Clever Spyware?
waller
Join Date: 2004-04-28 Member: 28281Members
Join Date: 2004-04-28 Member: 28281Members
<div class="IPBDescription">........</div> Ok, i went on a website A porn one....
And downloaded a video.
I've got some spyware, or at least what i think is spyware, and i've ran spybot s & d, along with ad aware 6.0 professional. that removed some of the psyware, but the tool bar at the top of my IE still exists.
I've done all in mine and friends power to get rid of this but this toolbar, just wont go! I've also got something trying to change my registry settings, which i cannot stop either. If anyone can shed any light on this i would be very greatful
ScreenShot
<span style='color:red'>*NUKED.*</span>
Thanks
~Waller
--edits+again--
Here's the ad aware log if it's any help to anyone
<!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
Lavasoft Ad-aware Professional Build 158
Logfile created on :31 July 2004 19:01:12
Using reference-file :01R04 27.01.2003
__________________________________________________ ____
Ad-aware Settings
=========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 31-07-2004 08:15:44
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:13
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:51:42
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:15:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 31-07-2004 08:15:51
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:51:32
Last accessed : 31/07/2004 17:55:17
Last modified : 18/08/2001 12:00:00
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:51
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:18
Last accessed : 31/07/2004 18:01:13
Last modified : 18/08/2001 12:00:00
#:9 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 360 KB
Created on : 27/07/2004 08:22:10
Last accessed : 31/07/2004 18:01:13
Last modified : 10/09/2002 20:26:26
#:10 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 96 KB
FileVersion : 5.6.2.1058
ProductVersion : 5.6.2.1058
Copyright : (c) 1996-2001 Labtec. All rights reserved.
CompanyName : Labtec
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Labtec WebCam
Created on : 30/07/2004 15:42:06
Last accessed : 31/07/2004 18:01:13
Last modified : 13/11/2001 14:43:40
#:11 [steam.exe]
FilePath : C:\Program Files\Valve\Steam\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 1176 KB
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
Copyright : Copyright 2000-2003 Valve Corporation All rights reserved.
CompanyName : Valve Corporation
FileDescription : Steam
OriginalFilename : Steam.exe
ProductName : Steam
Created on : 30/07/2004 12:39:55
Last accessed : 31/07/2004 18:01:13
Last modified : 30/07/2004 12:40:45
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:16:00
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:13 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:17:34
BasePriority : Normal
FileSize : 109 KB
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:08:30
Last accessed : 31/07/2004 18:01:13
Last modified : 18/08/2001 12:00:00
#:14 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 31-07-2004 17:43:28
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 31/07/2004 17:43:20
Last accessed : 31/07/2004 17:43:28
Last modified : 31/07/2004 17:43:20
#:15 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 31-07-2004 17:43:31
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 28/05/2004 14:22:04
Last accessed : 31/07/2004 17:33:02
Last modified : 28/05/2004 14:22:04
#:16 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 31-07-2004 17:43:54
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:11:20
Last accessed : 31/07/2004 17:47:45
Last modified : 18/08/2001 12:00:00
#:17 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 31-07-2004 17:44:23
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:11:20
Last accessed : 31/07/2004 17:47:45
Last modified : 18/08/2001 12:00:00
#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 31-07-2004 18:01:01
BasePriority : Normal
FileSize : 760 KB
FileVersion : 6.0.1.158
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Professional
Created on : 31/07/2004 18:00:55
Last accessed : 31/07/2004 18:00:56
Last modified : 27/01/2003 09:42:22
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1
19:01:47 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:34:797
Objects scanned :9841
Objects identified :1
Objects ignored :0
New objects :1
<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->
And downloaded a video.
I've got some spyware, or at least what i think is spyware, and i've ran spybot s & d, along with ad aware 6.0 professional. that removed some of the psyware, but the tool bar at the top of my IE still exists.
I've done all in mine and friends power to get rid of this but this toolbar, just wont go! I've also got something trying to change my registry settings, which i cannot stop either. If anyone can shed any light on this i would be very greatful
ScreenShot
<span style='color:red'>*NUKED.*</span>
Thanks
~Waller
--edits+again--
Here's the ad aware log if it's any help to anyone
<!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
Lavasoft Ad-aware Professional Build 158
Logfile created on :31 July 2004 19:01:12
Using reference-file :01R04 27.01.2003
__________________________________________________ ____
Ad-aware Settings
=========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 31-07-2004 08:15:44
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:13
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:47
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:51:42
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:15:48
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 31-07-2004 08:15:51
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:51:32
Last accessed : 31/07/2004 17:55:17
Last modified : 18/08/2001 12:00:00
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 31-07-2004 08:15:51
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:18
Last accessed : 31/07/2004 18:01:13
Last modified : 18/08/2001 12:00:00
#:9 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 360 KB
Created on : 27/07/2004 08:22:10
Last accessed : 31/07/2004 18:01:13
Last modified : 10/09/2002 20:26:26
#:10 [lvcoms.exe]
FilePath : C:\Program Files\Common Files\Logitech\QCDriver\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 96 KB
FileVersion : 5.6.2.1058
ProductVersion : 5.6.2.1058
Copyright : (c) 1996-2001 Labtec. All rights reserved.
CompanyName : Labtec
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Labtec WebCam
Created on : 30/07/2004 15:42:06
Last accessed : 31/07/2004 18:01:13
Last modified : 13/11/2001 14:43:40
#:11 [steam.exe]
FilePath : C:\Program Files\Valve\Steam\
ThreadCreationTime : 31-07-2004 08:15:52
BasePriority : Normal
FileSize : 1176 KB
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
Copyright : Copyright 2000-2003 Valve Corporation All rights reserved.
CompanyName : Valve Corporation
FileDescription : Steam
OriginalFilename : Steam.exe
ProductName : Steam
Created on : 30/07/2004 12:39:55
Last accessed : 31/07/2004 18:01:13
Last modified : 30/07/2004 12:40:45
#:12 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:16:00
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 08:52:23
Last accessed : 31/07/2004 18:01:12
Last modified : 18/08/2001 12:00:00
#:13 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 31-07-2004 08:17:34
BasePriority : Normal
FileSize : 109 KB
FileVersion : 5.4.2600.0 (XPClient.010817-1148)
ProductVersion : 5.4.2600.0
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:08:30
Last accessed : 31/07/2004 18:01:13
Last modified : 18/08/2001 12:00:00
#:14 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 31-07-2004 17:43:28
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 31/07/2004 17:43:20
Last accessed : 31/07/2004 17:43:28
Last modified : 31/07/2004 17:43:20
#:15 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 31-07-2004 17:43:31
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 28/05/2004 14:22:04
Last accessed : 31/07/2004 17:33:02
Last modified : 28/05/2004 14:22:04
#:16 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 31-07-2004 17:43:54
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:11:20
Last accessed : 31/07/2004 17:47:45
Last modified : 18/08/2001 12:00:00
#:17 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 31-07-2004 17:44:23
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows Operating System
Created on : 25/09/2001 01:11:20
Last accessed : 31/07/2004 17:47:45
Last modified : 18/08/2001 12:00:00
#:18 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 31-07-2004 18:01:01
BasePriority : Normal
FileSize : 760 KB
FileVersion : 6.0.1.158
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Professional
Created on : 31/07/2004 18:00:55
Last accessed : 31/07/2004 18:00:56
Last modified : 27/01/2003 09:42:22
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1
19:01:47 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:00:34:797
Objects scanned :9841
Objects identified :1
Objects ignored :0
New objects :1
<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->
This discussion has been closed.
Comments
If it was spyware from NS, perhaps.. but sorry.
I'm trying to be nice, Nem. Don't lock it just yet!
If a mod see's this please move it to where ever it should be i don't want it locked as i really want to fix this <!--emo&???--><img src='http://www.unknownworlds.com/forums/html//emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif' /><!--endemo-->
Screenshot : <a href='http://gamesxposed.com/upload/image....1091300169.jpg' target='_blank'>http://gamesxposed.com/upload/image....1091300169.jpg</a>
Anyhow, a few things:
-Have you tried running Ad Aware's webUpdate?
-Have you noticed any new software installations (under Add/Remove Programs)?
-Have you noticed any strange or out-of-place folders or files on your hard drive?
I'm not a noob...
'Cause i got mine from downloading things out of the members only area at jadafox.com.
--------Edits
CastDumb.exe cannot be deleted.
<!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->
Logfile of HijackThis v1.97.7
Scan saved at 21:31:48, on 31/07/2004
Platform: Windows XP ?(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Waller\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.natural-selection.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zupdbhraeroxmbojiuu.net/v3fAA2U24KiXWfSEfxrk3GnN2n1DtGUFNwY8SgqF9wgKOkfRl00/qwdVkaV1vqWI.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C46B2115-7A27-F7EA-122E-A797B4E3C233} - C:\PROGRA~1\MeowAxis\CastDumb.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [fastprogram] C:\PROGRA~1\Help Mpeg Hole\wipe spam.exe
O4 - HKLM\..\Run: [Amok tray knob deaf] C:\Documents and Settings\All Users\Application Data\meow grim amok tray\proc dent.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->
?
And yes i have resently instaled MSNPlus. I suppose this is what i get for just hitting NEXT > as fast as i can.... <!--emo&???--><img src='http://www.unknownworlds.com/forums/html//emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif' /><!--endemo-->
Thanks for your help, i owe ya one.
---Edits, seems like the porn had nothing to do with it...
That was embarrising..
But it's a good pay site <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html//emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /><!--endemo-->
You might want to remove that link before some ones parents find it <!--emo&???--><img src='http://www.unknownworlds.com/forums/html//emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif' /><!--endemo-->
Other then that if you pay them and they gave you a *insert malicious program* that would be silly <!--emo&::nerdy::--><img src='http://www.unknownworlds.com/forums/html//emoticons/nerd.gif' border='0' style='vertical-align:middle' alt='nerd.gif' /><!--endemo-->
C:\WINDOWS\System32\wuauclt.exe
Try using msconfig to stop it from running?
(Keep in mind I likely have no idea what I'm talking about)
I made it so msconfig opens up right when I boot up my PC, so I can always check and make sure nothing more than I want is running. It's a pretty simple way to check for malicious software.
And downloaded a video. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
nce start. mae me stop reading.
<span style='color:red'>*LOCKED.*</span>