home search asistent log!!!

Question

CRIS_650510 0 Newbie Poster

20 Years Ago

this a lof from adware se 1.04 ok can u guys tell me what to do!!!!

Ad-Aware SE Build 1.04
Logfile Created on:Wednesday, September 08, 2004 3:25:28 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R7 06.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):105 total references
Other(TAC index:5):4 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

9-8-2004 3:25:28 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 520
ThreadCreationTime : 9-8-2004 9:34:32 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 9-8-2004 9:34:34 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 608
ThreadCreationTime : 9-8-2004 9:34:34 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 9-8-2004 9:34:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 9-8-2004 9:34:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 9-8-2004 9:34:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 864
ThreadCreationTime : 9-8-2004 9:34:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1160
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [navapsvc.exe]
FilePath : c:\Program Files\Norton AntiVirus\
ProcessID : 1276
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:12 [nprotect.exe]
FilePath : C:\Program Files\Norton Utilities\
ProcessID : 1288
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 15.0.0.20
ProductVersion : 15.0.0.20
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2001 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 9-8-2004 9:34:37 PM
BasePriority : Normal
FileVersion : 6.13.10.2880
ProductVersion : 6.13.10.2880
ProductName : NVIDIA Driver Helper Service, Version 28.80
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 28.80
InternalName : NVSVC
LegalCopyright : (c) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [ipka32.exe]
FilePath : C:\WINDOWS\
ProcessID : 1356
ThreadCreationTime : 9-8-2004 9:34:38 PM
BasePriority : Normal

CoolWebSearch Object Recognized!
Type : Process
Data : ipka32.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\

Warning! CoolWebSearch Object found in memory(C:\WINDOWS\ipka32.exe)

"C:\WINDOWS\ipka32.exe"Process terminated successfully
"C:\WINDOWS\ipka32.exe"Process terminated successfully

#:15 [tcpsvcs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1436
ThreadCreationTime : 9-8-2004 9:34:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Services Application
InternalName : TCPSVCS.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : TCPSVCS.EXE

#:16 [snmp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1448
ThreadCreationTime : 9-8-2004 9:34:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : SNMP Service
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : snmp.exe

#:17 [nopdb.exe]
FilePath : C:\Program Files\Speed Disk\
ProcessID : 1460
ThreadCreationTime : 9-8-2004 9:34:43 PM
BasePriority : Normal
FileVersion : 6.0.0.20
ProductVersion : 6.0.0.20
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (C) 2001
OriginalFilename : NOPDB.dll

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1512
ThreadCreationTime : 9-8-2004 9:34:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [uphclean.exe]
FilePath : C:\Program Files\UPHClean\
ProcessID : 1532
ThreadCreationTime : 9-8-2004 9:34:43 PM
BasePriority : Normal
FileVersion : 1.5.5.21
ProductVersion : 1.5e
ProductName : User Profile Hive Cleanup Service
CompanyName : Microsoft Corporation
FileDescription : User Profile Hive Cleanup Service
InternalName : UPHClean
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : uphclean.exe
Comments : Written by Robin Caron (rcaron@microsoft.com)

#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 132
ThreadCreationTime : 9-8-2004 9:35:02 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 108
ThreadCreationTime : 9-8-2004 9:35:53 PM
BasePriority : High

#:22 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 772
ThreadCreationTime : 9-8-2004 9:35:54 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:23 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 976
ThreadCreationTime : 9-8-2004 9:35:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:24 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1008
ThreadCreationTime : 9-8-2004 9:35:57 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [s3apphk.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 9-8-2004 9:35:57 PM
BasePriority : Normal

#:26 [rnathchk.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1252
ThreadCreationTime : 9-8-2004 9:35:58 PM
BasePriority : Normal
FileVersion : 7.0.0.1176
ProductVersion : 7.0.0.1176
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : rnathchk.EXE

#:27 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 1184
ThreadCreationTime : 9-8-2004 9:35:59 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:28 [ieqp32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1784
ThreadCreationTime : 9-8-2004 9:36:00 PM
BasePriority : Normal

CoolWebSearch Object Recognized!
Type : Process
Data : ieqp32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\

Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\ieqp32.exe)

"C:\WINDOWS\system32\ieqp32.exe"Process terminated successfully
"C:\WINDOWS\system32\ieqp32.exe"Process terminated successfully

#:29 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1860
ThreadCreationTime : 9-8-2004 9:36:05 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:30 [weather.exe]
FilePath : C:\PROGRA~1\AWS\WEATHE~1\
ProcessID : 1900
ThreadCreationTime : 9-8-2004 9:36:09 PM
BasePriority : Normal
FileVersion : 6, 3, 0, 1
ProductVersion : 6, 3, 0, 1
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2004
LegalTrademarks : WeatherBug
OriginalFilename : Weather.exe
Comments : World Largest Weather Network

#:31 [exec.exe]
FilePath : C:\Program Files\Netzero\
ProcessID : 1904
ThreadCreationTime : 9-8-2004 9:36:11 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.

#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 120
ThreadCreationTime : 9-8-2004 9:36:19 PM
BasePriority : Normal
FileVersion : 6.2.0137
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:33 [sgmain.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 380
ThreadCreationTime : 9-8-2004 9:36:26 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:34 [sgbhp.exe]
FilePath : C:\Program Files\SpywareGuard\
ProcessID : 492
ThreadCreationTime : 9-8-2004 9:36:36 PM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:35 [exec.exe]
FilePath : C:\Program Files\Netzero\
ProcessID : 2648
ThreadCreationTime : 9-8-2004 9:38:46 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.

#:36 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3576
ThreadCreationTime : 9-8-2004 9:41:17 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:37 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2900
ThreadCreationTime : 9-8-2004 10:24:25 PM
BasePriority : Normal
FileVersion : 6.2.0.200
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : CWS.FullSearch
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\o?’ŽrtñåÈ²$Ó

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : CWS.FullSearch
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\o?’ŽrtñåÈ²$Ó

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : CWS.FullSearch
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000\control

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 8

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "res://xfjwt.dll/index.html#37049"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://xfjwt.dll/index.html#37049"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "res://xfjwt.dll/index.html#37049"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://xfjwt.dll/index.html#37049"
Possible Browser Hijack attempt : S-1-5-21-270800707-1206608168-381150471-1003\Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "res://xfjwt.dll/index.html#37049"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-270800707-1206608168-381150471-1003\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://xfjwt.dll/index.html#37049"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 11

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email]owner@realmedia[1].txt[/email]
Category : Data Miner
Comment : 9-8-2004 3:13:26 PM
Value : Cookie:owner@realmedia.com/
Expires : 12-31-2010 5:00:00 PM
LastSync : 9-8-2004 3:13:26 PM
UseCount : 0
Hits : 12

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 12

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : addij32.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : bpplf.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : cxlsl.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : d3oe.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : dgnyj.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : dmcnh.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : dqvbm.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : exgar.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : gfvpx.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : gldtt.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : hyzit.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : kckym.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : kepxe.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : ltgmi.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : mvgax.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : ngaiz.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : nvmrr.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : nxian.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : ohvdg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : pjixx.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : qcfrw.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : qgfmg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : rcuet.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : sgghl.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : stsqh.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : adduv32.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : amjck.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : apixf.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : bdbox.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : cfrwm.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : cpnuy.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : dboxz.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : dcsne.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : enlfv.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : envmr.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : epxem.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : ercue.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : fqnvi.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : fxwuk.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : gexga.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : gfmgq.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : gghls.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : glrie.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : gnyjo.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : hfbbj.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : hqigj.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : hvdga.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : ihdtu.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : jfsvq.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : jrdhs.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : jstsq.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : jtfqn.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : kgldt.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : lfoan.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : lqjhb.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : lxirg.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : lyyje.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : mjckb.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : mnvgp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : nbdyl.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : nffes.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : nlfvx.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : oalhx.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : pdvke.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : plfoa.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : qbppl.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : qnvib.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : rkepg.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : rnxia.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : smyhq.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : sumax.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : tgmio.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : xbqpx.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : xfjwt.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : xodvs.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : xwukj.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : xzrrg.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : zoalh.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

CoolWebSearch Object Recognized!
Type : File
Data : szsrm.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : tfqnp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : tkcky.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : tnzfb.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : tszsr.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : vxnpv.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : wpsge.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : xlsle.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : xnpvg.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : yrxfs.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : yyjeb.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : zihdt.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : zrrgv.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

CoolWebSearch Object Recognized!
Type : File
Data : zsgvi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\local settings\temporary internet files\msft\images-sprem

CoolWebSearch Object Recognized!
Type : File
Data : up.gif
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\local settings\temporary internet files\msft\images-sprem\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 113

3:43:21 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:53.204
Objects scanned:162123
Objects identified:113
Objects ignored:0
New critical objects:113

windows-virus

3 Contributors
7 Replies
242 Views
5 Days Discussion Span
Latest Post 20 Years Ago Latest Post by Grinler

Grinler 2 Light Poster

20 Years Ago

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

dlh6213 27 Posting Maven

20 Years Ago

Regarding your Ad-Aware log, everything it found in that list can be fixed:

Scan with Ad-Aware again; when it's finished, right-click on the screen and and choose the Select All Objects option, and then click on the Next button. Ad-Aware will now present you with a confirmation box asking whether or not you would like to remove the objects you have just selected. If you would like to do so, click on the OK button, otherwise press the Cancel button to go back to the selection screen. If you press the OK button, Ad-Aware will move all the selected items into quarantine.

Grinler has an excellent link to an Ad-Aware tutorial in his signature, check it out.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Grinler 2 Light Poster · Answer 1 · 2004-09-10T18:53:57+00:00

Ad-aware unfortunately can not fix this particular infection. We will still need to see a hijackthis log and do a manual removal

CRIS_650510 0 Newbie Poster · Answer 2 · 2004-09-15T05:58:39+00:00

Logfile of HijackThis v1.98.1
Scan saved at 4:58:38 PM, on 9/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\atlgr.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3apphk.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ntec.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\thing\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cgpas.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cgpas.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cgpas.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cgpas.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7716D7E8-A15F-BA5D-A479-92B3FEBB1DF4} - C:\WINDOWS\javaqq32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [ntec.exe] C:\WINDOWS\system32\ntec.exe
O4 - HKLM\..\RunOnce: [atlgr.exe] C:\WINDOWS\atlgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.88 - http://63.99.211.85/Java/cs4ms088.cab
O16 - DPF: ChatSpace Java Client 2.1.0.88L - http://63.99.211.86/Java/cs4msl088.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28177.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/022b5c26785341664a21/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093654324591
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28177.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{533FB24D-6A02-4C7D-B754-D8E950E0B736}: NameServer = 64.136.28.120 64.136.20.120

Grinler 2 Light Poster · Answer 3 · 2004-09-15T06:05:13+00:00

The first thing I need you to do is download the file from here:

Getservices.zip - Get list of XP/2000/NT Services

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

dlh6213 27 Posting Maven Team Colleague · Answer 4 · 2004-09-15T16:55:14+00:00

Ad-aware unfortunately can not fix this particular infection. We will still need to see a hijackthis log and do a manual removal

Agreed; in his original post he had asked what was safe to delete from the Ad-Aware scan, so I was just responding to that.

At some point, Windows, Internet Explorer, and HiJackThis should all be updated.

Grinler 2 Light Poster · Answer 5 · 2004-09-15T20:12:49+00:00

This infections blocks updates, and there is nothing in 1.98.2 i need for this cleanup...will do all that after.