• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ecoexplorer

It KEEPS coming BACK ...!!!!!

24 posts in this topic

Hi...please help i have a worm that keeps coming back no matter what....I use CWShredder and I downloaded hijackthis...(here is the log).....please help...when I go to windows XP update it says that I dont need any patches......thanks....MK

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:26:54 AM, on 5/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Desktop Calendar\Desktop Calendar.exe

C:\Documents and Settings\Kerk\Application Data\uhae.exe

C:\WINDOWS\System32\wtscc.exe

C:\Program Files\YahooPOPs\YahooPOPs.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

C:\unzipped\cwshredder\CWShredder.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\idhb.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.quicken.com/myfinances/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll

O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\PROGRA~1\OBJECT~1\WEBBLI~1\webblinds.dll

O2 - BHO: (no name) - {90B7AF1D-F598-4A48-8BDD-6EB4266891F3} - C:\WINDOWS\System32\idhb.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,NewDotNetStartup

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe

O4 - HKCU\..\Run: [uhtr] C:\Documents and Settings\Kerk\Application Data\uhae.exe

O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtscc.exe

O4 - Startup: YahooPOPs.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8112.6336342593

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Click here to download and install Registrar Lite. Install, run, copy and paste this line to reglite's address bar:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

and hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.

Share this post


Link to post
Share on other sites

Daemon:

 

Thanks a bunch....here it goes......

 

C:\WINDOWS\System32\msbh.dll

 

another thing is that when the pc startsthere is a window that says "P sear1" on the blue part of the window and nothing else.....can you help...MK

Share this post


Link to post
Share on other sites

Use the Registrar Lite program. Navigate to (you can type the line directly into reglite address bar and hit 'go'):

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 

Rename the Windows key in the left pane to something else - for example:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NotWindows

 

(You should now be able to clear the hidden contents of the AppInit_DLLs value in the right pane without being undone by the hidden process.)

 

DoubleClick "Appinit_Dlls" value on right pane and erase the data on the lower box (in value field):

 

"C:\WINDOWS\System32\msbh.dll", hit 'apply' and 'ok' to set.

 

Rename NotWindows back to Windows in the left pane, close Registrar Lite and reboot the computer. If all goes well the hidden process will not run at startup and you should now be able to find and *see* the msbh.dll in C:\WINDOWS\System32.

 

Using Explorer go to your root drive: C:\ and create new folder, name it: 'Junk'. Unzip and run Winfile from here. Open it up, click File>Move...

 

Copy and paste this into the 'From' box: C:\WINDOWS\System32\msbh.dll

Copy and paste this into the 'To' box: C:\Junk\msbh.dll

 

Hit OK. Close Winfile and check in C:\Junk for that file - let me know what's there. If it's there, re-run CWShredder, hit 'fix' as opposed to 'scan only'. Reboot when done. Run HJT and post a new log for the final steps.

Share this post


Link to post
Share on other sites

Hi again ...Im so sorry but Im not a computer wiz....is there any way that you canrepeat the above instructions guiding me step by step with little kid vocabulary....again sorry ...but i do really need to fix this nightmare........MK

Share this post


Link to post
Share on other sites

more exactly ...I cant modify the windows name on the "left bar".....

 

but please tell me step by step like if you were talking to an idiot....thanks.......again...MK

Share this post


Link to post
Share on other sites

I thought it was little kid vocabulary :p Just kidding - there is an alternative method that you may be more comfortable with.

 

Download 'Dllfix.exe' from http://tools.zerosrealm.com/dllfix.exe

 

It is a self-extracting archive; double click on it. Open the DLLFIX folder and double click on Start.bat.

 

At the main menu, press '2' (Run Fix) and enter.

 

At the second menu, press '1' (Enter DLL Name Manually) and enter. At the prompt, enter: msbh.dll

 

Your system will reboot in 15 seconds and begin the fix.

 

When finished, there will be a log (log.txt) in the dllfix folder. Post it in your next reply.

Share this post


Link to post
Share on other sites

so far so good.....you just dont know how much I appreciate this....you guys are like the AAA of the internet......MK.......waiting for your reply...Question .....How do I prevent from happening again???????

 

 

 

 

CWSDLL Appinit Fix By Shadowwar

Please Do not mirror Without Permission!

I can be contacted at spywaresubmit at aol.com

Mon 05/24/2004

11:34 PM

 

Backing up Registry Hive

 

The operation completed successfully

 

Deleting Windows Key

 

The operation completed successfully

 

Adding Test Windows Key

 

The operation completed successfully

 

Restoring temp Values Key

 

The operation completed successfully

 

Deleting Bad Appinit Value

 

The operation completed successfully

 

 

Backup of Modified Hiv

 

The operation completed successfully

 

Deleting test Windows key

 

The operation completed successfully

 

Adding Back Windows Key

 

The operation completed successfully

 

Restoring Registry Hive

 

The operation completed successfully

 

 

Restoring Cleaned Appinit Value

 

The operation completed successfully

 

Deleting Filter text/plain

Deleting Filter text/html

Running from C:\Documents and Settings\Kerk\Desktop\dllfix

 

Processing File Manually

C:\WINDOWS\system32\msbh.dll

Md5 Check of C:\WINDOWS\system32\msbh.dll

 

Md5 tested As C185B36F9969D3A6D2122BA7CBC02249

Md5 matched known baddies.

Processing and Deleting File.

Processing ACL of: <\\?\C:\WINDOWS\system32\msbh.dll>

 

SetACL finished successfully.

 

File was successfully Deleted.

Please Run Hijackthis or Cwshredder to finish cleanup.

Share this post


Link to post
Share on other sites

OK this is hijack log ...cause shredder says everything is fine.....but hijack says....

Hijacked internet access by new.netso its looks like its not done quite yet huh?????

God Bless you guys........MK

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 11:49:22 PM, on 5/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\AIM\AIMWDI~1.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Desktop Calendar\Desktop Calendar.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\YahooPOPs\YahooPOPs.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Symantec\WinFax\WFXMOD32.EXE

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/myfinances

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/myfinances

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.quicken.com/myfinances/

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\PROGRA~1\OBJECT~1\WEBBLI~1\webblinds.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,NewDotNetStartup

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: YahooPOPs.lnk = ?

O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8112.6336342593

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} (EPlugin Control) - http://66.230.146.53/EPlugin_US.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Click Start>Settings>Control Panel>Add or Remove Programs and uninstall New.Net.

 

Click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:

 

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

 

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

 

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

 

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

 

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

 

Reboot when done, rescan with HJT and post a new log here so that any remnants can be removed manually.

Share this post


Link to post
Share on other sites

OK...this is the log from Adaware.......but the messege from Norton antivirus ...keeps poping up about different bugs and trojans......shredder says everything is ok..........please let me know if there is something I can do to prevent from happening again....its driving me nuts...everytime I think is gone..it comes back.....like a RASH!!!!!!!................thanks......MK

 

 

 

Lavasoft Ad-aware Professional Build 158

Logfile created on :Tuesday, May 25, 2004 10:08:14 AM

Using reference-file :0R150 05.07.2003

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

 

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 5-25-2004 4:53:26 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:27 PM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:28 PM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:59:11 PM

Last accessed : 5/25/2004 4:53:28 PM

Last modified : 9/3/2002 4:59:11 PM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:28 PM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:39:51 PM

Last accessed : 5/25/2004 4:53:34 PM

Last modified : 9/3/2002 4:39:51 PM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:29 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/25/2004 4:53:38 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:53:29 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/25/2004 4:53:38 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:32 PM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 5:04:18 PM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 9/3/2002 5:04:18 PM

 

#:8 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 5-25-2004 4:53:33 PM

BasePriority : Normal

FileSize : 229 KB

FileVersion : 2.1.0.610

ProductVersion : 2.1.0.610

Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

OriginalFilename : ccSetMgr.exe

ProductName : Common Client

Created on : 2/21/2004 10:33:09 AM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 11/10/2003 9:30:12 PM

 

#:9 [cisvc.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 4:53:33 PM

BasePriority : Normal

FileSize : 5 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

OriginalFilename : cisvc.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:28:50 PM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 9/3/2002 4:28:50 PM

 

#:10 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 5-25-2004 4:53:34 PM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 2/27/2002 6:29:26 PM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 2/27/2002 6:29:26 PM

 

#:11 [scsiaccess.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:53:34 PM

BasePriority : Normal

FileSize : 177 KB

Created on : 2/4/2003 4:22:30 PM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 2/4/2003 4:22:30 PM

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:53:34 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/25/2004 4:53:38 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:13 [vsmon.exe]

FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\

ThreadCreationTime : 5-25-2004 4:53:34 PM

BasePriority : Normal

FileSize : 805 KB

FileVersion : 4.5.530.000

ProductVersion : 4.5.530.000

Copyright : Copyright 1998-2003, Zone Labs Inc.

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

OriginalFilename : vsmon.exe

ProductName : TrueVector Service

Created on : 3/17/2004 8:08:52 PM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 11/16/2003 1:19:40 AM

 

#:14 [wfxsvc.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:53:35 PM

BasePriority : Normal

FileSize : 126 KB

FileVersion : 10.00.2000.0214

ProductVersion : 10.00

Copyright : Copyright Symantec Corporation. 1990-2000

CompanyName : Symantec Corporation

FileDescription : Symantec WinFax PRO NT Service

InternalName : WFXSVC

ProductName : Symantec WinFax PRO

Created on : 10/3/2003 8:53:01 AM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 2/15/2000 12:36:22 AM

 

#:15 [sdmcp.exe]

FilePath : C:\PROGRA~1\COMMON~1\Stardock\

ThreadCreationTime : 5-25-2004 4:54:40 PM

BasePriority : Normal

FileSize : 248 KB

FileVersion : 0, 0, 5, 8

ProductVersion : 0, 0, 5, 8

Copyright : Copyright 2002

CompanyName : Stardock

FileDescription : MCPServer

InternalName : MCP

OriginalFilename : SDMCP.exe

ProductName : Stardock MCP Core Services (System Extensions and Hooks)

Created on : 11/14/2003 1:53:52 AM

Last accessed : 5/25/2004 4:53:26 PM

Last modified : 11/14/2003 1:53:52 AM

 

#:16 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 5-25-2004 4:54:45 PM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:32:50 PM

Last accessed : 5/25/2004 5:01:49 PM

Last modified : 9/3/2002 4:32:50 PM

 

#:17 [zlclient.exe]

FilePath : C:\Program Files\Zone Labs\ZoneAlarm\

ThreadCreationTime : 5-25-2004 4:54:47 PM

BasePriority : Normal

FileSize : 673 KB

FileVersion : 4.5.530.000

ProductVersion : 4.5.530.000

Copyright : Copyright 1998-2003, Zone Labs Inc.

CompanyName : Zone Labs Inc.

FileDescription : Zone Labs Client

InternalName : zlclient

OriginalFilename : zlclient.exe

ProductName : Zone Labs Client

Created on : 3/17/2004 8:08:55 PM

Last accessed : 5/25/2004 5:02:20 PM

Last modified : 11/16/2003 1:20:28 AM

 

#:18 [navapw32.exe]

FilePath : C:\PROGRA~1\NORTON~1\

ThreadCreationTime : 5-25-2004 4:54:47 PM

BasePriority : Normal

FileSize : 73 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Agent

InternalName : NAVAPW32

OriginalFilename : NAVAPW32.EXE

ProductName : Norton AntiVirus

Created on : 2/27/2002 6:27:58 PM

Last accessed : 5/25/2004 4:54:49 PM

Last modified : 2/27/2002 6:27:58 PM

 

#:19 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:54:47 PM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 3.0.0.3762

ProductVersion : 7.0.0.3762

Copyright : Copyright 1999-2002, Intel Corporation

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

OriginalFilename : HKCMD.EXE

ProductName : Intel® Common User Interface

Created on : 4/7/2004 6:32:36 PM

Last accessed : 5/25/2004 4:54:47 PM

Last modified : 2/10/2004 5:51:30 PM

 

#:20 [wfxsnt40.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:54:47 PM

BasePriority : Normal

FileSize : 42 KB

FileVersion : 7.00 (Build 019)

ProductVersion : 7.00 (Build 019)

Copyright : Copyright © Symantec Corp. 1990-1997

CompanyName : Microsoft Corporation

FileDescription : Delrina Fax Port Launcher

InternalName : WFXSNT40.DLL

OriginalFilename : WFXSNT40.DLL

ProductName : Microsoft ® Windows NT WinFax Printer Driver

Created on : 10/3/2003 8:53:01 AM

Last accessed : 5/25/2004 4:54:47 PM

Last modified : 2/15/2000 12:36:22 AM

 

#:21 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\

ThreadCreationTime : 5-25-2004 4:54:47 PM

BasePriority : Normal

FileSize : 32 KB

Created on : 2/23/2068 6:44:46 AM

Last accessed : 5/25/2004 4:54:47 PM

Last modified : 2/23/2004 6:44:44 AM

 

#:22 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 5-25-2004 4:54:48 PM

BasePriority : Normal

FileSize : 148 KB

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

Copyright : Copyright RealNetworks, Inc. 1995-2002

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealOne Player (32-bit)

Created on : 11/9/2003 8:11:44 AM

Last accessed : 5/25/2004 4:54:48 PM

Last modified : 11/9/2003 8:11:44 AM

 

#:23 [mmtask.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 5-25-2004 4:54:49 PM

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

Copyright : TODO: © <Company name>. All rights reserved.

CompanyName : TODO: <Company name>

FileDescription : TODO: <File description>

InternalName : mmtask.exe

OriginalFilename : mmtask.exe

ProductName : TODO: <Product name>

Created on : 5/1/2004 6:54:16 AM

Last accessed : 5/25/2004 4:54:49 PM

Last modified : 1/26/2004 5:46:48 PM

 

#:24 [em_exec.exe]

FilePath : C:\Program Files\Logitech\MouseWare\system\

ThreadCreationTime : 5-25-2004 4:54:49 PM

BasePriority : Normal

FileSize : 37 KB

FileVersion : 9.75.302

ProductVersion : 9.75.302

Copyright : © 1987-2002 Logitech. All rights reserved.

CompanyName : Logitech Inc.

FileDescription : Logitech Events Handler Application

InternalName : Em_Exec

OriginalFilename : Em_Exec.exe

ProductName : MouseWare

Created on : 3/18/2004 10:24:36 PM

Last accessed : 5/25/2004 4:56:44 PM

Last modified : 11/21/2002 5:50:00 PM

 

#:25 [ppmemcheck.exe]

FilePath : C:\PROGRA~1\PESTPA~1\

ThreadCreationTime : 5-25-2004 4:54:49 PM

BasePriority : Normal

FileSize : 145 KB

Created on : 3/17/2004 9:47:24 AM

Last accessed : 5/25/2004 4:54:52 PM

Last modified : 10/16/2002 5:16:54 AM

 

#:26 [aimwdi~1.exe]

FilePath : C:\PROGRA~1\AIM\

ThreadCreationTime : 5-25-2004 4:54:51 PM

BasePriority : Normal

FileSize : 100 KB

FileVersion : 1.0.0.28

ProductVersion : 1.0.0.28

Copyright : Copyright © 2003

CompanyName : Wild Tangent

FileDescription : AIM WD installer

 

#:27 [rundll32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-25-2004 4:54:53 PM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:56:58 PM

Last accessed : 5/25/2004 5:02:04 PM

Last modified : 9/3/2002 4:56:58 PM

 

#:28 [cursorxp.exe]

FilePath : C:\Program Files\CursorXP\

ThreadCreationTime : 5-25-2004 4:54:53 PM

BasePriority : High

FileSize : 122 KB

FileVersion : 1, 3, 0, 0

ProductVersion : 1, 3, 0, 0

Copyright : Copyright 2001-2003 RiccioSoft, Copyright 2001-2003 Stardock.net, Inc.

CompanyName :

FileDescription : CursorXP

InternalName : CursorXP

OriginalFilename : CursorXP.exe

ProductName : Stardock CursorXP

Created on : 10/21/2003 5:26:33 AM

Last accessed : 5/25/2004 5:01:49 PM

Last modified : 3/2/2003 12:40:20 AM

 

#:29 [desktop calendar.exe]

FilePath : C:\Program Files\Desktop Calendar\

ThreadCreationTime : 5-25-2004 4:54:54 PM

BasePriority : Normal

FileSize : 432 KB

FileVersion : 0.04 0

ProductVersion : 0.04 D"

CompanyName : Home 8

InternalName : Desktop Calendar T*OriginalFile

OriginalFilename : Desktop Calendar.exe ?????? ????4

ProductName : DC Loading ,

FileVe

Created on : 4/11/2003 11:20:04 PM

Last accessed : 5/25/2004 5:01:49 PM

Last modified : 4/11/2003 11:20:04 PM

 

#:30 [spysweeper.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ThreadCreationTime : 5-25-2004 4:54:58 PM

BasePriority : Normal

FileSize : 649 KB

FileVersion : 2.6.1.45

ProductVersion : 1.0.0.0

Copyright : Copyright © 2001-2003 Webroot Software, Inc.

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper

ProductName : Spy Sweeper

Created on : 5/23/2004 8:01:20 PM

Last accessed : 5/25/2004 4:54:58 PM

Last modified : 2/25/2004 6:48:26 PM

 

#:31 [sgmain.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 5-25-2004 4:55:00 PM

BasePriority : Normal

FileSize : 352 KB

FileVersion : 2.02.0001 8Produc

ProductVersion : 2.02.0001 0Intern

Copyright : Copyright © 2002-2003 Javacool Software LLC <ProductName SpywareGuard 4FileVersion

FileDescription : SpywareGuard ?\LegalCop

InternalName : sgmain @Or

OriginalFilename : sgmain.exe ??? ???

ProductName : SpywareGuard 4FileVers

Created on : 8/30/2003 2:05:35 AM

Last accessed : 5/25/2004 4:55:00 PM

Last modified : 8/30/2003 2:05:35 AM

 

#:32 [yahoopops.exe]

FilePath : C:\Program Files\YahooPOPs\

ThreadCreationTime : 5-25-2004 4:55:00 PM

BasePriority : Normal

FileSize : 440 KB

FileVersion : 0, 5, 0, 0

ProductVersion : 0, 5, 0, 0

Copyright : Copyright © 2002 - 2003, The YahooPOPs! Team

CompanyName : http://yahoopops.sourceforge.net

FileDescription : Free POP3/SMTP access to Yahoo! Mail

InternalName : YahooPOPs!

OriginalFilename : YahooPOPs.exe

ProductName : YahooPOPs!

Created on : 8/3/2003 11:47:58 PM

Last accessed : 5/25/2004 5:02:20 PM

Last modified : 8/3/2003 11:47:58 PM

 

#:33 [sgbhp.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 5-25-2004 4:55:04 PM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 2.02.0001 8Produc

ProductVersion : 2.02.0001 ,Intern

Copyright : Copyright © 2002-2003 Javacool Software LLC. `@ProductName SG Browser Hijacking Protecti

FileDescription : SG Browser Hijacking Protection ?^LegalCopyright Copyright ©

InternalName : sgbhp <Or

OriginalFilename : sgbhp.exe ?????

ProductName : SG Browser Hijacking Protection 4FileVersion 2.02.0001 8Pr

Created on : 8/29/2003 6:14:56 PM

Last accessed : 5/25/2004 4:55:04 PM

Last modified : 8/29/2003 6:14:56 PM

 

#:34 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 5-25-2004 4:56:12 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft Windows Operating System

Created on : 8/29/2002 11:00:00 AM

Last accessed : 5/25/2004 5:02:20 PM

Last modified : 8/29/2002 11:00:00 AM

 

#:35 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 5-25-2004 4:56:56 PM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft Windows Operating System

Created on : 8/29/2002 11:00:00 AM

Last accessed : 5/25/2004 5:02:20 PM

Last modified : 8/29/2002 11:00:00 AM

 

#:36 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 5:01:11 PM

BasePriority : Idle

FileSize : 8 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

OriginalFilename : cidaemon.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:28:48 PM

Last accessed : 5/25/2004 5:01:11 PM

Last modified : 9/3/2002 4:28:48 PM

 

#:37 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-25-2004 5:01:12 PM

BasePriority : Idle

FileSize : 8 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

Copyright : Microsoft Corporation. All rights reserved.

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

OriginalFilename : cidaemon.exe

ProductName : Microsoft Windows Operating System

Created on : 9/3/2002 4:28:48 PM

Last accessed : 5/25/2004 5:01:11 PM

Last modified : 9/3/2002 4:28:48 PM

 

#:38 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

ThreadCreationTime : 5-25-2004 5:04:33 PM

BasePriority : Normal

FileSize : 760 KB

FileVersion : 6.0.1.158

ProductVersion : 6.0.0.0

Copyright : Copyright Lavasoft Sweden

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Professional

Created on : 3/4/2004 10:51:28 PM

Last accessed : 5/25/2004 5:04:33 PM

Last modified : 1/27/2003 6:42:22 PM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

New.Net Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net

 

 

My-Way Speedbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\MyWay

 

 

New.Net Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\New.net

 

 

New.Net Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : New.net Startup

 

 

New.Net Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : New.net Startup

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 5

Objects found so far: 5

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 5

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@advertising[1].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 1:35:25 AM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 1:35:25 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@atdmt[2].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 2:38:44 AM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 2:38:44 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@doubleclick[1].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 2:38:08 AM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 2:38:08 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@servedby.advertising[1].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 1:35:25 AM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 1:35:25 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@trafficmp[2].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 2:07:26 AM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 2:07:27 AM

 

 

 

Tracking Cookie Object recognized!

Type : File

Data : chakas@webpdp.gator[1].txt

Object : C:\Documents and Settings\cHakAs\Cookies\

 

Created on : 5/23/2004 7:28:45 PM

Last accessed : 5/25/2004 5:21:13 PM

Last modified : 5/23/2004 7:28:45 PM

 

 

 

Gator Object recognized!

Type : Folder

Object : C:\Documents and Settings\cHakAs\Local Settings\Temp\fsg_tmp

 

 

 

My-Way Speedbar Object recognized!

Type : Folder

Object : C:\Program Files\MyWay

 

 

 

New.Net Object recognized!

Type : Folder

Object : C:\Program Files\NewDotNet

 

 

 

Gator Object recognized!

Type : File

Data : a0058360.exe

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 1816 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : Gator Client Application

InternalName : GMT.exe

OriginalFilename : GMT.exe

ProductName : GAIN

Created on : 4/10/2003 10:59:08 PM

Last accessed : 5/25/2004 6:13:25 PM

Last modified : 4/10/2003 10:59:08 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058361.exe

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 232 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : Gator Client Application

InternalName : Gator.exe

OriginalFilename : Gator.exe

ProductName : GAIN

Created on : 4/10/2003 10:54:31 PM

Last accessed : 5/25/2004 6:13:26 PM

Last modified : 4/10/2003 10:54:31 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058362.exe

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 288 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : GAIN Uninstaller applet

InternalName : GUninstaller.exe

OriginalFilename : GUninstaller.exe

ProductName : GAIN

Created on : 4/10/2003 11:04:21 PM

Last accessed : 5/25/2004 6:13:26 PM

Last modified : 4/10/2003 11:04:21 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058363.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 716 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : egIEClient Dynamic Link Library

InternalName : egIEClient.dll

OriginalFilename : egIEClient.dll

ProductName : GAIN

Created on : 4/10/2003 10:55:21 PM

Last accessed : 5/25/2004 6:13:27 PM

Last modified : 4/10/2003 10:55:21 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058364.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 116 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : EGIEProcess Dynamic Link Library

InternalName : EGIEProcess dll

OriginalFilename : EGIEProcess dll

ProductName : GAIN

Created on : 4/10/2003 10:55:35 PM

Last accessed : 5/25/2004 6:13:27 PM

Last modified : 4/10/2003 10:55:35 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058365.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 448 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : EGNSEngine Dynamic Link Library

InternalName : EGNSEngine dll

OriginalFilename : EGNSEngine dll

ProductName : GAIN

Created on : 4/10/2003 10:55:06 PM

Last accessed : 5/25/2004 6:13:28 PM

Last modified : 4/10/2003 10:55:06 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058366.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 412 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : EGGCEngine Dynamic Link Library

InternalName : EGGCEngine dll

OriginalFilename : EGGCEngine dll

ProductName : GAIN

Created on : 4/10/2003 10:54:51 PM

Last accessed : 5/25/2004 6:13:28 PM

Last modified : 4/10/2003 10:54:51 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058367.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 348 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2003 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : GatorRes Dynamic Link Library

InternalName : GatorRes DLL

OriginalFilename : GatorRes DLL

ProductName : GAIN

Created on : 4/10/2003 10:54:10 PM

Last accessed : 5/25/2004 6:13:28 PM

Last modified : 4/10/2003 10:54:10 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058369.exe

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 84 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : CMESys.exe

OriginalFilename : CMESys.exe

ProductName : Gator

Created on : 4/10/2003 11:03:18 PM

Last accessed : 5/25/2004 6:13:30 PM

Last modified : 4/10/2003 11:03:18 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058370.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 88 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : CMEIIAPI.DLL

OriginalFilename : CMEIIAPI.DLL

ProductName : Gator

Created on : 4/10/2003 11:01:53 PM

Last accessed : 5/25/2004 6:13:30 PM

Last modified : 4/10/2003 11:01:53 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058371.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 284 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GAppMgr.dll

OriginalFilename : GAppMgr.dll

ProductName : Gator

Created on : 4/10/2003 11:02:51 PM

Last accessed : 5/25/2004 6:13:30 PM

Last modified : 4/10/2003 11:02:51 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058372.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 132 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GController.dll

OriginalFilename : GController.dll

ProductName : Gator

Created on : 4/10/2003 11:03:02 PM

Last accessed : 5/25/2004 6:13:30 PM

Last modified : 4/10/2003 11:03:02 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058373.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 244 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GDlwdEng.dll

OriginalFilename : GDlwdEng.dll

ProductName : Gator

Created on : 4/10/2003 11:03:14 PM

Last accessed : 5/25/2004 6:13:31 PM

Last modified : 4/10/2003 11:03:14 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058374.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 108 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GIocl.dll

OriginalFilename : GIocl.dll

ProductName : Gator

Created on : 4/10/2003 11:02:05 PM

Last accessed : 5/25/2004 6:13:31 PM

Last modified : 4/10/2003 11:02:05 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058375.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 88 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GIoclClient.dll

OriginalFilename : GIoclClient.dll

ProductName : Gator

Created on : 4/10/2003 11:01:43 PM

Last accessed : 5/25/2004 6:13:31 PM

Last modified : 4/10/2003 11:01:43 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058376.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 168 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GMTProxy.dll

OriginalFilename : GMTProxy.dll

ProductName : Gator

Created on : 4/10/2003 11:03:22 PM

Last accessed : 5/25/2004 6:13:32 PM

Last modified : 4/10/2003 11:03:22 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058377.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 212 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GObjs.dll

OriginalFilename : GObjs.dll

ProductName : Gator

Created on : 4/10/2003 11:02:26 PM

Last accessed : 5/25/2004 6:13:32 PM

Last modified : 4/10/2003 11:02:26 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058378.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 108 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GStore.dll

OriginalFilename : GStore.dll

ProductName : Gator

Created on : 4/10/2003 11:02:36 PM

Last accessed : 5/25/2004 6:13:32 PM

Last modified : 4/10/2003 11:02:36 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058379.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 100 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GStoreServer.dll

OriginalFilename : GStoreServer.dll

ProductName : Gator

Created on : 4/10/2003 11:03:31 PM

Last accessed : 5/25/2004 6:13:33 PM

Last modified : 4/10/2003 11:03:31 PM

 

 

 

Gator Object recognized!

Type : File

Data : a0058380.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\

FileSize : 416 KB

FileVersion : 4.1.2.6

ProductVersion : 4.1.2.6

Copyright : Copyright 1999-2002 The Gator Corporation

CompanyName : The Gator Corporation

FileDescription : CME II Client Application

InternalName : GTools.dll

OriginalFilename : GTools.dll

ProductName : Gator

Created on : 4/10/2003 11:01:31 PM

Last accessed : 5/25/2004 6:13:33 PM

Last modified : 4/10/2003 11:01:31 PM

 

 

 

My-Way Speedbar Object recognized!

Type : File

Data : a0060183.dll

Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\

FileSize : 32 KB

FileVersion : 1, 0, 1, 1

ProductVersion : 1, 0, 1, 1

Copyright : Copyright 2000, 2001, 2002

CompanyName : My Way

FileDescription : My Way Plugin for 32-bit Windows

InternalName : MyWayPlugin

OriginalFilename : NPMyWay.DLL

ProductName : My Way Plugin

Created on : 5/23/2004 2:51:27 AM

Last accessed : 5/25/2004 6:13:52 PM

Last modified : 5/23/2004 2:51:27 AM

 

 

 

Disk scan result for C:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 35

 

11:37:13 AM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :01:28:58:16

Objects scanned :123330

Objects identified :35

Objects ignored :0

New objects :35

Share this post


Link to post
Share on other sites

ohh...another question ...why does lavasoft has new.net some are green and some are yellow....on the results?????? Thanks.........MK

Share this post


Link to post
Share on other sites

yeah I selected all and them got rid of everything but I posted here before deleting......is that ok...or I did something wrong?????

 

 

Please let me know what can be done to prevent this from happening again........

 

 

Thanks in advance......MK....or if you know please explain the color codin thing from AAW

Share this post


Link to post
Share on other sites

I have just noticed that your AAW is almost 12 months out of date!!!!

 

You need to download the latest version - click the link I provided and follow my instructions.

Share this post


Link to post
Share on other sites

ok.....sorry......here is the new log...fro, the new AAW................

 

 

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Wednesday, May 26, 2004 11:08:35 AM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R298 20.04.2004

______________________________________________________

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

 

 

5-26-2004 11:08:35 AM - Scan started. (Smart mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 5-26-2004 7:03:43 AM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:45 AM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:46 AM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 9/3/2002 4:59:11 PM

Last accessed : 5/26/2004 6:08:31 PM

Last modified : 9/3/2002 4:59:11 PM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:46 AM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 9/3/2002 4:39:51 PM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 9/3/2002 4:39:51 PM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:47 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:03:47 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:50 AM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 9/3/2002 5:04:18 PM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 9/3/2002 5:04:18 PM

 

#:8 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ThreadCreationTime : 5-26-2004 7:03:50 AM

BasePriority : Normal

FileSize : 229 KB

FileVersion : 2.1.0.610

ProductVersion : 2.1.0.610

Copyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Common Client Settings Manager Service

InternalName : ccSetMgr

OriginalFilename : ccSetMgr.exe

ProductName : Common Client

Created on : 2/21/2004 10:33:09 AM

Last accessed : 5/26/2004 6:06:28 PM

Last modified : 11/10/2003 9:30:12 PM

 

#:9 [cisvc.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:03:50 AM

BasePriority : Normal

FileSize : 5 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

OriginalFilename : cisvc.exe

ProductName : Microsoft

Created on : 9/3/2002 4:28:50 PM

Last accessed : 5/26/2004 6:06:28 PM

Last modified : 9/3/2002 4:28:50 PM

 

#:10 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ThreadCreationTime : 5-26-2004 7:03:52 AM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 2/27/2002 6:29:26 PM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 2/27/2002 6:29:26 PM

 

#:11 [scsiaccess.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:03:52 AM

BasePriority : Normal

FileSize : 177 KB

Created on : 2/4/2003 4:22:30 PM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 2/4/2003 4:22:30 PM

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:03:52 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 9/3/2002 5:05:32 PM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 9/3/2002 5:05:32 PM

 

#:13 [wfxsvc.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:03:53 AM

BasePriority : Normal

FileSize : 126 KB

FileVersion : 10.00.2000.0214

ProductVersion : 10.00

Copyright : Copyright

CompanyName : Symantec Corporation

FileDescription : Symantec WinFax PRO NT Service

InternalName : WFXSVC

ProductName : Symantec WinFax PRO

Created on : 10/3/2003 8:53:01 AM

Last accessed : 5/26/2004 6:06:29 PM

Last modified : 2/15/2000 12:36:22 AM

 

#:14 [sdmcp.exe]

FilePath : C:\PROGRA~1\COMMON~1\Stardock\

ThreadCreationTime : 5-26-2004 7:03:56 AM

BasePriority : Normal

FileSize : 248 KB

FileVersion : 0, 0, 5, 8

ProductVersion : 0, 0, 5, 8

Copyright : Copyright

CompanyName : Stardock

FileDescription : MCPServer

InternalName : MCP

OriginalFilename : SDMCP.exe

ProductName : Stardock MCP Core Services (System Extensions and Hooks)

Created on : 11/14/2003 1:53:52 AM

Last accessed : 5/26/2004 5:09:16 PM

Last modified : 11/14/2003 1:53:52 AM

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 5-26-2004 7:04:01 AM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 9/3/2002 4:32:50 PM

Last accessed : 5/26/2004 5:48:25 PM

Last modified : 9/3/2002 4:32:50 PM

 

#:16 [navapw32.exe]

FilePath : C:\PROGRA~1\NORTON~1\

ThreadCreationTime : 5-26-2004 7:04:04 AM

BasePriority : Normal

FileSize : 73 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Agent

InternalName : NAVAPW32

OriginalFilename : NAVAPW32.EXE

ProductName : Norton AntiVirus

Created on : 2/27/2002 6:27:58 PM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 2/27/2002 6:27:58 PM

 

#:17 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:04:05 AM

BasePriority : Normal

FileSize : 116 KB

FileVersion : 3.0.0.3762

ProductVersion : 7.0.0.3762

Copyright : Copyright 1999-2002, Intel Corporation

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

OriginalFilename : HKCMD.EXE

ProductName : Intel® Common User Interface

Created on : 4/7/2004 6:32:36 PM

Last accessed : 5/26/2004 6:07:29 PM

Last modified : 2/10/2004 5:51:30 PM

 

#:18 [wfxsnt40.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:04:05 AM

BasePriority : Normal

FileSize : 42 KB

FileVersion : 7.00 (Build 019)

ProductVersion : 7.00 (Build 019)

Copyright : Copyright © Symantec Corp. 1990-1997

CompanyName : Microsoft Corporation

FileDescription : Delrina Fax Port Launcher

InternalName : WFXSNT40.DLL

OriginalFilename : WFXSNT40.DLL

ProductName : Microsoft ® Windows NT WinFax Printer Driver

Created on : 10/3/2003 8:53:01 AM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 2/15/2000 12:36:22 AM

 

#:19 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_04\bin\

ThreadCreationTime : 5-26-2004 7:04:05 AM

BasePriority : Normal

FileSize : 32 KB

Created on : 2/23/2068 6:44:46 AM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 2/23/2004 6:44:44 AM

 

#:20 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ThreadCreationTime : 5-26-2004 7:04:06 AM

BasePriority : Normal

FileSize : 148 KB

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

Copyright : Copyright

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

OriginalFilename : realsched.exe

ProductName : RealOne Player (32-bit)

Created on : 11/9/2003 8:11:44 AM

Last accessed : 5/26/2004 6:07:29 PM

Last modified : 11/9/2003 8:11:44 AM

 

#:21 [mmtask.exe]

FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\

ThreadCreationTime : 5-26-2004 7:04:07 AM

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

Copyright : TODO: © <Company name>. All rights reserved.

CompanyName : TODO: <Company name>

FileDescription : TODO: <File description>

InternalName : mmtask.exe

OriginalFilename : mmtask.exe

ProductName : TODO: <Product name>

Created on : 5/1/2004 6:54:16 AM

Last accessed : 5/26/2004 6:07:29 PM

Last modified : 1/26/2004 5:46:48 PM

 

#:22 [ppmemcheck.exe]

FilePath : C:\PROGRA~1\PESTPA~1\

ThreadCreationTime : 5-26-2004 7:04:08 AM

BasePriority : Normal

FileSize : 145 KB

Created on : 3/17/2004 9:47:24 AM

Last accessed : 5/26/2004 5:08:45 PM

Last modified : 10/16/2002 5:16:54 AM

 

#:23 [em_exec.exe]

FilePath : C:\Program Files\Logitech\MouseWare\system\

ThreadCreationTime : 5-26-2004 7:04:09 AM

BasePriority : Normal

FileSize : 37 KB

FileVersion : 9.75.302

ProductVersion : 9.75.302

Copyright : © 1987-2002 Logitech. All rights reserved.

CompanyName : Logitech Inc.

FileDescription : Logitech Events Handler Application

InternalName : Em_Exec

OriginalFilename : Em_Exec.exe

ProductName : MouseWare

Created on : 3/18/2004 10:24:36 PM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 11/21/2002 5:50:00 PM

 

#:24 [rundll32.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 5-26-2004 7:04:10 AM

BasePriority : Normal

FileSize : 31 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

OriginalFilename : RUNDLL.EXE

ProductName : Microsoft

Created on : 9/3/2002 4:56:58 PM

Last accessed : 5/26/2004 6:06:59 PM

Last modified : 9/3/2002 4:56:58 PM

 

#:25 [cursorxp.exe]

FilePath : C:\Program Files\CursorXP\

ThreadCreationTime : 5-26-2004 7:04:11 AM

BasePriority : High

FileSize : 122 KB

FileVersion : 1, 3, 0, 0

ProductVersion : 1, 3, 0, 0

Copyright : Copyright

FileDescription : CursorXP

InternalName : CursorXP

OriginalFilename : CursorXP.exe

ProductName : Stardock CursorXP

Created on : 10/21/2003 5:26:33 AM

Last accessed : 5/26/2004 5:31:38 PM

Last modified : 3/2/2003 12:40:20 AM

 

#:26 [desktop calendar.exe]

FilePath : C:\Program Files\Desktop Calendar\

ThreadCreationTime : 5-26-2004 7:04:12 AM

BasePriority : Normal

FileSize : 432 KB

FileVersion : 0.04

ProductVersion : 0.04

CompanyName : Home

InternalName : Desktop Calendar

OriginalFilename : Desktop Calendar.exe

ProductName : DC Loading

Created on : 4/11/2003 11:20:04 PM

Last accessed : 5/26/2004 5:33:09 PM

Last modified : 4/11/2003 11:20:04 PM

 

#:27 [spysweeper.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ThreadCreationTime : 5-26-2004 7:04:16 AM

BasePriority : Normal

FileSize : 649 KB

FileVersion : 2.6.1.45

ProductVersion : 1.0.0.0

Copyright : Copyright © 2001-2003 Webroot Software, Inc.

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper

ProductName : Spy Sweeper

Created on : 5/23/2004 8:01:20 PM

Last accessed : 5/26/2004 5:48:25 PM

Last modified : 2/25/2004 6:48:26 PM

 

#:28 [sgmain.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 5-26-2004 7:04:20 AM

BasePriority : Normal

FileSize : 352 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC

FileDescription : SpywareGuard

InternalName : sgmain

OriginalFilename : sgmain.exe

ProductName : SpywareGuard

Created on : 8/30/2003 2:05:35 AM

Last accessed : 5/26/2004 5:09:16 PM

Last modified : 8/30/2003 2:05:35 AM

 

#:29 [yahoopops.exe]

FilePath : C:\Program Files\YahooPOPs\

ThreadCreationTime : 5-26-2004 7:04:21 AM

BasePriority : Normal

FileSize : 440 KB

FileVersion : 0, 5, 0, 0

ProductVersion : 0, 5, 0, 0

Copyright : Copyright © 2002 - 2003, The YahooPOPs! Team

CompanyName : http://yahoopops.sourceforge.net

FileDescription : Free POP3/SMTP access to Yahoo! Mail

InternalName : YahooPOPs!

OriginalFilename : YahooPOPs.exe

ProductName : YahooPOPs!

Created on : 8/3/2003 11:47:58 PM

Last accessed : 5/26/2004 5:09:16 PM

Last modified : 8/3/2003 11:47:58 PM

 

#:30 [sgbhp.exe]

FilePath : C:\Program Files\SpywareGuard\

ThreadCreationTime : 5-26-2004 7:04:28 AM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 2.02.0001

ProductVersion : 2.02.0001

Copyright : Copyright © 2002-2003 Javacool Software LLC.

FileDescription : SG Browser Hijacking Protection

InternalName : sgbhp

OriginalFilename : sgbhp.exe

ProductName : SG Browser Hijacking Protection

Created on : 8/29/2003 6:14:56 PM

Last accessed : 5/26/2004 5:09:16 PM

Last modified : 8/29/2003 6:14:56 PM

 

#:31 [webcolct.exe]

FilePath : C:\Program Files\Common Files\Logitech\WebColct\

ThreadCreationTime : 5-26-2004 7:07:00 AM

BasePriority : Normal

FileSize : 288 KB

FileVersion : 2.13.0

ProductVersion : 2.13.0

Copyright : © 1998-2003 Logitech. All rights reserved.

CompanyName : Logitech Inc.

FileDescription : Logitech Server for Internet Browsers

InternalName : WebColct

OriginalFilename : WebColct.exe

ProductName : Productivity Software Common Files

Created on : 3/18/2004 10:22:20 PM

Last accessed : 5/26/2004 5:11:48 PM

Last modified : 12/1/2003 7:31:02 PM

 

#:32 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:11:25 AM

BasePriority : Idle

FileSize : 8 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

OriginalFilename : cidaemon.exe

ProductName : Microsoft

Created on : 9/3/2002 4:28:48 PM

Last accessed : 5/26/2004 5:15:52 PM

Last modified : 9/3/2002 4:28:48 PM

 

#:33 [cidaemon.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 5-26-2004 7:11:27 AM

BasePriority : Idle

FileSize : 8 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Indexing Service filter daemon

InternalName : cidaemon.exe

OriginalFilename : cidaemon.exe

ProductName : Microsoft

Created on : 9/3/2002 4:28:48 PM

Last accessed : 5/26/2004 5:15:52 PM

Last modified : 9/3/2002 4:28:48 PM

 

#:34 [dap.exe]

FilePath : C:\PROGRA~1\DAP\

ThreadCreationTime : 5-26-2004 5:46:38 PM

BasePriority : Normal

FileSize : 1412 KB

FileVersion : 5, 3, 9, 6

ProductVersion : 5, 3, 9, 6

Copyright : Copyright © 1999 - 2003 SpeedBit Ltd

CompanyName : SpeedBit Ltd.

FileDescription : Download Accelerator Plus

InternalName : DAP

OriginalFilename : DAP.EXE

ProductName : Download Accelerator Plus

Created on : 7/11/2003 12:31:01 AM

Last accessed : 5/26/2004 5:55:17 PM

Last modified : 7/11/2003 12:31:02 AM

 

#:35 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ThreadCreationTime : 5-26-2004 6:07:26 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 3/4/2004 10:51:28 PM

Last accessed : 5/26/2004 6:07:27 PM

Last modified : 7/13/2003 4:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

180Solutions Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE

 

 

2020Search Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : downloader.downloader

 

 

2020Search Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : downloader.downloader.1

 

 

2020Search Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : Interface\{02CB16D1-4CA7-47FF-8546-C5E925DF33D6}

 

 

BuddyLinks Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{7D39A396-CBB8-4739-B97C-83FAA4682E00}

 

 

ClickSpring Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\ClickSpring

 

 

Ebates MoneyMaker Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavingsdr0.xml

 

 

ePlugin Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{f57d17ae-ce37-4bc8-b232-ea57747be5e7}

 

 

Golden Palace Casino Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Golden Palace Casino PT

 

 

Golden Palace Casino Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Golden Palace Casino PT

 

 

istbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : istactivex.installer.2

 

 

Kitten Free Sex Dialer Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\SDS Software\Setup2Go\UserData\Kitten Free Sex

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3F}

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : Interface\{AB88FC82-FCDC-4062-BCC4-887F0D73EC1D}

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : LocatorS.LocatorBar

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : LocatorS.LocatorBar.1

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : LocatorS.LocatorLinks

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : LocatorS.LocatorLinks.1

 

 

Locators.com Toolbar Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : TypeLib\{B4F8E732-4793-4F90-B40A-829331861D54}

 

 

New.Net Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net

 

 

New.Net Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\New.net

 

 

New.Net Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : software\new.net

 

 

RelatedLinks Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : lbbho.lbbho.1

 

 

RelatedLinks Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : lbbho.lbbho

 

 

RelatedLinks Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : TYPELIB\{15084be8-9a01-4e0b-a358-93688ec7d7aa}

 

 

CoolWebSearch Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Internet Explorer\Main

Value : HOMEOldSP

 

 

New.Net Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value : New.net Startup

 

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 28

Objects found so far: 28

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{09504BC1-E8CD-4090-B8F0-CA70F459B8A5}

 

 

CoolWebSearch Object recognized!

Type : File

Data : dcn.dll

Object : c:\windows\system32\

FileSize : 36 KB

Created on : 4/29/2004 2:11:33 AM

Last accessed : 5/26/2004 5:51:39 PM

Last modified : 4/29/2004 2:11:33 AM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{5321543C-0F67-4033-89F0-53BEF0E2A94A}

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{5F9AF81A-7A26-42EB-BEA5-883D6D25DC18}

 

 

CoolWebSearch Object recognized!

Type : File

Data : aapa.dll

Object : c:\windows\system32\

FileSize : 36 KB

Created on : 4/29/2004 2:13:12 AM

Last accessed : 5/26/2004 5:52:15 PM

Last modified : 4/29/2004 2:13:12 AM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{81B4E9F7-F3F9-40EA-8E71-D74AB51E09D6}

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{D33394F3-5028-4EBD-82B6-323F8EC5DB77}

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{EF5E6E6D-EEB4-4DE9-A7AC-EE8AAA0644BD}

 

 

ePlugin Object recognized!

Type : RegKey

Data : c:\windows\eplugin.ocx

Rootkey : HKEY_CLASSES_ROOT

Object : TYPELIB\{A75163E8-2C2C-48D4-BDB6-5B59D9231BEB}

 

 

ePlugin Object recognized!

Type : File

Data : eplugin.ocx

Object : c:\windows\

FileSize : 40 KB

FileVersion : 1, 0, 0, 6

ProductVersion : 1, 0, 0, 6

Copyright : Copyright © 2003

FileDescription : Loader ActiveX Control Module

InternalName : DialXLite

OriginalFilename : EPlugin.OCX

ProductName : Loader ActiveX Control Module

Created on : 5/6/2003 1:26:14 AM

Last accessed : 5/26/2004 5:53:16 PM

Last modified : 5/6/2003 1:26:14 AM

 

 

 

ePlugin Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/EPlugin.ocx

 

 

WildTangent Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Run

Value : AIMWDInstallFilename

 

 

WildTangent Object recognized!

Type : File

Data : aimwdi~1.exe

Object : c:\progra~1\aim\

FileSize : 100 KB

FileVersion : 1.0.0.28

ProductVersion : 1.0.0.28

Copyright : Copyright © 2003

CompanyName : Wild Tangent

FileDescription : AIM WD installer

 

 

 

ePlugin Object recognized!

Type : RegValue

Data : c:\windows\eplugin.ocx

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs

Value : C:\WINDOWS\EPlugin.ocx

 

 

New.Net Object recognized!

Type : NSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Name Space Provider: SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004

 

 

New.Net Object recognized!

Type : File

Data : newdotnet6_22-1.dll

Object : c:\program files\newdotnet\

FileSize : 220 KB

FileVersion : 6, 0, 0, 22

ProductVersion : 6, 0, 0, 22

Copyright : Copyright 2000-2002 New.net, Inc.

CompanyName : New.net, Inc.

FileDescription : New.net Domains

InternalName : tldctl2

OriginalFilename : tldctl2.dll

ProductName : New.net Domains

Created on : 5/15/2004 6:15:20 PM

Last accessed : 5/26/2004 6:08:30 PM

Last modified : 5/15/2004 6:15:14 PM

 

 

 

New.Net Object recognized!

Type : NSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Name Space Provider: SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net UDP Chain

 

 

New.Net Object recognized!

Type : File

Data : newdotnet6_22-1.dll

Object : c:\program files\newdotnet\

FileSize : 220 KB

FileVersion : 6, 0, 0, 22

ProductVersion : 6, 0, 0, 22

Copyright : Copyright 2000-2002 New.net, Inc.

CompanyName : New.net, Inc.

FileDescription : New.net Domains

InternalName : tldctl2

OriginalFilename : tldctl2.dll

ProductName : New.net Domains

Created on : 5/15/2004 6:15:20 PM

Last accessed : 5/26/2004 6:08:30 PM

Last modified : 5/15/2004 6:15:14 PM

 

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net UDP Chain

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net TCP Chain

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net TCP Chain

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net TCP Filter

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net TCP Filter

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net UDP Filter

 

 

New.Net Object recognized!

Type : LSP

Data : c:\program files\newdotnet\newdotnet6_22-1.dll

Layered Service Provider: New.net UDP Filter

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 20

Objects found so far: 54

 

 

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

VX2.BetterInternet Object recognized!

Type : File

Data : bik.exe

Object : C:\WINDOWS\System32\

FileSize : 132 KB

Created on : 4/7/2004 6:43:53 PM

Last accessed : 5/26/2004 6:10:46 PM

Last modified : 4/7/2004 6:43:53 PM

 

 

 

Claria Object recognized!

Type : File

Data : fsg_4104.exe

Object : C:\WINDOWS\System32\

FileSize : 252 KB

FileVersion : 4.1.0.4

ProductVersion : 4.1.0.4

OriginalFilename : Trickler.exe

Created on : 2/25/2004 6:34:44 AM

Last accessed : 5/26/2004 6:10:57 PM

Last modified : 2/25/2004 6:34:44 AM

 

 

 

WinFavorites Object recognized!

Type : File

Data : mvhohqvw.exe

Object : C:\WINDOWS\System32\

FileSize : 36 KB

Created on : 3/31/2004 12:10:57 AM

Last accessed : 5/26/2004 6:11:25 PM

Last modified : 3/31/2004 12:10:57 AM

 

 

 

Possible Browser Hijack attempt Object recognized!

Type : File

Data : free aol & unlimited internet.url

Object : C:\Documents and Settings\Kerk\Favorites\Links\

 

Created on : 5/20/2004 8:46:57 PM

Last accessed : 5/26/2004 6:11:53 PM

Last modified : 5/20/2004 8:46:57 PM

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Golden Palace Casino Object recognized!

Type : File

Data : pk.ico

Object : c:\windows\

FileSize : 3 KB

Created on : 2/17/2004 11:19:18 PM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 2/17/2004 11:49:37 PM

 

 

 

Kitten Free Sex Dialer Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\SDS Software

 

 

Kitten Free Sex Dialer Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main

Value : Window Title

 

 

Locators.com Toolbar Object recognized!

Type : RegValue

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

Value : {E720B458-B65A-AAAA-AAAA-AAAAAAAAAAAA}

 

 

Locators.com Toolbar Object recognized!

Type : File

Data : lctkeys.txt

Object : c:\windows\

 

Created on : 2/26/2004 7:52:50 AM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 2/26/2004 8:07:08 AM

 

 

 

New.Net Object recognized!

Type : Folder

Object : c:\program files\NewDotNet

 

 

New.Net Object recognized!

Type : File

Data : newdotnet6_22-1.dll

Object : c:\program files\newdotnet\

FileSize : 220 KB

FileVersion : 6, 0, 0, 22

ProductVersion : 6, 0, 0, 22

Copyright : Copyright 2000-2002 New.net, Inc.

CompanyName : New.net, Inc.

FileDescription : New.net Domains

InternalName : tldctl2

OriginalFilename : tldctl2.dll

ProductName : New.net Domains

Created on : 5/15/2004 6:15:20 PM

Last accessed : 5/26/2004 6:08:30 PM

Last modified : 5/15/2004 6:15:14 PM

 

 

 

New.Net Object recognized!

Type : File

Data : readme.html

Object : c:\program files\newdotnet\

FileSize : 6 KB

Created on : 4/2/2004 8:19:20 PM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 5/15/2004 6:15:20 PM

 

 

 

New.Net Object recognized!

Type : File

Data : uninstall6_22-1.exe

Object : c:\program files\newdotnet\

FileSize : 48 KB

Created on : 5/15/2004 6:15:20 PM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 5/15/2004 6:15:20 PM

 

 

 

New.Net Object recognized!

Type : File

Data : uninstall6_22.exe

Object : c:\program files\newdotnet\

FileSize : 48 KB

Created on : 4/2/2004 8:19:20 PM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 4/2/2004 8:19:20 PM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : Software\SerG

 

 

WildTangent Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CURRENT_USER

Object : Control Panel\MMCPL

 

 

VX2.BetterInternet Object recognized!

Type : File

Data : bi.ini

Object : c:\windows\

FileSize : 252 KB

Created on : 3/16/2004 1:12:30 AM

Last accessed : 5/26/2004 6:11:54 PM

Last modified : 4/17/2004 1:01:38 AM

 

 

 

VX2.BetterInternet Object recognized!

Type : File

Data : payload.inf

Object : c:\windows\inf\

FileSize : 1 KB

Created on : 9/8/2003 5:20:38 PM

Last accessed : 5/26/2004 6:11:55 PM

Last modified : 9/8/2003 5:20:38 PM

 

 

 

WinFavorites Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : atl.registrar

 

 

WinFavorites Object recognized!

Type : RegKey

Data :

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{44ec053a-400f-11d0-9dcd-00a0c90391d3}

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 16

Objects found so far: 74

 

 

11:13:51 AM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:05:15:563

Objects scanned :64647

Objects identified :74

Objects ignored :0

New objects :74

Share this post


Link to post
Share on other sites

It's still out of date - click check for updates. Then have it remove all it finds. I don't need to see another AAW log - just post a new HJT log.

Share this post


Link to post
Share on other sites

OK ....AAW is now properly up to date...here is HJT's log.......its still there huh?????

 

 

Logfile of HijackThis v1.97.7

Scan saved at 10:51:23 PM, on 5/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\Desktop Calendar\Desktop Calendar.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\YahooPOPs\YahooPOPs.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Logitech\WebColct\WebColct.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/myfinances

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://c:\windows\system32\pepfb.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/myfinances

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://c:\windows\system32\pepfb.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.quicken.com/myfinances/

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\PROGRA~1\OBJECT~1\WEBBLI~1\webblinds.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: YahooPOPs.lnk = ?

O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {26AF16A3-32E4-4D60-A764-C5B6F249D091} (AxgviewerCtrl Class) - http://marketrac.nyse.com/mt/3D/Axgviewer.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8112.6336342593

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_US.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

It looked like you got rid of it before but you appear to be reinfected. Dllfix has been updated. Could you re-download from here. It is a self-extracting archive; double click on it. Open the DLLFIX folder and double click on Start.bat.

 

At the main menu, press '1' (Run Find-All by FreeAtLast) and enter. Let the program run. When finished, press 'E' to exit. Open the DLLFix folder. Post the contents of Output.txt in this thread.

Share this post


Link to post
Share on other sites

you might try ticking and fixing the infected r1 and ro's. There is no 02 entry for the dll which is weird

Share this post


Link to post
Share on other sites

you might try ticking and fixing the infected r1 and ro's. There is no 02 entry for the dll which is weird

Share this post


Link to post
Share on other sites

shadowwar....would it be possible that you help me on this??????

 

 

Daemin ...here is the log you requested....please help.....thanks

 

 

 

--==***@@@ FIND-ALL' VERSION MODIFIED -5/27 @@@***==--

--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

 

Sat 05/29/2004

04:34 PM

 

System Info:

 

Microsoft Windows XP [Version 5.1.2600]

C: "" (4C24:42B3) - FS:NTFS clusters:4k

Total: 29 981 143 040 [28G] - Free: 7 186 497 536 [6.7G]

 

 

*IE version and Service packs:

6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe

*Notepad version :

5.1.2600.0 C:\WINDOWS\system32\notepad.exe

5.1.2600.0 C:\WINDOWS\notepad.exe

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings

MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;

 

 

 

Locked or 'Suspect' file(s) found...

 

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"Appinit_Dlls"=""

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF0B8EE-6596-11D5-A98E-0003470BB48E}]

@="CCHelper"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]

@="SpywareGuard Download Protection"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F92B827-1E56-4E30-A978-A17A7861A606}]

@="WebBlinds"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

@="NAV Helper"

 

REGEDIT4

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]

"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]

@="AP Class Install Handler filter"

"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]

@="AP Deflate Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]

@="AP GZIP Encoding/Decoding Filter "

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]

@="AP lzdhtml encoding/decoding Filter"

"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]

@="WebView MIME Filter"

"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

 

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/xml]

"CLSID"="{807553E5-5146-11D5-A672-00B0D022E945}"

 

 

! REG.EXE VERSION 2.0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_Dlls REG_SZ

 

*Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

Share this post


Link to post
Share on other sites

Did you try what shadowwar suggested? Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://c:\windows\system32\pepfb.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://c:\windows\system32\aapa.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://c:\windows\system32\pepfb.dll/sp.html (obfuscated)

Fix these also:

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

 

Reboot when done, rescan with HJT and post a new log here.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0