Objects identified:6
Objects ignored:0
New critical objects:6
  • 0

Advertisements

#2
thakid
Posted 13 May 2005 - 02:26 AM

thakid

    Member

  • Member
  • PipPipPip
  • 132 posts
*Edited by an Administrator

Thakid, please do not try to help others on this forum as you are not a trained Staff Member. The advice you are giving is incomplete, and not correct.

Edited by ~Kat~, 13 May 2005 - 02:37 AM.

  • 0

#3
Mannen
Posted 13 May 2005 - 03:17 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Hi and welcome!


Please try this below and lets see if we can help you. Adaware may not find all the files behind the infection

Launch Ad-Aware SE and click on the gear to access the Configuration Menu.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Also check if there is a new update out

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Run a full system scan

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK. If Adaware ask you to reboot please do so

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply.

Then copy & paste the complete log file here. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Good luck!
Mannen
  • 0

#4
Blane64
Posted 13 May 2005 - 08:30 PM

Blane64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Mannen, Thank you for the help so far. I followed your directions. Unfortunately I still have the same problem. I re-ran the a new full scan after restarting my computer. Below is the log file you requested. Thanks again, in advance, for your help.

Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 13, 2005 8:57:36 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:10 %
Total physical memory:130588 kb
Available physical memory:2700 kb
Total page file size:1966560 kb
Available on page file:1833036 kb
Total virtual memory:2093056 kb
Available virtual memory:2043264 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-13-05 8:57:37 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279209687
Threads : 5
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294957279
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294953583
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [VSSTAT.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
Command Line : "c:\Program Files\McAfee\McAfee VirusScan\VSSTAT.EXE" /SHOWWARNING
ProcessID : 4294863587
Threads : 2
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : McAfee VirusScan
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : VSStat.exe

#:5 [WEBSCANX.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe" /RUNSERVICES
ProcessID : 4294852679
Threads : 2
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : McAfee VirusScan
CompanyName : Network Associates, Inc.
FileDescription : WebScanX
InternalName : McAfee WebScanX
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : WebScanX.exe

#:6 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294871279
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:7 [ABCD.EXE]
ModuleName : C:\WINDOWS\SYSTEM\ABCD.EXE
Command Line : "C:\WINDOWS\SYSTEM\abcd.exe" /S
ProcessID : 4294896035
Threads : 2
Priority : Normal
FileVersion : 1, 3, 0, 120
ProductVersion : 1, 3, 0, 0
ProductName : abCD
CompanyName : Prassi ™ Software USA, Inc.
FileDescription : abCD Interface application
InternalName : abCD
LegalCopyright : Copyright© 1998-99 by Prassi Software USA, Inc.
LegalTrademarks : "Prassi abCD" is a Trademark of Prassi Software USA, Inc.
OriginalFilename : abCD.exe

#:8 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294780363
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:9 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294776707
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:10 [RPCSS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE
Command Line : RPCSS
ProcessID : 4294796219
Threads : 5
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft® Windows NT™ Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:11 [LXBTPPLS.EXE]
ModuleName : C:\WINDOWS\SYSTEM\LXBTPPLS.EXE
Command Line : "C:\Windows\SYSTEM\lxbtppls.exe"
ProcessID : 4294711311
Threads : 2
Priority : Normal
FileVersion : 1.27.12.0
ProductVersion : 1.27.12.0
ProductName : Lexmark Communication System
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Communication System
InternalName : LXBTppls.exe
LegalCopyright : © Lexmark International, Inc. 2001-2004
OriginalFilename : LXBTppls.exe

#:12 [ALOGSERV.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
Command Line : "C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe"
ProcessID : 4294708791
Threads : 2
Priority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : Part of VirusScan 2000
CompanyName : Network Associates
FileDescription : AlogServ
InternalName : AlogServ
LegalCopyright : Copyright © 1999 Network Associates
OriginalFilename : AlogServ.exe
Comments : Activity Log Server

#:13 [AVCONSOL.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
Command Line : "C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe" /minimize
ProcessID : 4294737647
Threads : 1
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : VirusScan
CompanyName : Network Associates Inc
FileDescription : McAfee VirusScan Scheduler File
InternalName : VirusScan Scheduler
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee™ is a trademark of Network Associates Inc.
OriginalFilename : Schedule.exe

#:14 [CMGRDIAN.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
ProcessID : 4294732939
Threads : 1
Priority : Normal
FileVersion : 2.0.0.3
ProductVersion : 2.0.0.3
ProductName : First Aid Guardian
CompanyName : Network Associates, Inc.
FileDescription : First Aid Guardian
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-1999 Network Associates, Inc.
OriginalFilename : CMGrdian.exe

#:15 [LXBTBMGR.EXE]
ModuleName : C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMGR.EXE
Command Line : "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
ProcessID : 4294743971
Threads : 1
Priority : Normal
FileVersion : 1.0.5.7
ProductVersion : 1.0.5.7
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Manager
InternalName : lxbtbmgr.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmgr.exe

#:16 [LXBTBMON.EXE]
ModuleName : C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMON.EXE
Command Line : "C:\PROGRAM FILES\LEXMARK 5200 SERIES\lxbtbmon.exe"
ProcessID : 4294766871
Threads : 2
Priority : Normal
FileVersion : 1.0.5.7
ProductVersion : 1.0.5.7
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark 5200 Series Button Monitor
InternalName : lxbtbmon.exe
LegalCopyright : © 2002 Lexmark International, Inc.
OriginalFilename : lxbtbmon.exe

#:17 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294664459
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:18 [MSNMSGR.EXE]
ModuleName : C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 4294698671
Threads : 2
Priority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:19 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294657671
Threads : 4
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:20 [SPYSUB.EXE]
ModuleName : C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
Command Line : "C:\Program Files\interMute\SpySubtract\SpySub.exe" -autostart
ProcessID : 4294681983
Threads : 11
Priority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:21 [CRASHMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CRASHMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CRASHMON.EXE" /16:1 /32:1 /kernel:1
ProcessID : 4294604131
Threads : 2
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : Crash Protector
CompanyName : Network Associates, Inc.
FileDescription : McAfee Crash Monitor Application
InternalName : crashmon.exe
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : crashmon.exe

#:22 [FACPRMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\FACPRMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\FACPRMON.EXE" /cad:1
ProcessID : 4294631223
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : Crash Protector
CompanyName : Network Associates, Inc.
FileDescription : cprmon Application
InternalName : cprmon.exe
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : cprmon.rc

#:23 [FAMONHKW.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FAMONHKW.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FAMONHKW.EXE" /START
ProcessID : 4294511883
Threads : 1
Priority : Normal
FileVersion : 6.0.0.5
ProductVersion : 6.0.0.5
ProductName : First Aid
CompanyName : Network Associates, Inc.
FileDescription : Event Monitor Hook Exe
InternalName : FAMONHKW
LegalCopyright : Copyright © 1998-1999 Network Associates, Inc.
OriginalFilename : FAMONHKW.EXE

#:24 [RESMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\RESMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\RESMON.EXE"
ProcessID : 4294540879
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : FirstAid
CompanyName : Network Associates, Inc.
FileDescription : resmon
InternalName : resmon
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : resmon.exe

#:25 [FADSKMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FADSKMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FADSKMON.EXE"
ProcessID : 4294518075
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NAI FADskmon
CompanyName : NAI
FileDescription : FADskmon
InternalName : FADskmon
LegalCopyright : Copyright © 1998
OriginalFilename : FADskmon.exe

#:26 [FASMTMON.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\FIRST AID\FASMTMON.EXE
Command Line : "C:\PROGRAM FILES\MCAFEE\FIRST AID\FASMTMON.EXE"
ProcessID : 4294534543
Threads : 1
Priority : Normal
FileVersion : 6.0.0.0
ProductVersion : 6.0.0.0
ProductName : First Aid
CompanyName : Network Associates, Inc.
FileDescription : S.M.A.R.T. Disk Monitor
LegalCopyright : Copyright © 1998 Network Associates, Inc.
OriginalFilename : fasmtmon.exe

#:27 [CMCP16.EXE]
ModuleName : C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CMCP16.EXE
Command Line : n/a
ProcessID : 4294548383
Threads : 1
Priority : Normal


#:28 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294515667
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server

#:29 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294421215
Threads : 2
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:30 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4294425219
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 12-31-29 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob@centrport[1].txt
Category : Data Miner
Comment :
Value : c:\Windows\Profiles\Bob\Cookies\bob@centrport[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

9:20:10 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:33.920
Objects scanned:115987
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#5
Mannen
Posted 14 May 2005 - 01:57 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Greetings!


The Adaware log is clean and tracking cookies are safe to remove and are no security threat

But as you still have problems please read below how to proceed

Cheers
Mannen
  • 0

#6
Mannen
Posted 14 May 2005 - 01:58 AM

Mannen

    Ad-Aware Expert

  • Member
  • PipPipPip
  • 110 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#7
Blane64
Posted 14 May 2005 - 06:10 PM

Blane64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks again, Mannen!

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 6:58:17 PM, on 5/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ABCD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXBTPPLS.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMGR.EXE
C:\PROGRAM FILES\LEXMARK 5200 SERIES\LXBTBMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CRASHMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\FACPRMON.EXE
C:\PROGRAM FILES\MCAFEE\FIRST AID\FAMONHKW.EXE
C:\PROGRAM FILES\MCAFEE\FIRST AID\RESMON.EXE
C:\PROGRAM FILES\MCAFEE\FIRST AID\FADSKMON.EXE
C:\PROGRAM FILES\MCAFEE\FIRST AID\FASMTMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\CRASH PROTECTOR\CMCP16.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://207.68.172.234/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {81CC33FA-D234-BE50-A896-9DD216F1F8A7} - ssweeper.dll (file missing)
F1 - win.ini: run=LXBTppls.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: ActiveX Control - {3841A3C0-C248-11D9-B29E-00051CA0354B} - C:\WINDOWS\SYSTEM\MSSNQ.DLL (file missing)
O2 - BHO: IE SP2 AddOn - {3A40CF20-C248-11D9-B29E-00051CA0354B} - C:\WINDOWS\SYSTEM\SPRWG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AlogServEXE] c:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
O4 - HKLM\..\Run: [AvconsoleEXE] c:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\SYSTEM\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [xxtoolbar] ParisM.exe
O4 - HKLM\..\Run: [PasswdMon] lpt.exe
O4 - HKLM\..\RunServices: [VsecomrEXE] c:\Program Files\McAfee\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\RunServices: [VsStatEXE] c:\Program Files\McAfee\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [dialer423] InpriseMon.exe
O4 - HKCU\..\Run: [keybdll] newbreed.exe
O4 - HKCU\..\Run: [qwe] MNTP.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - User Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.micro...en/nsmp2inf.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.176.156,195.225.176.31


Thanks,

Bob
  • 0

#8
Blane64
Posted 18 May 2005 - 08:13 PM

Blane64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi guy's

Did I post my last log correctly? I haven't heard back from anyone yet and was curious - I'm new to this and if this is how long it takes that is fine. I know you are busy and am not trying to rush anything. Just wanted to make sure I gave you all the info you needed. Thanks again for your help.

Bob
  • 0

#9
Blane64
Posted 26 July 2005 - 04:46 PM

Blane64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, It's been two months since I last posted regarding this thread. I was wondering if there was any update? Thanks,

Bob
  • 0

#10
Blane64
Posted 29 August 2005 - 05:45 PM

Blane64

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ever since my topic was re-directed on May 13th to the Malware Removal Forum, I've yet to hear back from you guys.








[quote name='Blane64' date='May 12 2005, 09:36 PM']
  • 0

#11
Trevuren
Posted 29 August 2005 - 05:56 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Blane64 and welcome, again, to the Geeks to Go Forums. I don't think the word sorry covers it properly. I will handle your case personnally.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.
  • Click on My Controls at the top right hand corner of the window.
  • In the left hand column, click "View Topics"
  • If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#12
Trevuren
Posted 13 September 2005 - 10:34 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Trevuren
Posted 13 September 2005 - 10:34 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP