Print Page - Ad-aware & Favouriteman...How to remove?

On 8/9/2005 Ad-aware found a parasite called Favouriteman.[C:\WINDOWS\iun6002.exe] This was rated as a category 8. After a Google search, I found some information at 'www.doxdesk.com on it. The removal instructions said that I must go Add/Remove and remove Favouriteman/F1, ZZ, IMZ, Icm/Int and ATPartners or whatever variant it it that was on my system. I didn't find any such applications as mentioned above on Add/Remove. The next step was to deregister Favouriteman's dll. This I was unable to do. The instruction given didn't work on my system:[cd "%WinDir%\System" regsvr32 /u favorite.dll]. Next I instructed Ad-aware to remove it. Which seemed to work. Then I rebooted into Safe Mode and ran Ad-aware again, which found this parasite on 'System restore'. I then disabled and enable system restore. I ran all my antiparasite software in safe mode. {Ad-aware, Spybot, MS antispyware beta, ewido, avast av, cws shredder, etc.} They didn't find anything. I then went into the registry using the Registry Editor and searched for all the dll's mentioned on the instructions from 'doxdesk'. I found and deleted the following: favourite.dl, favboot.dll, favorite.dll, favourite.dll, ofrg.dll, sysfile.dll, *.dll and iun6002.exe. Seeing that I did not go about things correctly, what else can I do, to ensure that I have a pc free of Favouriteman? Hope that I have posted in the correct place. Thanks. :sos:

Hi, 10rand. Let's start with a full scan Ad-Aware SE logfile (in normal mode) and see what that shows us. Also, please let us know if you are having any problems.

Thanks.

No, I don't have problems. I just want to be sure that I don't have a Trojan or something that can transmit data illegally from my pc. Thanks. Here is the logfile:

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 14, 2005 6:16:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R65 08.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R65 08.09.2005
Internal build : 76
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 518006 Bytes
Total size : 1558638 Bytes
Signature data size : 1525452 Bytes
Reference data size : 32674 Bytes
Signatures total : 43368
CSI Fingerprints total : 1037
CSI data size : 36930 Bytes
Target categories : 15
Target families : 745

Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:51 %
Total physical memory:523756 kb
Available physical memory:264472 kb
Total page file size:1278952 kb
Available on page file:973276 kb
Total virtual memory:2097024 kb
Available virtual memory:2044040 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

9-14-2005 6:16:27 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 544
ThreadCreationTime : 9-14-2005 4:10:23 PM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 592
ThreadCreationTime : 9-14-2005 4:10:26 PM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 616
ThreadCreationTime : 9-14-2005 4:10:28 PM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 660
ThreadCreationTime : 9-14-2005 4:10:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 672
ThreadCreationTime : 9-14-2005 4:10:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 808
ThreadCreationTime : 9-14-2005 4:10:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 912
ThreadCreationTime : 9-14-2005 4:10:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 952
ThreadCreationTime : 9-14-2005 4:10:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [smc.exe]
ModuleName : C:\Program Files\Sygate\SPF\smc.exe
Command Line : n/a
ProcessID : 1040
ThreadCreationTime : 9-14-2005 4:10:35 PM
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1072
ThreadCreationTime : 9-14-2005 4:10:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1104
ThreadCreationTime : 9-14-2005 4:10:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1224
ThreadCreationTime : 9-14-2005 4:10:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [aswupdsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
ProcessID : 1348
ThreadCreationTime : 9-14-2005 4:10:40 PM
BasePriority : Normal

#:14 [ashserv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
ProcessID : 1364
ThreadCreationTime : 9-14-2005 4:10:40 PM
BasePriority : High
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 1400
ThreadCreationTime : 9-14-2005 4:10:41 PM
BasePriority : Normal
FileVersion : 9.0.511.0
ProductVersion : 9.0.511.0
ProductName : Diskeeper (TM) Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2004 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:16 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1424
ThreadCreationTime : 9-14-2005 4:10:43 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:17 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1504
ThreadCreationTime : 9-14-2005 4:10:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1536
ThreadCreationTime : 9-14-2005 4:10:45 PM
BasePriority : Normal
FileVersion : 6.14.10.7777
ProductVersion : 6.14.10.7777
ProductName : NVIDIA Driver Helper Service, Version 77.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.77
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [snmp.exe]
ModuleName : C:\WINDOWS\System32\snmp.exe
Command Line : C:\WINDOWS\System32\snmp.exe
ProcessID : 1620
ThreadCreationTime : 9-14-2005 4:10:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:20 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1656
ThreadCreationTime : 9-14-2005 4:10:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1700
ThreadCreationTime : 9-14-2005 4:10:47 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:22 [ashmaisv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
ProcessID : 456
ThreadCreationTime : 9-14-2005 4:10:58 PM
BasePriority : Normal

#:23 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 492
ThreadCreationTime : 9-14-2005 4:10:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:24 [ashwebsv.exe]
ModuleName : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Command Line : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
ProcessID : 584
ThreadCreationTime : 9-14-2005 4:11:00 PM
BasePriority : Normal

#:25 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 328
ThreadCreationTime : 9-14-2005 4:11:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1940
ThreadCreationTime : 9-14-2005 4:11:02 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:27 [ashdisp.exe]
ModuleName : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Command Line : "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
ProcessID : 2488
ThreadCreationTime : 9-14-2005 4:11:13 PM
BasePriority : Normal
FileVersion : 4, 6, 665, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswDisp.exe

#:28 [startupmonitor.exe]
ModuleName : C:\WINDOWS\StartupMonitor.exe
Command Line : "C:\WINDOWS\StartupMonitor.exe"
ProcessID : 2520
ThreadCreationTime : 9-14-2005 4:11:14 PM
BasePriority : Normal

#:29 [winpatrol.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
ProcessID : 2552
ThreadCreationTime : 9-14-2005 4:11:15 PM
BasePriority : Normal
FileVersion : 9, 7, 0, 22
ProductVersion : 9.7.0.22
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:30 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RunDLL32.exe
Command Line : "C:\WINDOWS\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
ProcessID : 2592
ThreadCreationTime : 9-14-2005 4:11:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:31 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2600
ThreadCreationTime : 9-14-2005 4:11:16 PM
BasePriority : Normal

#:32 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2652
ThreadCreationTime : 9-14-2005 4:11:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:33 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 2668
ThreadCreationTime : 9-14-2005 4:11:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:34 [windowssearch.exe]
ModuleName : C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
Command Line : "C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe" /startup
ProcessID : 2692
ThreadCreationTime : 9-14-2005 4:11:19 PM
BasePriority : Normal
FileVersion : 02.05.0000.1082
ProductVersion : 02.05.0000.1082
ProductName : MSN Search Toolbar
CompanyName : Microsoft Corporation
FileDescription : Windows Desktop Search Tool Tray Admin
InternalName : WindowsSearch.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WindowsSearch.exe

#:35 [bhodemon.exe]
ModuleName : C:\Program Files\BHODemon 2\BHODemon.exe
Command Line : "C:\Program Files\BHODemon 2\BHODemon.exe"
ProcessID : 2748
ThreadCreationTime : 9-14-2005 4:11:21 PM
BasePriority : Normal
FileVersion : 2.0.0.23
ProductVersion : 2.0.0.23
ProductName : BHODemon 2.0
CompanyName : Definitive Solutions, Inc.
FileDescription : BHODemon - Freeware BHO Detection Utility
InternalName : BHODemon.exe
LegalCopyright : Copyright (c) 2000-2005 Definitive Solutions, Inc. All rights reserved.
LegalTrademarks : www.DefinitiveSolutions.com
OriginalFilename : BHODemon.exe
Comments : BHODemon - Freeware BHO Detection Utility

#:36 [sgmain.exe]
ModuleName : C:\Program Files\SpywareGuard\sgmain.exe
Command Line : "C:\Program Files\SpywareGuard\sgmain.exe"
ProcessID : 2760
ThreadCreationTime : 9-14-2005 4:11:22 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:37 [windowssearchindexer.exe]
ModuleName : C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
Command Line : "C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe" -Embedding
ProcessID : 2796
ThreadCreationTime : 9-14-2005 4:11:25 PM
BasePriority : Normal
FileVersion : 2.5.0.1082
ProductVersion : 2.5.0.1082
ProductName : Windows Desktop Search
CompanyName : Microsoft Corporation
FileDescription : Windows Desktop Search executable
InternalName : windowssearchindexer.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : windowssearchindexer.exe
Comments : Windows Desktop Search executable

#:38 [sgbhp.exe]
ModuleName : C:\Program Files\SpywareGuard\sgbhp.exe
Command Line : "C:\Program Files\SpywareGuard\sgbhp.exe"
ProcessID : 2864
ThreadCreationTime : 9-14-2005 4:11:28 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:39 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b8]SUSDS02509c10bf48004295f1da01ea9b9be5
ProcessID : 3060
ThreadCreationTime : 9-14-2005 4:11:41 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1420
ThreadCreationTime : 9-14-2005 4:16:16 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0

6:23:04 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:37.343
Objects scanned:137305
Objects identified:0
Objects ignored:0
New critical objects:0

Hello, 10rand, sorry about the delay in replying to your post..
That's a clean looking logfile I cant see anything strange there ..

You might want to run a web update as a new release has come out .
If that still comes back clean IE finds nothing, if you wish we can have a HjT
Expert look at it and advise ...

Download HiJack This from here: http://www.thespykiller.co.uk/files/HJTsetup.exe

This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
This is a complete installer that installs Hijackthis onto your computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.

then.......

Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here and we´ll have a HjT
Expert look at it ..

Regards..

numbnuts.. :breakkie:

:oops: Oh my, I was sure I had responded to 10rand's logfile post. Thank you, numbnuts.

10rand ,
I have moved your HijackThis log file to the HijackThis forum (http://www.landzdown.com/index.php/board,26.html).

GR@PH;<'S :breakkie:

LandzDown Forum

Security => Security Software Programs => Topic started by: 10rand on September 13, 2005, 05:22:59 PM