Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Taken over by trojans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Jotti Virus Scan report

Unread postby overwhelmed » August 2nd, 2005, 11:19 pm

Hello,

Below is my Jotti Virus Scan Report

C:\WINDOWS\System32\wininet.dll

Service load: 0% 100%

File: wininet.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 cf9f1eef71f42ede71b6f4aa05d5ca1a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.E0C5-net
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

C:\Program Files\InterVideo\WinDVD\WININET.DLL

File: WININET.DLL
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 a632f824282a1f84bd1e3798978030c7
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.E0C5-net
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

C:\WINDOWS\$NtServicePackUninstall$\wininet.dll

File: wininet.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 cf9f1eef71f42ede71b6f4aa05d5ca1a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.E0C5-net
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

C:\WINDOWS\SYSTEM32\dllcache\WININET.DLL

File: WININET.DLL
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 4f64d1df989e3aa2fad91a2f1167b9c7
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.E0C5-net
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am
Advertisement
Register to Remove

Re: Jotti Virus Scan report

Unread postby Perculator » August 3rd, 2005, 5:48 pm

Because the tool has been updated again, i want you to throw away the old smitrem and do the following please

Download smitRem.exe and install it it to it's own folder on the desktop.


Next, please reboot your computer in SafeMode by doing the following:[list=1]
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
[*]Instead of Windows loading as normal, a menu should appear
[*]Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log here, together with a new hijack this log.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

logs

Unread postby overwhelmed » August 3rd, 2005, 11:15 pm

SMITFILES LOG

smitRem log file
version 2.3

by noahdfear

The current date is: Wed 08/03/2005
The current time is: 22:04:41.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 10:08:47 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Re: logs

Unread postby Perculator » August 4th, 2005, 12:42 am

Can you exactly tell me what problems are there now
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

problems

Unread postby overwhelmed » August 4th, 2005, 6:03 pm

I still have the problem of getting online.
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Re: problems

Unread postby Perculator » August 7th, 2005, 10:25 am

Ok, we gonna clean some things up to see what problems will be left.



  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry you KaZaa (cause it comes bundled with spyware)
  • Click on Delete this entry
  • Click "Yes"
Repaet that for
EasyWebSearch
Viewpoint Manager ?
newnet
DownloadWare

If present

Now close hijack this


***
Now download and run the tool from the following location, to get rid of the dotcomtoolbar


http://securityresponse.symantec.com/av ... Dtcmtb.exe


***
after that run the following tool to remove anything that’s left from kazaa

http://castlecops.com/zx/Merijn/kazaabegone.zip
unzip and use the tool


Download LSPfix.
Install it , open it.
Note: The screen will open but not at the full size use the middle button in the right top corner of that screen to make this window fullscreen,
Now you see a button finished just press that button and press OK


Start hijack this and put a check at the following lines

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" –Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

Now click fix checked
And close hijack this


Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer in safe mode
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.



We need to make sure all hidden files are showing so please:
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.


Now delete the following files and folders, when no path available search for them wirth the windows searchengine, make sure you included hidden files and sytem files in the advanced search options

The following files

C:\windows\easywww.exe
Redirect2.exe
Redirect7.exe
Redirect9a.exe
toolbar_nieuw14.dll


The following folders

C:\Program Files\NEWDOTNET
C:\Program Files\DownloadWare
C:\Program Files\Kazaa
C:\Program Files\WildTangent
C:\Program Files\hp center\137903\Shadow

Restart your computer in windows’normal mode


Run hijack this and post a fresh hijack this log.

Please also tell me if problems remain, or did disappear.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

UPDATE

Unread postby overwhelmed » August 10th, 2005, 12:16 am

Hello, I am going to number my updates to make them easier to follow:

1. CANNOT FIND SERVER
I have two computers connected to the internet through a network, right after I did everything you just listed, the computer that is infected cannot go online but the clean computer can access the internet. Before the fixes I could access the internet.
2. HIJACK THIS "UNINSTALL MANAGER
did not have " KaZaa", EasyWebSearch, Viewpoint Manager, newnet, DownloadWare listed
3. Symantec Dotcom Toolbar
Did not find the dotcom toolbar, but this toolbar is still listed under "remove/add programs" as dotcomtollbar NL
4. Kazaabegone
Found nothing.
5. LSP
you did not tell me which files to choose, before clicking "finished" so it found nothing.
6. HJT run before SAFEMODE
Did not find
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
7. WINDOWS SEARCH ENGINE
Did not find :
C:\windows\easywww.exe
Redirect2.exe
Redirect7.exe
Redirect9a.exe
toolbar_nieuw14.dll

The following folders

C:\Program Files\NEWDOTNET
C:\Program Files\DownloadWare
C:\Program Files\Kazaa
C:\Program Files\WildTangent
8. HJT LOG AFTER SAFEMODE
Logfile of HijackThis v1.99.1
Scan saved at 11:05:51 PM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Unread postby Nick-YF19 » August 14th, 2005, 5:08 am

Sorry your post has been overlooked. please post back if you are still in need of help. Is the computer still unable to access the Internet?
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California

Still have the same problems

Unread postby overwhelmed » August 15th, 2005, 2:22 am

Hello thanks for replying. I still have the same problems listed in the previous post. Though now I can access the internet.
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Unread postby Nick-YF19 » August 15th, 2005, 4:55 am

Go ahead and post a new HJT log since it's been awhile since the last one. I see that msconfig has been used, please open msconfig and select normal start up in the General tab. I need to see everything that is in start up.

You can get online now with the computer, was there anything you did that fixed things or did it fix itself? If you are still having connectivity problems, what s the problem? Get a page not found, page loads really slow?

Did you get your hompage back to yahoo? Are you getting pop ups, page redirects or the home page changing still?
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California

Update

Unread postby overwhelmed » August 15th, 2005, 10:48 pm

Hello thanks for helping me. A few of the updates..

1. I am not sure if Smitfraud really disappeared on my computer.
2. The homepage has been restored to http://www.cnn.com it no longer redirects my homepage to http://www.kidshealth.org.
3. The computer came back online by itself I did not do anything.
4. I have tried to remove the "dotcomtoolbarNL" using the registry and add/remove and it still stays there.
5. At this time I have some popups because I do not have SP2 installed.

Below is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:15 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Unread postby Nick-YF19 » August 16th, 2005, 2:16 am

Hi, I'm not seeing anything bad in the log, so nothing to do right now.

You should already have Ewido, but if not install it again and do a scan and post the log:

Please download Ewido Security Suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.



I see that you had AD Aware 6 in one of the prvious posts. That version is outdated, the current is Ad Aware SE. Uninstall Ad Aware 6 and install Ad Aware SE.

http://www.lavasoft.de/support/download/

Once installed, check for updates and then do a full system scan. Don't do the quick scan. Please uncheck "search for negligiable risks" before scanning. Save the log and post that as well. Use more than one post if it is too long for one.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California

Logs - Ewido

Unread postby overwhelmed » August 17th, 2005, 10:53 pm

Hello, Below are the logs:
1. EWIDO
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:29:03 PM, 8/17/2005
+ Report-Checksum: 9E161DED

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\PSguard.com -> Spyware.PSGuard : Cleaned with backup
HKLM\SOFTWARE\PSguard.com\PSGuard -> Spyware.PSGuard : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4wo68hw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Adaware Log

Unread postby overwhelmed » August 17th, 2005, 10:54 pm

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 17, 2005 9:31:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R62 17.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):16 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-17-2005 9:31:47 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 612
ThreadCreationTime : 8-18-2005 1:46:27 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 8-18-2005 1:46:28 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 716
ThreadCreationTime : 8-18-2005 1:46:29 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 8-18-2005 1:46:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 8-18-2005 1:46:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 8-18-2005 1:46:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1036
ThreadCreationTime : 8-18-2005 1:46:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 8-18-2005 1:46:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1272
ThreadCreationTime : 8-18-2005 1:46:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 8-18-2005 1:46:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1532
ThreadCreationTime : 8-18-2005 1:46:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1584
ThreadCreationTime : 8-18-2005 1:46:39 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1624
ThreadCreationTime : 8-18-2005 1:46:39 AM
BasePriority : Normal
FileVersion : 5.13.01.1570
ProductVersion : 5.13.01.1570
ProductName : NVIDIA Driver Helper Service, Version 15.70
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 15.70
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:14 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1708
ThreadCreationTime : 8-18-2005 1:46:39 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:15 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1904
ThreadCreationTime : 8-18-2005 1:46:42 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 940
ThreadCreationTime : 8-18-2005 1:47:04 AM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 1368
ThreadCreationTime : 8-18-2005 1:47:05 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:18 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1676
ThreadCreationTime : 8-18-2005 1:47:06 AM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:19 [cmgrdian.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Guardian\
ProcessID : 1760
ThreadCreationTime : 8-18-2005 1:47:06 AM
BasePriority : Normal
FileVersion : 3.00.1038.0
ProductVersion : 3.00.1038.0
ProductName : McAfee Windows Guardian
CompanyName : Network Associates, Inc.
FileDescription : McAfee Guardian Agent
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-2001 Network Associates, Inc. All rights reserved
OriginalFilename : CMGrdian.exe

#:20 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1776
ThreadCreationTime : 8-18-2005 1:47:06 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:21 [s3tray2.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1828
ThreadCreationTime : 8-18-2005 1:47:07 AM
BasePriority : Normal
FileVersion : 1.00.11-1004
ProductVersion : 1.00.11-1004
ProductName : S3 Graphics Utilities
CompanyName : S3 Graphics, Inc.
FileDescription : s3contrl
InternalName : s3contrl
LegalCopyright : Copyright © 2001 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
OriginalFilename : s3contrl.exe

#:22 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 1700
ThreadCreationTime : 8-18-2005 1:47:07 AM
BasePriority : High


#:23 [rulaunch.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\
ProcessID : 1932
ThreadCreationTime : 8-18-2005 1:47:07 AM
BasePriority : Normal
FileVersion : 1.04.1113.0
ProductVersion : 1.04.1113.0
ProductName : McAfee Instant Updater
CompanyName : Networks Associates Technologies, Inc.
FileDescription : RuLaunch
InternalName : RuLaunch
LegalCopyright : Copyright © 1998-2001 Networks Associates Technologies, Inc. All rights reserved
OriginalFilename : RuLaunch.exe

#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 8-18-2005 1:47:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [mmdiag.exe]
FilePath : C:\PROGRA~1\MUSICM~1\MUSICM~1\
ProcessID : 180
ThreadCreationTime : 8-18-2005 1:47:07 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:26 [aoltray.exe]
FilePath : C:\Program Files\America Online 8.0\
ProcessID : 380
ThreadCreationTime : 8-18-2005 1:47:08 AM
BasePriority : Normal
FileVersion : 8.00.000
ProductVersion : 8.00.000
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2002

#:27 [ymsgr_tray.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 300
ThreadCreationTime : 8-18-2005 1:47:08 AM
BasePriority : Normal


#:28 [mim.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 516
ThreadCreationTime : 8-18-2005 1:47:08 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:29 [realonemessagecenter.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2216
ThreadCreationTime : 8-18-2005 1:47:14 AM
BasePriority : Idle
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Event Launcher
InternalName : wrapperapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realevent.exe

#:30 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2316
ThreadCreationTime : 8-18-2005 1:47:23 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:31 [mmjb.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 3408
ThreadCreationTime : 8-18-2005 1:50:52 AM
BasePriority : Normal
FileVersion : 10.00.2058
ProductVersion : 10.00.2058
ProductName : MUSICMATCH Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : MUSICMATCH Jukebox
InternalName : mmjb
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mmjb.EXE

#:32 [mm_director.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 3496
ThreadCreationTime : 8-18-2005 1:50:53 AM
BasePriority : Normal


#:33 [mm_tdm~1.exe]
FilePath : C:\PROGRA~1\MUSICM~1\MUSICM~1\
ProcessID : 3532
ThreadCreationTime : 8-18-2005 1:50:54 AM
BasePriority : Normal
FileVersion : 1.04.0074
ProductVersion : 1.04.0074
ProductName : Track Download Manager
CompanyName : MUSICMATCH, Inc.
FileDescription : Track Download Manager
InternalName : TDMUI.dll
LegalCopyright : Copyright (c) MUSICMATCH 1998-2003
OriginalFilename : TDMUI.dll

#:34 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 544
ThreadCreationTime : 8-18-2005 1:55:34 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:35 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 8-18-2005 2:29:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:36 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2588
ThreadCreationTime : 8-18-2005 2:31:36 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:37 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 632
ThreadCreationTime : 8-18-2005 2:31:36 AM
BasePriority : Normal
FileVersion : 5.2.3644.0
ProductVersion : 5.2.3644.0
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.4
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@edge.ru4.com/
Expires : 8-6-2035 4:16:56 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@247realmedia.com/
Expires : 7-28-2006 11:38:12 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@bs.serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@server.iad.liveperson.net/
Expires : 8-12-2006 1:51:48 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@questionmarket.com/
Expires : 10-8-2006 1:30:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@bluestreak.com/
Expires : 8-15-2015 4:48:40 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:owner@2o7.net/
Expires : 8-15-2010 10:49:24 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@z1.adserver.com/
Expires : 7-28-2006 11:35:40 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:owner@real.com/
Expires : 7-26-2035 10:15:18 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@trafficmp.com/
Expires : 7-28-2006 11:42:04 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@ads.pointroll.com/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:owner@casalemedia.com/
Expires : 8-4-2006 9:14:16 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:owner@centrport.net/
Expires : 12-31-2029 7:00:00 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:owner@citi.bridgetrack.com/
Expires : 8-11-2006 11:00:00 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@perf.overture.com/
Expires : 8-11-2009 1:51:44 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:owner@serving-sys.com/
Expires : 1-1-2038
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 16



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 16




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

9:41:17 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:30.187
Objects scanned:143351
Objects identified:16
Objects ignored:0
New critical objects:16
overwhelmed
Regular Member
 
Posts: 28
Joined: June 19th, 2005, 12:07 am

Unread postby Nick-YF19 » August 18th, 2005, 2:22 am

Well, nothing much in those scans except some cookies. What if anything is the computer doing that is undesirable? Go ahead and post a new HJT log, though i expect it to be clean.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware