Infected, will not complete bitdefender scan.

Ad-Aware

Ad-Aware log

Ad-Aware


Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, February 02, 2007 7:28:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R148 29.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):2 total references
MRU List(TAC index:0):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R148 29.01.2007
Internal build : 185
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 963760 Bytes
Total size : 3144285 Bytes
Signature data size : 3094358 Bytes
Reference data size : 49415 Bytes
Signatures total : 83473
CSI Fingerprints total : 5528
CSI data size : 258028 Bytes
Target categories : 15
Target families : 1022


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:18 %
Total physical memory:261616 kb
Available physical memory:46700 kb
Total page file size:632260 kb
Available on page file:381504 kb
Total virtual memory:2097024 kb
Available virtual memory:2038480 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Let Windows remove files in use at next reboot
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


02-02-2007 7:28:45 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-527237240-1580818891-854245398-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 02-03-2007 12:53:02 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 02-03-2007 12:53:04 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 02-03-2007 12:53:04 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 02-03-2007 12:53:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 02-03-2007 12:53:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 02-03-2007 12:53:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 02-03-2007 12:53:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 856
ThreadCreationTime : 02-03-2007 12:53:08 AM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 02-03-2007 12:53:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 936
ThreadCreationTime : 02-03-2007 12:53:09 AM
BasePriority : Normal
FileVersion : 4, 3, 12, 0
ProductVersion : 4, 3, 12, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 02-03-2007 12:53:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1112
ThreadCreationTime : 02-03-2007 12:53:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1204
ThreadCreationTime : 02-03-2007 12:53:16 AM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal


#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1244
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1388
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:17 [sched.exe]
FilePath : C:\Program Files\AntiVir PersonalEdition Classic\
ProcessID : 1408
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal


#:18 [avguard.exe]
FilePath : C:\Program Files\AntiVir PersonalEdition Classic\
ProcessID : 1440
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal


#:19 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1464
ThreadCreationTime : 02-03-2007 12:53:17 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:20 [pctspk.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1564
ThreadCreationTime : 02-03-2007 12:53:19 AM
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : PCTSPK.EXE
CompanyName : PCtel, Inc.
FileDescription : PCTSPK.EXE
InternalName : PCTSPK.EXE
LegalCopyright : Copyright (C)PCtel,Inc. 1999-2000
OriginalFilename : PCTSPK.EXE

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1616
ThreadCreationTime : 02-03-2007 12:53:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1644
ThreadCreationTime : 02-03-2007 12:53:20 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1980
ThreadCreationTime : 02-03-2007 12:53:24 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [dmadmin.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2036
ThreadCreationTime : 02-03-2007 12:53:25 AM
BasePriority : Normal
FileVersion : 2600.2180.503.0
ProductVersion : 1.0
ProductName : Logical Disk Manager for Windows NT
CompanyName : Microsoft Corp., Veritas Software
FileDescription : Logical Disk Manager service process
InternalName : dmadmin
LegalCopyright : Copyright © 1985-2000 Microsoft Corporation. All rights reserved.
Portions Copyright © 1997-2000 Veritas Software. All rights reserved.
OriginalFilename : dmadmin.exe

#:25 [avgnt.exe]
FilePath : C:\Program Files\AntiVir PersonalEdition Classic\
ProcessID : 2228
ThreadCreationTime : 02-03-2007 12:53:54 AM
BasePriority : Normal


#:26 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 2292
ThreadCreationTime : 02-03-2007 12:54:04 AM
BasePriority : Normal
FileVersion : 3.09.9 (10-October-2006)
ProductVersion : 3.09.9 (10-October-2006)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe

#:27 [bartshel.exe]
FilePath : C:\Program Files\PeoplePC\ISP6330\Browser\
ProcessID : 2680
ThreadCreationTime : 02-03-2007 12:54:53 AM
BasePriority : Normal
FileVersion : 6, 3, 1, 285
ProductVersion : 6, 3, 0, 0
ProductName : PeoplePC BartShell Module
CompanyName : PeoplePC
FileDescription : BartShell Module
InternalName : BartShell
LegalCopyright : Copyright © 2006 PeoplePC
OriginalFilename : BartShel.exe

#:28 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2736
ThreadCreationTime : 02-03-2007 12:54:57 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:29 [ppshared.exe]
FilePath : C:\PROGRA~1\PeoplePC\ISP6330\Browser\
ProcessID : 2780
ThreadCreationTime : 02-03-2007 12:55:09 AM
BasePriority : Normal
FileVersion : 6, 3, 1, 6
ProductVersion : 6, 3, 0, 0
ProductName : PPShared Module
CompanyName : PeoplePC
FileDescription : PPShared Module
InternalName : PPShared
LegalCopyright : Copyright © 2006 PeoplePC
OriginalFilename : PPShared.EXE

#:30 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2456
ThreadCreationTime : 02-03-2007 1:27:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2972
ThreadCreationTime : 02-03-2007 1:28:30 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 22


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : AutoSearch

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 23

7:43:36 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:51.51
Objects scanned:172759
Objects identified:2
Objects ignored:0
New critical objects:2
------------------------------------------------------------------

 

Idea's on Reply #17?

What are your thoughts on my "More Problems in Rookieville" (#17) post?

Another log file for you to look at. This one is from AVG AntiSpyware, from two days ago.

Please delete out these log files if you want. I have them saved. Getting to be a lot of them now.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:41:21 PM 2/1/2007

+ Scan result:



HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.
C:\System Volume Information\_restore{6D3B7305-3D9E-4593-B9AA-F7F4D457BBF7}\RP9\A0000239.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D3B7305-3D9E-4593-B9AA-F7F4D457BBF7}\RP7\A0000171.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
C:\Documents and Settings\~Molly~.TOM-YOSR5ON4G7V\Cookies\~molly~@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~Molly~.TOM-YOSR5ON4G7V\Cookies\~molly~@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

Well I'm not seeing anything in those logs to indicate any problems, everything presented is fine.

The 'critical' objects found with Ad-Aware are not critical at all.

Btw, your Ad-Aware definitions are a month out of date, I suggest updating and re-scan, letting it quarantine all thats found.

No need to post the log tho.

I'm going to look thru this thread tonite and the one over at AUMHA to get a better idea of what has been done here, it's gotten a bit confusing.

 

none

It's odd you would say my Ad-Aware versions are that old. I updated before I ran ran the program. There is a chance that I posted the wrong file.

I will check back today from time to time today and look forward to hearing more from you tomorrow, good luck with deciphering everything.

Thanks Again.

 

Alas, I mis-read the defs, they are the latest ones.

I'll be out most of the day and won't have a chance to review the other thread until tonite, thanks for being patient.

 

Any thoughts?

Hey TeMerc, any thoughts on this bugger? I am heading off to work, will check back at about 9 pm your time.

Thanks and Good Luck.

 

Sorry I had to back burner this for a bit, I have been working on some intensive things here at home which required my attention and didn't have enough time to sit and read both of these threads in sequence.

Have you gotten all the user problems figured out yet? Data saved, users deleted and all that?

And the issue we're currently having here is one of safe mode access to run the second part of SmithFraud Fix??

Have you tried that again? Download a fresh copy as that tool has been updated several times since we began

I am not seeing much of any infections here to speak of.

Let me know about the above things.

 

none

Hey don't worry about it. I didn't mean to push ya, just would like to get this thing set up so that I am the only one at the controls. Ya, I was probably a little impatient.

We kinda left off with me having trouble with Safe Mode. I did try SmithFraud once again over the weekend, (still no "Tom ", I only see "Administrator" and "Sue" as options for sign in). It locked up again.

I also am running AVG Antispyware 7.5 and am using AVG Free as a scan only Anti Virus. I had it as a primary for a while. Went back to AntiVir. AntiVir detected a virus pretty much right away. AVG Free hadn't detected any. 'should tell ya that AntiVir, every once in a while will pop up with a virus notice. It did one time when I was (or thought I was) off line. I ran a lot of scan tools over the weekend and had a lot of detections. There are 11 items in the AVG 7.5 quarantine file right now. Things seem a little more stable now.

Here is a summery of unresolved issues from the post at AumHa.

No fixes yet to my "user" issues. The other three can't use their desktops. They can't access their files unless they are logged in as "Adm.'s ". Then there is the whole issue with the number of times we are listed under
Documents and Settings.
My daughter is listed three times.
Example.
C:\documents and setting\~Molly~
C:\documents and setting\~Molly~.Tom-XXXXXXXXXXX,
C:\documents and setting\Molly

My wife only once,
C:\documents and setting\Sue.Tom-XXXXXXXXXXXX

I am listed Three times
C:\documents and setting\Tom
C:\documents and setting\Tom.Tom-XXXXXXXXXXX,
C:\documents and setting\Tom~1~Tom

My son, twice
C:\documents and setting\Bulldog
C:\documents and setting\Bulldog.Tom-XXXXXXXXXXX,

Then there is this.........
I was given some bad advice to remove a user name, Bulldog, and his password and assign a new identity and password. I did this. I assigned the name "Matthew" and a new password. (I have since removed all passwords) The login page changed "Bulldog" to "Matthewâ€. But when I launch Windows Explorer under Documents and Settings I do not see "Matthew ". I still see "Bulldog ". The OS simply inserted a sub folder under C:\Documents and Settings\Bulldog, called "Matthews Documents ". If you are still with me that should get you up to speed.

I guess I didn't want to get into all of that here originally. My thinking was that maybe just cleaning things up would go a long way to solving those problems and if not, I could make another post addressing those issues. The issue with Safe Mode is a new one. I do use Safe Mode to run Defragmenter. As I have problems with it hanging up in regular mode from time to time.

I appreciate the help.
Thanks and Good Luck.

 

Smithfraud

I wasn't sure if the link in post #14 would give me the latest version of Smitfraud, so I did a dogpile search to try and find the latest version. The search turned up some scary stuff about Smitfraud. Are these people talking about the same program we are using here?
http://www.smitfraud-removal.com.removal-instructions.com/removeSmitfraud.html

If not will the link in post #14 give me the latest version?

Thanks and Good Luck

 

Do not use any links other than the one I provided. That other link is so badly outdated its not even funny.

You can view the files listed and changelog from the creator of SmitfraudFix homepage here. As you can see the list which is on the other page you found is minuscule.

 

Smitfraud again

Smitfraud, Should I try to uninstal the version I have now before I proceed with the new download?

 

Yes remove the old one, we're having too many residuall problems on this machine for me to trust the old.

 

Smitfraud Removal.

I'm not quite sure how to proceed with the removal of Smitfraud. It is not listed in either Romoval Tools and has no uninstall option in its program. Should I down load the tool located on this on this page?

http://www.smitfraud-removal.com.removal-instructions.com/removeSmitfraud.html

Thanks and Good Luck.

 

There should be a folder on your desktop, along with the exe you DLed earlier. And as I said earlier, use the link I provided and no other links.

 

Smitfraud Fix and HJT results.

I did manage to get Smitfraud Fix to update and ran it in Safe Mode. My latest version is 2.141.

I also did manage to log into SM as "Tom ". SM did seem kinda shakey. And on the first reboot the whole system was kinda shakey, so I rebooted again and it seems better now. One note, after answering "Yes" to cleaning the Registry, "Windows Disk Clean Up" openned. It took a while and then finnished. One other note, I no longer have wallpaper on my desktop. It is just Blue.

Smitfraud log
SmitFraudFix v2.141

Scan done at 8:56:12.69, 02/08/2007
Run from C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 9:39:56 AM, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127009900075
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127009730551
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/LCX/LCX-15MT_360/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

I just want to thank you VERY MUCH. I know I am an impatient sort of guy and I realize it must be frustrating for you to work with someone like me who has such little knowledge and comprehension for this kinda stuff.

Good Luck.

 

Ok, the log looks good, except for one minor entry to fix.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

O20 - AppInit_DLLs:


Reboot, run HJT, if the above are gone, no need to repost with new log.

For the desktot, try this:
:arrow: Reboot, run HJT, if the above are gone, no need to repost with new log.
Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security" or similar. Select that entry and click the "Delete" button. Click OK then Apply and OK. That should get rid of it.

 

Search HJT for more than one line?

You seem to refer to more than one line to check for in HJT. I only see one entry to look for. Is that the only one of concern?

 

Just the one 020 entry is all.

 

020 - AppInit_DLLs

020 - AppInit_DLLs was present. But she's gone now. I did get an error message when I clicked to fix it. I should have written it down but it said it was going to "save" the message. Well, I couldn't find it anywhere, even did a scan for a hijackthis.txt.. No results were found. I did a reboot and ran another scan and the above entry was gone. Thank You.

What can I do about the issues I am having with my users? I checked and at least one of the limited users still can not access his documents. Could it be a problem with my Hard Drive or other hardware? What is your opinion on why the users are listed under Documents and Settings the way they are?

I also have to clean up my running process and my start up items. My desktop takes forever to load. How are those two different? I know I want to stop one of my Anti virus programs form loading at start up along with MS Messenger, there are others.

Thanks Again!

 

That error message is normal, HJT spits it out when deleting those entries occasionally.

This issue is best handled over in the Windows XP forum.

For tracking down which apps need to start and which don't you can use this site for that:
AnswersThatWork
Just go to the appropriate letter, and search for the process/exe, they will give good detailed info regarding it, we use it quite often. If you can't find it there, then use Google.

And then as a great start up manager, use WinPatrol v10.0.5.0.