Hello folks. I had numbnuts in my house the other night and he advised me to come on to this forum and you guys might be able to help me!
jeremiah,
Glad you managed to find your way here (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsmilies.sofrayt.com%2Ffsc%2Fthumbs-up.gif&hash=c1e3dd78f2962d425885915fa02daf0bba965636)
I here that you have already started to get control of your PC by doing some on-line scans and removing all the things that was found by them.
Even though you may have already have done some scans Please make sure that you have got the latest Ad-aware Definition file IE:
SE1R102.03.04.2006 once you have it please can you start your PC in safe mode,
Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode, only the specific components that are needed to run the operating system are loaded. Safe mode does not allow some functions, such as connection to the Internet. It also loads a standard video driver at a low resolution; therefore, your programs and the Windows desktop may look different than usual, In addition, the desktop icons may have moved to different locations on the desktop.( see
How to start the computer in Safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406))
once in safe mode open
Ad-aware SE Build 106 (http://lavasoft.element5.com/support/download)
then scan doing a
"Full Scan" (http://www.lavasofthelp.com/howto/scan_se/) and
then post your logfile here by using the
Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER:
%appdata% then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all) QuoteI had numbnuts in my house the other night
Sorry to here that you have no beer left :hysterical:
GR@PH;<'S :breakkie:
Gr@ph:<'s
thanks very much for your reply. i have printed the reply and will attempt to follow the instructions but i have to warn you i am not very computer literate.
Jeremiahjude
Ad-Aware SE Build 1.06r1
Logfile Created on:10 April 2006 17:29:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):3 total references
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):19 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
WinFixer(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
10-04-2006 17:29:35 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Pc User\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Pc User\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 10-04-2006 16:27:47
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 200
ThreadCreationTime : 10-04-2006 16:27:56
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 224
ThreadCreationTime : 10-04-2006 16:27:57
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 268
ThreadCreationTime : 10-04-2006 16:28:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 10-04-2006 16:28:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 432
ThreadCreationTime : 10-04-2006 16:28:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 10-04-2006 16:28:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 10-04-2006 16:28:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 748
ThreadCreationTime : 10-04-2006 16:28:26
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 872
ThreadCreationTime : 10-04-2006 16:29:00
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Adverts.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Win32.Adverts.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{deceaaa2-370a-49bb-9362-68c3a58ddc62}
Value : AppID
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 21
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@doubleclick.net/
Expires : 09-04-2009 16:33:40
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@atdmt.com/
Expires : 09-04-2011 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@questionmarket.com/
Expires : 01-06-2007 00:15:34
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:pc user@as-us.falkag.net/
Expires : 10-05-2006 16:29:14
LastSync : Hits:15
UseCount : 0
Hits : 15
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@sel.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:pc user@sel.as-us.falkag.net/
Expires : 10-05-2006 16:29:14
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc user@mediaplex.com/
Expires : 22-06-2009 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:pc user@ads.pointroll.com/
Expires : 01-01-2010 01:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:pc user@as-eu.falkag.net/
Expires : 10-04-2007 16:37:46
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:pc user@revenue.net/
Expires : 10-06-2022 06:05:42
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:pc user@bluestreak.com/
Expires : 07-04-2016 12:25:44
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@tribalfusion.com/
Expires : 01-01-2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:pc user@statcounter.com/
Expires : 09-04-2011 00:09:04
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:pc user@casalemedia.com/
Expires : 31-03-2007 19:10:04
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@etype.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@etype.adbureau.net/
Expires : 01-03-2007 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc user@fastclick.net/
Expires : 09-04-2008 17:06:30
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@lop[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@lop.com/
Expires : 09-04-2007 15:41:52
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:pc user@2o7.net/
Expires : 08-04-2011 18:42:30
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:pc user@adtech.de/
Expires : 06-04-2016 23:50:10
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 40
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFixer Object Recognized!
Type : File
Data : WinFixer2006FreeInstall[1].cab
TAC Rating : 10
Category : Misc
Comment :
Object : C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\D3VZ5P0A\
WinFixer Object Recognized!
Type : File
Data : WinFixer2006FreeInstall[1].exe
TAC Rating : 10
Category : Misc
Comment :
Object : C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\GPY78LQ7\
Adware.P2PNetworking Object Recognized!
Type : File
Data : A0037908.DLL
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{BF5EB97B-14FD-4B1A-8CD5-DB0E8D700354}\RP197\
Adware.P2PNetworking Object Recognized!
Type : File
Data : A0037911.exe
TAC Rating : 3
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{BF5EB97B-14FD-4B1A-8CD5-DB0E8D700354}\RP197\
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe
WinFixer Object Recognized!
Type : File
Data : UWFX6_0001_N69M1503NetInstaller.exe
TAC Rating : 10
Category : Misc
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 45
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_df_kmd
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_df_kmd
WinFixer Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winfixer_free
Adware.P2PNetworking Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\p2p networking
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 49
17:39:17 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:42.125
Objects scanned:112486
Objects identified:30
Objects ignored:0
New critical objects:30
jeremiah,
please can you clear out your cache folder ie: temporary internet folder There is free program that you can use that will do that for you if needed called
CCleaner (http://www.ccleaner.com/)
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see
CCleaner Set up (http://www.bbusa.net/ghost1/ccleanersetup.html)
After you have done that can you scan by doing a
"Full Scan" (http://www.lavasofthelp.com/howto/scan_se/) then and once the scan has finished
mark and remove the items then
Reboot (ie: Re-start your PC)Then re-scan doing a
"Full Scan" (http://www.lavasofthelp.com/howto/scan_se/) and
then post your logfile here by using the
Add-Reply Feature .
Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,
QuoteDefault IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack
Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack
Also you may wish to download a Free Cookie manager called
CookieWall (http://www.analogx.com/contents/download/network/cookie.htm) to take care of all your Cookie's for you.
(Tracking Cookie's are always safe to delete)
GR@PH;<'S :breakkie:
Ad-Aware SE Build 1.06r1
Logfile Created on:10 April 2006 22:35:13
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.P2PNetworking(TAC index:3):3 total references
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):22 total references
Win32.Adverts.TrojanDownloader(TAC index:6):2 total references
WinFixer(TAC index:10):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Edited as log incomplte se post below
GR@PH;<'S :breakkie:
jeremiah,
please can you clear out your cache folder ie: temporary internet folder There is free program that you can use that will do that for you if needed called CCleaner
http://www.ccleaner.com/ (http://www.ccleaner.com/)
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see
http://www.bbusa.net/ghost1/ccleanersetup.html (http://www.bbusa.net/ghost1/ccleanersetup.html)
After you have done that can you scan by doing a
"http://www.lavasofthelp.com/howto/scan_se/" (http://www.lavasofthelp.com/howto/scan_se/) then and once the scan has finished
mark and remove the items then
Reboot (ie: Re-start your PC)Then re-scan doing a
"http://www.lavasofthelp.com/howto/scan_se/" (http://www.lavasofthelp.com/howto/scan_se/) and
then post your logfile here by using the
Add-Reply Feature .
Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,
QuoteDefault IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack
Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack
Also you may wish to download a Free Cookie manager called cookiewall
http://www.analogx.com/contents/download/network/cookie.htm (http://www.analogx.com/contents/download/network/cookie.htm) to take care of all your Cookie's for you.
(Tracking Cookie's are always safe to delete)
GR@PH;<'S :breakkie:
Hi, Jeremiah,
One thing I would add to Ghost's tutorial on CCleaner: Before using it the first time, under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
I noticed the Winfixer in your logfile. To save you a step or two, after following GR@PH;<'S instructions above, please download
VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will shutdown your computer, click OK.
- Turn your computer back on.
Please post the contents of C:\
vundofix.txt and a new Ad-Aware SE Logfile.
Note: if you don't do this properly, Paddy will be over to straighten you out and confiscate any beer or other alcoholic beverages for shipping to GR@PH;<'S, the keeper of fine beverages. :hysterical:
ANALYSIS COMPLETE - (2.891 secs)
------------------------------------------------------------------------------------------
0.67MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (117 files) 0.50MB
C:\Documents and Settings\Pc User\Cookies\pc user@dns-look-up[1].txt 72 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@landzdown[1].txt 224 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@live[1].txt 94 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@msnportal.112.2o7[1].txt 119 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@msn[2].txt 388 bytes
C:\Documents and Settings\Pc User\Cookies\pc user@www.msn[2].txt 377 bytes
C:\Documents and Settings\Pc User\Local Settings\History\History.IE5\desktop.ini 113 bytes
Marked for deletion: C:\Documents and Settings\Pc User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Pc User\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Pc User\Local Settings\History\History.IE5\index.dat
C:\DOCUME~1\PCUSER~1\LOCALS~1\Temp\~DF2ACD.tmp 0.16MB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 11.35KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 67 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 1.91KB
C:\Documents and Settings\Pc User\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
------------------------------------------------------------------------------------------
Hi corrine. Im sorry i already had run the scan then i seen your post. I tried it anyway and there are no infected files.
thanks anyway
jerry
That's ok. The only reason for that "tweak' is that the default setting for CCleaner is to not remove temp files from the past 48 hours. More than liikely, the more recent temp files are the files that need to be removed.
Please continue with the rest of the instructions.
Hello folks, still having problems so numbnuts told me post another log.Ad-Aware SE Build 1.06r1
Logfile Created on:12 April 2006 22:50:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
12-04-2006 22:50:08 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1229272821-1637723038-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 500
ThreadCreationTime : 12-04-2006 06:34:38
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 12-04-2006 06:34:40
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 12-04-2006 06:34:41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 12-04-2006 06:34:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 12-04-2006 06:34:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 12-04-2006 06:34:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1308
ThreadCreationTime : 12-04-2006 06:34:45
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1376
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 8.14
ProductVersion : 8.14
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1412
ThreadCreationTime : 12-04-2006 06:34:46
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1668
ThreadCreationTime : 12-04-2006 06:34:48
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:16 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1804
ThreadCreationTime : 12-04-2006 06:34:50
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:17 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1840
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:18 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1872
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1892
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:20 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1896
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:21 [dlbabmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A940\
ProcessID : 1924
ThreadCreationTime : 12-04-2006 06:34:51
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Manager
InternalName : dlbabmgr.exe
OriginalFilename : dlbabmgr.exe
#:22 [dlbabmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A940\
ProcessID : 2008
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A940 Button Monitor
InternalName : dlbabmon.exe
OriginalFilename : dlbabmon.exe
#:23 [hotkey.exe]
FilePath : C:\Program Files\Hotkey\
ProcessID : 2016
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Hotkey ????
FileDescription : Hotkey Microsoft ???????
InternalName : Hotkey
LegalCopyright : ???? (C) 2004
OriginalFilename : Hotkey.exe
#:24 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 2024
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:25 [dslstat.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 2032
ThreadCreationTime : 12-04-2006 06:34:52
BasePriority : Normal
FileVersion : 4.0.7
ProductVersion : 4.0.7
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright (C) 2002
OriginalFilename : dslstatus.exe
#:26 [dslagent.exe]
FilePath : C:\Program Files\BT Voyager 105 ADSL Modem\
ProcessID : 148
ThreadCreationTime : 12-04-2006 06:34:53
BasePriority : Normal
#:27 [blubster.exe]
FilePath : C:\Program Files\Blubster\
ProcessID : 192
ThreadCreationTime : 12-04-2006 06:34:54
BasePriority : Normal
FileVersion : 2.05
ProductVersion : 2.05
ProductName : MP2P Servent
CompanyName : Piolet Networks
FileDescription : MP2P servent main executable
InternalName : Blubster
LegalCopyright : Copyright 1999 - 2003 Pablo Soto. All rights reserved.
OriginalFilename : Blubster.exe
Comments : Share your Music!
#:28 [lxcgmon.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 224
ThreadCreationTime : 12-04-2006 06:34:54
BasePriority : Normal
FileVersion : 2.6.62.20
ProductVersion : 2.6.62.20
ProductName : Lexmark Device Monitor
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark Device Monitor
InternalName : lxcgmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxcgmon.exe
#:29 [ezprint.exe]
FilePath : C:\Program Files\Lexmark 2300 Series\
ProcessID : 260
ThreadCreationTime : 12-04-2006 06:34:55
BasePriority : Normal
FileVersion : 1.0.12.0
ProductVersion : 1.0.12.0
ProductName : Lexmark Fast Pics Application
CompanyName : Lexmark International Inc.
FileDescription : Lexmark Fast Pics Application
InternalName : Lexmark Fast Pics
LegalCopyright : Copyright (C) 2004
OriginalFilename : ezprint.exe
#:30 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 380
ThreadCreationTime : 12-04-2006 06:34:57
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:31 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 12-04-2006 06:35:00
BasePriority : Normal
#:32 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 964
ThreadCreationTime : 12-04-2006 06:35:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 12-04-2006 06:35:05
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:34 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1496
ThreadCreationTime : 12-04-2006 06:35:08
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:35 [mpbtn.exe]
FilePath : C:\Program Files\BT Broadband Basic Help\bin\
ProcessID : 2200
ThreadCreationTime : 12-04-2006 06:35:44
BasePriority : Normal
#:36 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 264
ThreadCreationTime : 12-04-2006 06:37:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:37 [lxcgcoms.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 12-04-2006 06:37:19
BasePriority : High
FileVersion : 1.154.19.0
ProductVersion : 1.154.19.0
ProductName : Printer Communication System
FileDescription : Printer Communication System
InternalName : GN__coms.exe
OriginalFilename : GN__coms.exe
#:38 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2412
ThreadCreationTime : 12-04-2006 07:42:29
BasePriority : Normal
FileVersion : 7.5.0322
ProductVersion : 7.5.0322
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:39 [poker.exe]
FilePath : C:\Program Files\PacificPoker\Utils\
ProcessID : 3976
ThreadCreationTime : 12-04-2006 21:23:42
BasePriority : Normal
FileVersion : 3, 0, 2, 2
ProductVersion : 3, 0, 2, 2
ProductName : poker
CompanyName : Cassava Ent.
FileDescription : poker
InternalName : poker
LegalCopyright : Copyright © 1999
OriginalFilename : poker.exe
#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3808
ThreadCreationTime : 12-04-2006 21:40:53
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2956
ThreadCreationTime : 12-04-2006 21:49:47
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@doubleclick.net/
Expires : 12-04-2006 22:38:54
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:pc user@atdmt.com/
Expires : 11-04-2011 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : pc user@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:pc user@fastclick.net/
Expires : 11-04-2008 22:14:30
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
23:01:20 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:11.875
Objects scanned:113182
Objects identified:3
Objects ignored:0
New critical objects:3
its all jargon to me!!!! :help:
jeremiah,
Did you install CCleaner (http://www.ccleaner.com/) if so i run it if not please download it then run it,
as it will clear out your ceche folder for you.
now in your log file there are some programs that you may not want or at least may not want running at boot up IE: PC start up
such as #:39 [poker.exe] and #:27 [blubster.exe]
can you let us know what pop ups or other items that you are getting on your pc.
GR@PH;<'S :breakkie:
Jerry, Jerry, Jerry. What to do with you? :lol:
GR@PH;<'S, Paddy and I have been having a bit of a chat about your PC. Here's what is in store:
1) Stock your refrigerator as you will be having company soon (or is that a knock on the door now?).
2) Be prepared to answer questions regarding the ewido scan -- did it finish? did you remove what was found?
3) See this link about Blubster: http://www.depts.drew.edu/its/docs/procedures/blubster.php
4) Consider a new hobby besides online poker. :lol:
5) If you have not run the VundoFix posted above, please do so next and post the log as a reply. If you already ran it, check for C:\vundofix.txt and paste it with the HJThis log in #6 below as a reply.
6) Please download HijackThis© from: http://www.thespykiller.co.uk/files/HJTsetup.exe .
Note: This is a complete installer that installs HijackThis to your computer to at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.
At the download prompt, choose "Save". After the download is complete, navigate to the C:\Program Files\HijackThis folder and double-click it. When the installation is complete, double-click the HijackThis icon on your desktop. Select "Do a system scan and save logfile". Select a name for this first logfile. and a text file will be produced. Copy the text file and paste it here as a reply.
We'll be watching for those logs. :rose:
What timely information I have for you Jerry. I understand that PartyPoker is considered a low risk threat: http://research.sunbelt-software.com/threat_display.cfm?name=PartyPoker&threatid=44086&search=partypoker so perhaps you would consider that. There may be a popup or two, but when intentionally installed, it uninstalls cleanly.
Logfile of HijackThis v1.99.1
Scan saved at 18:03:53, on 13/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-itnow.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D724147-2FDF-90D1-352A-8D9D5AAECC5A} - C:\DOCUME~1\jordan\APPLIC~1\MORESI~1\About bib.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Hotkey\Hotkey.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [EXTRA META WAVE TEST] C:\Documents and Settings\All Users\Application Data\FlawBeepExtraMeta\Cash Bin.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm579YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/OpiStat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6358EBA3-1444-4D0D-A442-ED200A0DCA6E}: NameServer = 194.72.9.34 62.6.40.178
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Hey,
HijackThis log could do with a bit of cleaning...
Re-run HijackThis and scan again with it, click in the checkbox (so it becomes 'ticked') next to each one of these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-itnow.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-itnow.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.supremetoolbar.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0D724147-2FDF-90D1-352A-8D9D5AAECC5A} - C:\DOCUME~1\jordan\APPLIC~1\MORESI~1\About bib.exe (file missing)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [EXTRA META WAVE TEST] C:\Documents and Settings\All Users\Application Data\FlawBeepExtraMeta\Cash Bin.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm579YYGB
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
Once all of those are checked, close everything but HijackThis, hit 'Fix Checked' and restart/reboot the computer afterwards.
When back into Windows after the reboot, delete these folders & post a new fresh log:
C:\Documents and Settings\All Users\Application Data\FlawBeepExtraMeta\
C:\Program Files\PartyGaming\
C:\Program Files\RXToolBar\
C:\Program Files\Noble Poker\
(You may need to 'Show Hidden Files and Folders' if you can find any of those folders. Instructions on how to show hidden files/folders are located here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html). If you still can't find any of those folders, forget about it.)
Logfile of HijackThis v1.99.1
Scan saved at 16:28:06, on 14/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Hotkey\Hotkey.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/OpiStat_preinstaller_activex_en_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6358EBA3-1444-4D0D-A442-ED200A0DCA6E}: NameServer = 194.72.9.34 62.6.40.178
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
paddy was up helping me but it was too early to have a beer so my fridge is still stocked!!
Quotepaddy was up helping me but it was too early to have a beer so my fridge is still stocked!!
jeremiah, Well it might still be stocked up for now but you goiing to be away over the weekend I just might pop up and empty that fridge for ya ... :hysterical:
hows the computer running now ???
Now you have a good weekend dont over do it ... :hammy:
Paddy... :thumbsup:
Blimey Paddy, anyone would think you raving mad with alcohol ;)
jeremiah, are things better now?
SpyDie, Jeremiah is in London for the weekend our club is entered in the GAA International Seven a Side.
So I would think it will be Monday / Tuesday before he gets back to you .
Now I've just brought his son and mine down to the local driving range and Jeremiahs son tells me the computer is running a lot better .. now I see in his logfile there are still a few things he could do with out loading at startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Also he's missed these,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
Is there anything else you see he's does not need that will free up some resources...
Paddy... :wink:
Quote from: numbnuts on April 15, 2006, 02:54:53 PM
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
Only those two would need to go. The O2 entry is for SpyBot, it wont cause the computer to load any slower, course if he doesn't want it there anymore, no reason for it to stay,
That O8 & O9 entry are simply for Excel, they are merely for convenience...they, like the O2 entry, won't slow the computer at all.
numbnuts,
QuoteNow I've just brought his son and mine down to the local driving range
looks like the kids are learning fast :hysterical:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg226.imageshack.us%2Fimg226%2F6089%2Fdropinholesmwm1th.gif&hash=39c32597a84f6017277ea26b6a3e1f123f0b2bb1)
GR@PH;<'S :breakkie:
Hello folks. My p.c. is running a lot better but numbnuts has said its still needs a bit of fine tuning and a few bits of software. Thanks to graphics, corrine, spydie and numbnuts im a wee bit more computer literate as well. I dont think microsoft will be banging my door down but thanks for all your help :thumbsup:
jeremiah,
Good to see your PC is clean to help you keep it that way here are some programs
SpyBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
QuoteThe most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
and
IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm)
QuoteIE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.
also
CookieWall (http://www.analogx.com/contents/download/network/cookie.htm)
QuoteAnalogX CookieWall allows you to quickly and easily decide which cookies can stay on your system, and which cookies should go - once you let CookieWall know which ones are unwelcome, it does the rest. CookieWall can be configured to delete cookies as soon as they arrive, to notify you of any new ones, or just que them up for you to check out at a later date.
GR@PH;<'S :ok: