Please help me with my About:Blank hijack problem!

Forums: Computers
Email this Topic • Print this Page

I've somehow gotten the Coolwebsearch (not so cool, more like hellishly annoying) and about:blank issues. Each time I use Ad-aware to delete them they just come back and it is very annoying. I've heard that some of you here can help me. I sure hope so. I even qaurentined the files and they kept coming back. Please help Crying or Very sad

Here is one of my hijack this logfiles if you need it.

Logfile of HijackThis v1.97.7
Scan saved at 4:20:08 AM, on 6/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Easy Desktop Keeper\desksaver.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\FastLane\ARUpld32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aaron\My Documents\HijackThis.exe

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {067C7F6F-E112-4E8A-B7B1-053D1195F81C} - C:\WINDOWS\System32\gnaimge.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [00DSKSVR01] C:\Program Files\Easy Desktop Keeper\desksaver.exe
O4 - HKLM\..\Run: [00DSKSVR00] "C:\Program Files\Easy Desktop Keeper\desksaver.exe" saskda
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD1A84-948D-4B6C-BAFC-DF99DD908AEE}: NameServer = 207.217.126.81 207.217.77.82

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,073 • Replies: 7

No top replies

Ad-Aware logfile after a scan:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, June 20, 2004 4:28:22 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R319 15.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

6-20-2004 4:28:22 AM - Scan started. (Smart mode)

Listing running processes
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-19-2004 10:25:41 PM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-19-2004 10:25:50 PM
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-19-2004 10:25:51 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:56 AM
Last accessed : 6/20/2004 7:29:24 AM
Last modified : 8/18/2001 5:36:56 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-19-2004 10:25:51 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:48 AM
Last accessed : 6/20/2004 7:29:37 AM
Last modified : 8/18/2001 5:36:48 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-19-2004 10:25:53 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:58 AM
Last accessed : 6/20/2004 8:28:22 AM
Last modified : 8/18/2001 5:36:58 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:25:54 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:58 AM
Last accessed : 6/20/2004 8:28:22 AM
Last modified : 8/18/2001 5:36:58 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-19-2004 10:25:57 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:58 AM
Last accessed : 6/20/2004 7:29:44 AM
Last modified : 8/18/2001 5:36:58 AM

#:8 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ThreadCreationTime : 6-19-2004 10:26:02 PM
BasePriority : Normal
FileSize : 51 KB
FileVersion : 4.16.050
ProductVersion : 4.16.050 Windows NT 2002/04/24
Copyright : Copyright (c) 1998-2002 Macrovision Corp.
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
OriginalFilename : CDANTSRV.EXE
ProductName : SafeCast Windows NT
Created on : 3/29/2003 5:38:07 PM
Last accessed : 6/20/2004 7:29:21 AM
Last modified : 3/29/2003 5:38:07 PM

#:9 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 6-19-2004 10:26:03 PM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
Copyright : Copyright (C) Eastman Kodak Co. 2000-2003
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 6/18/2003 2:54:10 PM
Last accessed : 6/20/2004 7:29:31 AM
Last modified : 6/18/2003 2:54:10 PM

#:10 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 6-19-2004 10:26:03 PM
BasePriority : Normal
FileSize : 104 KB
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
Copyright : Copyright c 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
OriginalFilename : mcvsrte.exe
ProductName : McAfee VirusScan
Created on : 10/13/2003 2:57:29 PM
Last accessed : 6/20/2004 7:29:31 AM
Last modified : 8/8/2003 10:04:38 PM

#:11 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ThreadCreationTime : 6-19-2004 10:26:04 PM
BasePriority : Normal
FileSize : 180 KB
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
Copyright : Copyright c 2000,2001
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
OriginalFilename : MpfService.exe
ProductName : McAfee Personal Firewall
Created on : 8/13/2003 12:11:26 PM
Last accessed : 6/20/2004 7:29:33 AM
Last modified : 1/29/2003 9:30:58 PM

#:12 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:26:05 PM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 56.72
Created on : 3/24/2004 2:04:00 PM
Last accessed : 6/20/2004 7:29:38 AM
Last modified : 3/24/2004 2:04:00 PM

#:13 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:26:05 PM
BasePriority : Normal
FileSize : 177 KB
Created on : 2/4/2003 1:22:30 PM
Last accessed : 6/20/2004 7:29:42 AM
Last modified : 2/4/2003 1:22:30 PM

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:26:07 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:58 AM
Last accessed : 6/20/2004 8:28:22 AM
Last modified : 8/18/2001 5:36:58 AM

#:15 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-19-2004 10:26:10 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright c 2001 America Online, Inc.
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 8/12/2003 4:17:07 PM
Last accessed : 6/20/2004 8:28:23 AM
Last modified : 10/15/2002 7:37:50 PM

#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-19-2004 10:27:57 PM
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:44 AM
Last accessed : 6/20/2004 7:29:14 AM
Last modified : 8/18/2001 5:36:44 AM

#:17 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ThreadCreationTime : 6-19-2004 10:28:46 PM
BasePriority : Normal
FileSize : 240 KB
FileVersion : 4, 3, 0, 27
ProductVersion : 4, 3, 0, 0
Copyright : Copyright c 1998-2002 Networks Associates Technology, Inc.
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
OriginalFilename : mcagent.exe
ProductName : McAfee SecurityCenter
Created on : 12/19/2003 9:15:45 PM
Last accessed : 6/20/2004 7:29:15 AM
Last modified : 12/8/2003 8:38:52 PM

#:18 [conmgr.exe]
FilePath : C:\Program Files\EarthLink 5.0\
ThreadCreationTime : 6-19-2004 10:28:47 PM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 5.06.9
ProductVersion : 5.06.9
Copyright : Copyright c 1999-2001 EarthLink, Inc.
CompanyName : EarthLink, Inc.
FileDescription : Connection Manager COM Server
InternalName : CONMGR
ProductName : EarthLink 5.0
Created on : 8/7/2001 12:14:06 AM
Last accessed : 6/20/2004 7:29:15 AM
Last modified : 8/7/2001 12:14:06 AM

#:19 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ThreadCreationTime : 6-19-2004 10:28:49 PM
BasePriority : Normal
FileSize : 160 KB
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
Copyright : Copyright c 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
OriginalFilename : mcvsshld.exe
ProductName : McAfee VirusScan
Created on : 10/13/2003 2:57:30 PM
Last accessed : 6/20/2004 7:29:15 AM
Last modified : 8/18/2003 1:50:34 AM

#:20 [desksaver.exe]
FilePath : C:\Program Files\Easy Desktop Keeper\
ThreadCreationTime : 6-19-2004 10:28:49 PM
BasePriority : Normal
FileSize : 1160 KB
Created on : 1/23/2004 6:42:24 PM
Last accessed : 6/20/2004 7:29:15 AM
Last modified : 1/23/2004 6:42:24 PM

#:21 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 6-19-2004 10:28:52 PM
BasePriority : Normal
FileSize : 4568 KB
FileVersion : 6.1.0207
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 12/18/2003 5:02:22 AM
Last accessed : 6/20/2004 7:29:16 AM
Last modified : 12/18/2003 5:02:22 AM

#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:28:56 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:40 AM
Last accessed : 6/20/2004 7:29:16 AM
Last modified : 8/18/2001 5:36:40 AM

#:23 [taskpanl.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\
ThreadCreationTime : 6-19-2004 10:28:58 PM
BasePriority : Normal
FileSize : 312 KB
FileVersion : 2003.1.12.0
ProductVersion : 2003.1.12.0
Copyright : c EarthLink, Inc. All rights reserved.
CompanyName : EarthLink, Inc.
ProductName : EarthLink TotalAccess
Created on : 8/13/2002 12:53:32 PM
Last accessed : 6/20/2004 7:29:17 AM
Last modified : 8/13/2002 12:53:32 PM

#:24 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 6-19-2004 10:28:59 PM
BasePriority : Normal
FileSize : 408 KB
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
Copyright : Copyright c 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
OriginalFilename : mcvsescn.EXE
ProductName : McAfee VirusScan
Created on : 5/27/2004 8:29:23 PM
Last accessed : 6/20/2004 7:42:11 AM
Last modified : 4/28/2004 9:55:12 PM

#:25 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ThreadCreationTime : 6-19-2004 10:30:31 PM
BasePriority : Normal
FileSize : 216 KB
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
Copyright : Copyright c 1998-2003 Networks Associates Technology, Inc
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
OriginalFilename : mcvsftsn.EXE
ProductName : McAfee VirusScan
Created on : 10/13/2003 2:57:52 PM
Last accessed : 6/20/2004 8:28:24 AM
Last modified : 9/29/2003 7:38:16 PM

#:26 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 6-19-2004 10:30:40 PM
BasePriority : Normal
FileSize : 1052 KB
FileVersion : 4.0.0155
ProductVersion : Version 4.0
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 9/5/2001 3:09:14 AM
Last accessed : 6/20/2004 8:28:24 AM
Last modified : 8/2/2001 2:14:34 PM

#:27 [arupld32.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\FastLane\
ThreadCreationTime : 6-19-2004 10:31:51 PM
BasePriority : Normal
FileSize : 241 KB
FileVersion : 4.2.1.71
ProductVersion : 4.2.1.71
Copyright : Copyright c 1996-1999 Inverse Network Technology
CompanyName : Inverse Network Technology
FileDescription : History Uploader
InternalName : ARUpld32
OriginalFilename : ARUpld32.exe
ProductName : Inverse IP InSight
Created on : 9/17/1999 2:13:04 AM
Last accessed : 6/20/2004 8:28:25 AM
Last modified : 9/17/1999 2:13:04 AM

#:28 [conime.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-19-2004 10:31:58 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Console IME
InternalName : Console
OriginalFilename : CONIME.EXE
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:40 AM
Last accessed : 6/20/2004 8:28:25 AM
Last modified : 8/18/2001 5:36:40 AM

#:29 [aim.exe]
FilePath : C:\Program Files\AIM95\
ThreadCreationTime : 6-20-2004 12:16:09 AM
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.5.3595
ProductVersion : 5.5.3595
Copyright : Copyright c 1996-2004 America Online, Inc.
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
OriginalFilename : AIM.EXE
ProductName : AOL Instant Messenger
Created on : 3/4/2003 12:01:41 AM
Last accessed : 6/20/2004 8:28:25 AM
Last modified : 4/27/2004 10:18:34 PM

#:30 [ypager.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ThreadCreationTime : 6-20-2004 5:59:21 AM
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 5, 6, 0, 1347
ProductVersion : 5, 6, 0, 1347
Copyright : Copyright 1998-2003
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
OriginalFilename : YPager.exe
ProductName : Yahoo! Messenger
Created on : 9/7/2003 11:14:30 PM
Last accessed : 6/20/2004 7:29:16 AM
Last modified : 8/29/2003 4:31:04 PM

#:31 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-20-2004 6:07:21 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : c Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : MicrosoftR WindowsR Operating System
Created on : 8/18/2001 5:36:46 AM
Last accessed : 6/20/2004 7:43:07 AM
Last modified : 8/18/2001 5:36:46 AM

#:32 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 6-20-2004 8:27:50 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright c Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/18/2004 3:34:11 AM
Last accessed : 6/20/2004 8:00:51 AM
Last modified : 7/13/2003 1:00:20 AM

Memory scan result :
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
New objects : 0
Objects found so far: 0

Started registry scan
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
New objects : 1
Objects found so far: 1

Started deep registry scan
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\DOCUME~1\Aaron\LOCALS~1\Temp\sp.html"

Deep registry scan result :
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
New objects : 8
Objects found so far: 9

ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

Tracking Cookie Object recognized!
Type : File
Data : aaron@0[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 6:02:16 AM
Last accessed : 6/20/2004 8:31:35 AM
Last modified : 6/20/2004 6:02:21 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@0[3].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:54:19 AM
Last accessed : 6/20/2004 8:31:36 AM
Last modified : 6/20/2004 5:54:19 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@adrevolver[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:57:01 AM
Last accessed : 6/20/2004 8:31:36 AM
Last modified : 6/20/2004 5:57:01 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@advertising[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 4:53:18 AM
Last accessed : 6/20/2004 8:31:37 AM
Last modified : 6/20/2004 4:53:18 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@atdmt[2].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 5:12:47 AM
Last accessed : 6/20/2004 8:14:36 AM
Last modified : 6/19/2004 5:12:47 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@bluestreak[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:58:37 AM
Last accessed : 6/20/2004 8:31:37 AM
Last modified : 6/20/2004 5:58:37 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@bravenet[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 3:50:47 AM
Last accessed : 6/20/2004 8:31:37 AM
Last modified : 6/20/2004 3:50:47 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@centrport[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 12:29:53 AM
Last accessed : 6/20/2004 8:31:38 AM
Last modified : 6/20/2004 12:29:53 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@doubleclick[2].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 6:16:30 AM
Last accessed : 6/20/2004 8:02:30 AM
Last modified : 6/19/2004 6:22:11 AM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 7:18:37 AM
Last accessed : 6/20/2004 8:31:38 AM
Last modified : 6/20/2004 7:18:37 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@euniverseads[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:57:40 AM
Last accessed : 6/20/2004 8:31:38 AM
Last modified : 6/20/2004 6:02:56 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@fastclick[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 8:16:10 AM
Last accessed : 6/20/2004 8:16:10 AM
Last modified : 6/20/2004 8:16:10 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@gator[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 5:20:36 PM
Last accessed : 6/20/2004 8:31:39 AM
Last modified : 6/19/2004 5:20:36 PM

Tracking Cookie Object recognized!
Type : File
Data : aaron@mediaplex[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 10:57:36 PM
Last accessed : 6/20/2004 8:31:39 AM
Last modified : 6/19/2004 10:57:36 PM

Tracking Cookie Object recognized!
Type : File
Data : aaron@questionmarket[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 12:24:48 AM
Last accessed : 6/20/2004 8:04:38 AM
Last modified : 6/20/2004 5:59:36 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@realmedia[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:25:18 AM
Last accessed : 6/20/2004 8:31:40 AM
Last modified : 6/20/2004 5:25:18 AM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 6:47:24 AM
Last accessed : 6/20/2004 8:31:40 AM
Last modified : 6/19/2004 6:47:25 AM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\
FileSize : 2 KB
Created on : 6/19/2004 8:58:13 AM
Last accessed : 6/20/2004 8:31:40 AM
Last modified : 6/20/2004 6:05:12 AM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 5:17:33 PM
Last accessed : 6/20/2004 8:31:41 AM
Last modified : 6/19/2004 5:17:33 PM

Tracking Cookie Object recognized!
Type : File
Data : aaron@targetnet[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 5:54:16 AM
Last accessed : 6/20/2004 8:31:41 AM
Last modified : 6/20/2004 5:54:35 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@trafficmp[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 12:41:21 AM
Last accessed : 6/20/2004 8:31:41 AM
Last modified : 6/20/2004 12:41:21 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@tribalfusion[2].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/20/2004 8:14:36 AM
Last accessed : 6/20/2004 8:14:36 AM
Last modified : 6/20/2004 8:14:36 AM

Tracking Cookie Object recognized!
Type : File
Data : [email protected][2].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 6:46:30 AM
Last accessed : 6/20/2004 8:31:44 AM
Last modified : 6/20/2004 5:54:37 AM

Tracking Cookie Object recognized!
Type : File
Data : aaron@zedo[1].txt
Object : C:\Documents and Settings\Aaron\Application Data\Earthlink\6.0\[email protected]\Cookies\

Created on : 6/19/2004 5:45:31 PM
Last accessed : 6/20/2004 8:31:44 AM
Last modified : 6/19/2004 5:45:35 PM

ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

Deep scanning and examining files (C Smile

ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

Performing conditional scans..
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout

CoolWebSearch Object recognized!
Type : File
Data : sp.html
Object : c:\docume~1\aaron\locals~1\temp\
FileSize : 7 KB
Created on : 6/19/2004 4:33:40 AM
Last accessed : 6/20/2004 8:19:10 AM
Last modified : 6/20/2004 8:19:10 AM

Conditional scan result:
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
New objects : 4
Objects found so far: 37

4:32:53 AM Scan complete

Summary of this scan
ｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯｯ
Total scanning time :00:04:25:375
Objects scanned :49164
Objects identified :37
Objects ignored :0
New objects :37

0 Replies

HijackThis log after ad-aware erased the files(although they'll be back in 5 minutes):

Logfile of HijackThis v1.97.7
Scan saved at 4:42:33 AM, on 6/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Easy Desktop Keeper\desksaver.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\FastLane\ARUpld32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Aaron\My Documents\HijackThis.exe

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {067C7F6F-E112-4E8A-B7B1-053D1195F81C} - C:\WINDOWS\System32\gnaimge.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [00DSKSVR01] C:\Program Files\Easy Desktop Keeper\desksaver.exe
O4 - HKLM\..\Run: [00DSKSVR00] "C:\Program Files\Easy Desktop Keeper\desksaver.exe" saskda
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD1A84-948D-4B6C-BAFC-DF99DD908AEE}: NameServer = 207.217.126.81 207.217.77.82

0 Replies

Download, update and run
CWShredder
Click Fix, don't just scan. Let it fix everything it asks about.

Post a fresh log after rebooting.

0 Replies

It didn't find anything, it just kept saying "Not Present."

Logfile of HijackThis v1.97.7
Scan saved at 5:54:44 PM, on 6/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\WINDOWS\System32\CTFMON.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\ARUpld32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aaron\My Documents\HijackThis.exe

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E094ADAC-6A75-42B4-B363-9E4C6B838F1E} - C:\WINDOWS\System32\gnaimge.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [00DSKSVR01] C:\Program Files\Easy Desktop Keeper\desksaver.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [00DSKSVR00] "C:\Program Files\Easy Desktop Keeper\desksaver.exe" saskda
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD1A84-948D-4B6C-BAFC-DF99DD908AEE}: NameServer = 207.217.126.81 207.217.77.82

0 Replies

Go to Add/Remove in your control panel and remove Myway then post a fresh log.

0 Replies

Logfile of HijackThis v1.97.7
Scan saved at 3:25:25 PM, on 6/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\WINDOWS\System32\CTFMON.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\conime.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\EarthLink TotalAccess\FastLane\ARUpld32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aaron\My Documents\HijackThis.exe

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E094ADAC-6A75-42B4-B363-9E4C6B838F1E} - C:\WINDOWS\System32\gnaimge.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [00DSKSVR01] C:\Program Files\Easy Desktop Keeper\desksaver.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [00DSKSVR00] "C:\Program Files\Easy Desktop Keeper\desksaver.exe" saskda
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDD1A84-948D-4B6C-BAFC-DF99DD908AEE}: NameServer = 207.217.126.81 207.217.77.82

0 Replies

Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked'

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=

O2 - BHO: (no name) - {E094ADAC-6A75-42B4-B363-9E4C6B838F1E} - C:\WINDOWS\System32\gnaimge.dll

Go to Windows Update and scan then download ALL of the critical updates.

0 Replies

Please help me with my About:Blank hijack problem!

Related Topics

Quick Links

My Account

able2know