home page hijacking by coolsearcher.net, please help.

[bruce bailey]

What I did when I got HJed is install RegCleaner (Free) and delete to back-up any suspicious program. Then I went to the start-up folder in RC and sent suspicious items to the back-up folder (so I could easily put them back if I messed up). I had to send about 4 at a time until I found the booger and then put the rest back. It seems that you have something re-installing this program each time you boot up and until you get the thing out of your start-up, I think it will keep reappearing.

[normmork]

Please submit entries here  http://www.lavahelp.com/submit/index.html 
C:\PROGRAM FILES\ARES\ARES.EXE
You may need to be in Safe Mode to find it.

Close all open windows, put a check beside these entries, Fixed Check
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html
O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h
REBOOT

Go to these folder(s) and delete
C:\PROGRAM FILES\ARES\ARES.EXE (entire ARES folder)

Some free programs that will help you not get infected
Spywareblaster:  www.javacoolsoftware.com 
IE-Spyads:  http://www.staff.uiuc.edu/~ehowes/resource.htm 

Also, paid versions of Ad-aware 6 (Plus) will prevent re-infection, BTW I am a volunteer for Ad-aware

[Corrine]

normmork wrote:

BTW I am a volunteer for Ad-aware

And a very appreciated member here at


_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[winchester73]

In addition to SpywareBlaster 3.1 and IE-Spyad (both of which I have installed on every one of my computers) ...

Also consider the companion program SpywareGuard 2.2:  http://www.javacoolsoftware.com/spywareguard.html 
_________________
Speak softly, but carry a Winchester

Member of , the Alliance of Security Analysis Professionals

[normmork]

winchester 73

Spywareguard is freeware

md55- A new refernce file was released yesterday for Ad-aware 6, please use the globe icon in AA6 to update it.

[md55]

These two files keep on coming back.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html

They dont' appear right after reboot. It takes them a few min after before they take over teh home page again.
I installed the spyblaster program you said of.
Any thoughts on this hijacking?

[Corrine]

So they can get a full picture, please post a new HJT log. And, don't worry, even if it takes a while to get to the bottom of this, they have other resources
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[normmork]

Try removing them in Windows Safe MOde

 http://service1.symantec.com/SUPPORT/tsgen...2409420406 

Look for a file called autorun.inf and rename it to autorun.bak, this is a bit of a long shot. aLOS STARTER.CHM OR STARTER.EXE

MAke sure you have all the Windows security and IE updates for your OS installed

Please clean out all cookies, internet temp folder, and temp folder

[md55]

Sorry, can you clarify what you want with the files STARTER.CHM and STARTER.EXE

I'll go do what you want now and I'll post a new log after.

[Corrine]

I believe he would like you to search for those files -- as they may be lurking someplace.
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[Guest]

Logfile of HijackThis v1.97.7
Scan saved at 4:10:17 PM, on 08/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/clk-start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [ICMEngine] C:\PROGRAM FILES\HOMENETWORK\ICM.EXE -9Xservice
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37869.6915162037
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4349/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


I delete those things in Safe Mode, but they come back right after I reboot! If you want I can post teh log from ad-ware too.

[Guest]

I found the files STARTER.EXE but not STARTER.CHM. Should I delete them?

[Corrine]

md55, please submit that starter.exe file as you did the others to  http://www.lavahelp.com/submit/index.html. 

I'm not sure who is going to be online tonight, but will leave them a message that you've posted.
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[Guest]

heres ad-ware log.

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :April 8, 2004 4:14:04 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R280 07.04.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R279 31.03.2004
Internal build : 207
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1010390 Bytes
Signature data size : 992994 Bytes
Reference data size : 17332 Bytes
Signatures total : 22327
Target categories : 10
Target families : 470
08-04-04 4:13:54 PM Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R280 07.04.2004
Internal build : 208
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1012286 Bytes
Signature data size : 994889 Bytes
Reference data size : 17333 Bytes
Signatures total : 22365
Target categories : 10
Target families : 470

08-04-04 4:14:00 PM Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:31 %
Total physical memory:194884 kb
Available physical memory:3172 kb
Total page file size:1902264 kb
Available on page file:1807660 kb
Total virtual memory:2093056 kb
Available virtual memory:2046592 kb
OS:Windows (98)

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


08-04-04 4:14:04 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293857157
Threads : 8
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954065
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951393
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:4 [isdbdc.exe]
FilePath : C:\COMPAQ\INTERNET\
ProcessID : 4294855609
Threads : 1
Priority : Normal
FileSize : 96 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Compaq Computer Corporation
FileDescription : ntaol
InternalName : ntaol
OriginalFilename : ntaol.exe
ProductName : Compaq Computer Corporation ntaol
Created on : 17/11/99 10:02:08 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 10/08/99 9:19:26 PM

#:5 [icm.exe]
FilePath : C:\PROGRAM FILES\HOMENETWORK\
ProcessID : 4294938285
Threads : 2
Priority : Normal
FileSize : 20 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Rhino Software, Inc. +1 414.593.2751 and Deerfield Communications, Inc. +1 517.732.8856
FileDescription : Internet Connection Monitor Launcher for Windows 9X
InternalName : ICM9X
OriginalFilename : ICM.EXE
ProductName : Internet Connection Monitor Application
Created on : 20/02/00 10:07:04 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 07/07/99 4:58:48 PM

#:6 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294865769
Threads : 6
Priority : Normal
FileSize : 150 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc.
FileDescription : VShield
InternalName : VShield
OriginalFilename : VSHWIN95.EXE
ProductName : VShield
Created on : 17/11/99 10:03:27 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM

#:7 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294848405
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 18/06/01 6:33:20 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 18/06/01 6:33:20 PM

#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294893113
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294894361
Threads : 9
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 24/04/99 4:22:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:10 [vsstat.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294793765
Threads : 1
Priority : Normal
FileSize : 119 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
OriginalFilename : VSStat.exe
ProductName : McAfee VirusScan
Created on : 17/11/99 10:03:27 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM

#:11 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294829101
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:12 [lvcoms.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294780225
Threads : 2
Priority : Normal
FileSize : 92 KB
FileVersion : 1.5.0.1596
ProductVersion : 1.5.0.1596
Copyright : (c) Copyright 1996-1999 Logitech Inc.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech Video Camera
Created on : 28/05/00 9:52:23 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 09/07/99 5:22:20 PM

#:13 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294814261
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 01/09/01 2:04:20 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 03/05/00 11:23:10 PM

#:14 [em_exec.exe]
FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\
ProcessID : 4294710969
Threads : 1
Priority : Normal
FileSize : 34 KB
FileVersion : 9.41.33
ProductVersion : 9.41.1
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 25/02/02 12:20:30 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 19/09/01 3:41:00 PM

#:15 [ptsnoop.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294720113
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 1.00.00
ProductVersion : 1.00.00
Copyright : Copyright PCtel,Inc.1994-200
CompanyName : PCtel, Inc
FileDescription : PTSNOOP.EXE
InternalName : PTSNOO
OriginalFilename : PTSNOOP.EX
ProductName : PTSNOOP.EX
Created on : 01/01/99 6:42:32 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 25/10/99 10:08:14 PM

#:16 [realsched.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294757117
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 23/10/02 12:52:07 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 23/10/02 12:52:08 AM

#:17 [qttask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294735797
Threads : 5
Priority : Normal
FileSize : 76 KB
FileVersion : 6.3
ProductVersion : QuickTime 6.3
CompanyName : Apple Computer, Inc.
FileDescription : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 31/12/03 6:52:48 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/12/03 6:52:50 AM

#:18 [rnathchk.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294764933
Threads : 1
Priority : Normal
FileSize : 56 KB
FileVersion : 7.0.0.1167
ProductVersion : 7.0.0.1167
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
OriginalFilename : rnathchk.EXE
ProductName : RealOne Player (32-bit)
Created on : 23/10/02 12:52:07 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 23/10/02 12:52:08 AM

#:19 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294745809
Threads : 2
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/04 9:01:00 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 04/03/04 9:01:00 PM

#:20 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4294656957
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 05/09/99 4:23:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 05/09/99 4:23:00 AM

#:21 [wmencagt.exe]
FilePath : C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\
ProcessID : 4294679437
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
Copyright : Copyright (C) Microsoft Corp. 1992-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Media Encoder Agent
InternalName : WMEncAgt.exe
OriginalFilename : WMEncAgt.exe
ProductName : Microsoft
Created on : 08/12/01 10:49:47 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 01/05/01 11:18:56 PM

#:22 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294594229
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:23 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294577825
Threads : 5
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 30/10/01 2:10:00 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 30/10/01 2:10:00 PM

#:24 [pstores.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294518917
Threads : 3
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:25 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4294598177
Threads : 11
Priority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 29/08/02 6:00:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 29/08/02 6:00:00 AM

#:26 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294694245
Threads : 3
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 05/04/04 12:57:21 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 13/07/03 4:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Winpup32 Object recognized!
Type : File
Data : pg2spltm.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright : sim
Created on : 03/04/04 2:00:05 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Winpup32 Object recognized!
Type : File
Data : taigfxi.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright :
Created on : 04/04/04 6:01:46 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Winpup32 Object recognized!
Type : File
Data : hellexts.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright : <

[Corrine]

Your complete logfile didn't post. Please pick up from here and post to the Summary.

Quote:

Winpup32 Object recognized! Type : File Data : hellexts.exe Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileSize : 64 KB Copyright : <

Thanks.
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[Guest]

it ends there though, I don't know why.

[Corrine]

Go to C:\Program Files\Lavasoft\Ad-aware 6\Logs and find the logfile with today's date. Double click to open it, click Edit | Select all, Edit | Copy. Then post the logfile as a reply.
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[Guest]

OH, so sorry. Here it is


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :April 8, 2004 4:36:37 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R280 07.04.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R280 07.04.2004
Internal build : 208
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1012286 Bytes
Signature data size : 994889 Bytes
Reference data size : 17333 Bytes
Signatures total : 22365
Target categories : 10
Target families : 470

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:30 %
Total physical memory:194884 kb
Available physical memory:5648 kb
Total page file size:1902264 kb
Available on page file:1806164 kb
Total virtual memory:2093056 kb
Available virtual memory:2050752 kb
OS:Windows (98)

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


08-04-04 4:36:37 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293857157
Threads : 8
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954065
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951393
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:4 [isdbdc.exe]
FilePath : C:\COMPAQ\INTERNET\
ProcessID : 4294855609
Threads : 1
Priority : Normal
FileSize : 96 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Compaq Computer Corporation
FileDescription : ntaol
InternalName : ntaol
OriginalFilename : ntaol.exe
ProductName : Compaq Computer Corporation ntaol
Created on : 17/11/99 10:02:08 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 10/08/99 9:19:26 PM

#:5 [icm.exe]
FilePath : C:\PROGRAM FILES\HOMENETWORK\
ProcessID : 4294938285
Threads : 2
Priority : Normal
FileSize : 20 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Rhino Software, Inc. +1 414.593.2751 and Deerfield Communications, Inc. +1 517.732.8856
FileDescription : Internet Connection Monitor Launcher for Windows 9X
InternalName : ICM9X
OriginalFilename : ICM.EXE
ProductName : Internet Connection Monitor Application
Created on : 20/02/00 10:07:04 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 07/07/99 4:58:48 PM

#:6 [vshwin32.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294865769
Threads : 6
Priority : Normal
FileSize : 150 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc.
FileDescription : VShield
InternalName : VShield
OriginalFilename : VSHWIN95.EXE
ProductName : VShield
Created on : 17/11/99 10:03:27 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM

#:7 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294848405
Threads : 2
Priority : Normal
FileSize : 109 KB
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
Copyright : Copyright (C) Microsoft Corp. 2000
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 18/06/01 6:33:20 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 18/06/01 6:33:20 PM

#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294893113
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294894361
Threads : 6
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 24/04/99 4:22:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:10 [vsstat.exe]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4294793765
Threads : 1
Priority : Normal
FileSize : 119 KB
FileVersion : 4.0.3
ProductVersion : 4.0.3
Copyright : Copyright
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
OriginalFilename : VSStat.exe
ProductName : McAfee VirusScan
Created on : 17/11/99 10:03:27 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 17/05/99 10:03:00 AM

#:11 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294829101
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:12 [lvcoms.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294780225
Threads : 2
Priority : Normal
FileSize : 92 KB
FileVersion : 1.5.0.1596
ProductVersion : 1.5.0.1596
Copyright : (c) Copyright 1996-1999 Logitech Inc.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech Video Camera
Created on : 28/05/00 9:52:23 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 09/07/99 5:22:20 PM

#:13 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294814261
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 01/09/01 2:04:20 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 03/05/00 11:23:10 PM

#:14 [em_exec.exe]
FilePath : C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\
ProcessID : 4294710969
Threads : 1
Priority : Normal
FileSize : 34 KB
FileVersion : 9.41.33
ProductVersion : 9.41.1
Copyright : Copyright
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
OriginalFilename : EM_EXEC.CPP
ProductName : MouseWare
Created on : 25/02/02 12:20:30 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 19/09/01 3:41:00 PM

#:15 [ptsnoop.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294720113
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 1.00.00
ProductVersion : 1.00.00
Copyright : Copyright PCtel,Inc.1994-200
CompanyName : PCtel, Inc
FileDescription : PTSNOOP.EXE
InternalName : PTSNOO
OriginalFilename : PTSNOOP.EX
ProductName : PTSNOOP.EX
Created on : 01/01/99 6:42:32 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 25/10/99 10:08:14 PM

#:16 [realsched.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294757117
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1599
ProductVersion : 0.1.0.1599
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 23/10/02 12:52:07 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 23/10/02 12:52:08 AM

#:17 [qttask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294735797
Threads : 5
Priority : Normal
FileSize : 76 KB
FileVersion : 6.3
ProductVersion : QuickTime 6.3
CompanyName : Apple Computer, Inc.
FileDescription : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 31/12/03 6:52:48 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/12/03 6:52:50 AM

#:18 [rnathchk.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294764933
Threads : 1
Priority : Normal
FileSize : 56 KB
FileVersion : 7.0.0.1167
ProductVersion : 7.0.0.1167
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks ATH Check App
InternalName : rnathchk
OriginalFilename : rnathchk.EXE
ProductName : RealOne Player (32-bit)
Created on : 23/10/02 12:52:07 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 23/10/02 12:52:08 AM

#:19 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294745809
Threads : 2
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/04 9:01:00 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 04/03/04 9:01:00 PM

#:20 [wkcalrem.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4294656957
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 05/09/99 4:23:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 05/09/99 4:23:00 AM

#:21 [wmencagt.exe]
FilePath : C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\
ProcessID : 4294679437
Threads : 2
Priority : Normal
FileSize : 52 KB
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
Copyright : Copyright (C) Microsoft Corp. 1992-2000
CompanyName : Microsoft Corporation
FileDescription : Windows Media Encoder Agent
InternalName : WMEncAgt.exe
OriginalFilename : WMEncAgt.exe
ProductName : Microsoft
Created on : 08/12/01 10:49:47 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 01/05/01 11:18:56 PM

#:22 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294594229
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:23 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294577825
Threads : 6
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 30/10/01 2:10:00 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 30/10/01 2:10:00 PM

#:24 [pstores.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294518917
Threads : 3
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 08/04/04 6:00:00 AM
Last modified : 24/04/99 4:22:00 AM

#:25 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4294598177
Threads : 11
Priority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 29/08/02 6:00:00 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 29/08/02 6:00:00 AM

#:26 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294488761
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 05/04/04 12:57:21 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 13/07/03 4:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Winpup32 Object recognized!
Type : File
Data : pg2spltm.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright : sim
Created on : 03/04/04 2:00:05 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Winpup32 Object recognized!
Type : File
Data : taigfxi.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright :
Created on : 04/04/04 6:01:46 PM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Winpup32 Object recognized!
Type : File
Data : hellexts.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright : <
Created on : 06/04/04 12:00:02 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Winpup32 Object recognized!
Type : File
Data : pup.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 64 KB
Copyright : duc
Created on : 01/04/04 2:12:46 AM
Last accessed : 08/04/04 6:00:00 AM
Last modified : 31/03/04 5:11:20 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 5


Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 5


Scanning Hosts file(C:\WINDOWS\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
0 entries scanned.
New objects :0
Objects found so far: 5




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

ClearSearch Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\URLSearchHooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}


Winpup32 Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{48E59291-9880-11CF-9754-00AA00C00908}


Winpup32 Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{48E59292-9880-11CF-9754-00AA00C00908}


Winpup32 Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\pup


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 4
Objects found so far: 9


4:53:15 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:16:37:780
Objects scanned :116201
Objects identified :9
Objects ignored :0
New objects :9

[Guest]

DAMNIT!!!

i got the same start.chm and start.html problem


this is the only place that talking about this hijack???


i delete those 2 files and they keep popping back up


plz help fast!!!


or i could just reformat

[Guest]

it changes your homepage to a place that has advertisements and all of them lead to master-search.com


and u know its a stupid site cuz when u go to the main website, it says

"having problems with our program? use this to remove it.
you will need to leave it open for 2 hours to remove the file."


meaning its probably a dialer or something