Jump to content


Photo

I Need help Please.


  • Please log in to reply
11 replies to this topic

#1 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 19 April 2006 - 11:57 PM

Hi All, I have used adaware for a few years now and never had a problem. I was running a scan today caused I sensed some spyware present and when I got through with the scan and went to quarantine and delete my computer would get through the quarantine phase and would just hang up on the deleting part. I have tried everything, seems I got a piece of spyware that is hard to delete. this is the one that is really hard to delete...Adware.Look2Me Object Recognized!
Type : Process
Data : CRTRUST.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CRTRUST.DLL)

I have tried deleting it manually and I get a box that says I cant delete it because it is in use by windows.
when I am running my scan in the very beginning it also causes an error in my explorer and my rundll32 causing both to close i guess. this is the message I get from the rundll32:

RUNDLL32 caused an invalid page fault in
module KERNEL32.DLL at 017f:bff886e0.
Registers:
EAX=c00309c8 CS=017f EIP=bff886e0 EFLGS=00010212
EBX=0063fda8 SS=0187 ESP=00540000 EBP=00540010
ECX=81d5d81c DS=0187 ESI=81d447f8 FS=462f
EDX=bff76855 ES=0187 EDI=005400b8 GS=0000
Bytes at CS:EIP:
56 8b 0d e0 9c fc bf 57 33 f6 8b 38 8b 19 89 75
Stack dump:
0063fda8 00000000 00000000 00000000 005400a0 bff87f0a 00000001 0000000e 005400b8 005400d4 0054027c 81d447f8 0063fda8 00000000 00000000 00000000

I have no clue what all that means.
What this does to my computer is about every 2 minutes it will open my browser with a couple of ad pages.if i walk away from my computer any length og time i have a zillion pages open when i get back.(I exagerated a little bit there)

besides the crTRUST.dll it also shows this one that is equally hard to delete..

Adware.Look2Me Object Recognized!
Type : Process
Data : BNACKBOX.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\BNACKBOX.DLL)
as well as these..

Adware.Look2Me Object Recognized!
Type : File
Data : RNABASE.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : QNSNAME.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : IC_NDI.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : JLCRIPT.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : NXSWAN16.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



but just the two identified as type: process are the ones I am finding impossible to delete.

I run Win98se with IE 6.0 I 'm pretty much a novice so if you need other information I would be happy to get it for you. Please help me delete these files....

Thanks in advance...Jim

#2 Corrine

Corrine

    Advanced Member

  • Members
  • PipPipPip
  • 238 posts

Posted 20 April 2006 - 12:20 AM

Hi, jimdav48. Your full logfile would be helpful. For Windows 98, go to C:\WINDOWS\USER NAME\Application Data\Lavasoft\Ad-Aware and find the logfile for this scan. Double click to open it, click Edit | Select all, Edit | Copy. Then post the logfile as a reply.

If you have trouble locating the file, please launch Ad-Aware and click on the gear icon to access the Ad-Aware configuration window. Select General and look under the section entitled "Write logfiles to", which is the name of the folder that your log will have been written to.

Alternatively, you could try scanning in in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Should you elect that option, after restarting in normal mode, it would be advisable to run another full system scan and post the results here as a reply for review.

Good luck.

#3 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 20 April 2006 - 01:22 AM

Here is the logfile you were asking for. I'll try doing a scan in safe-mode and post the results too.. Thanks so much for your help. I had to post it in two messages because of size..



Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 19, 2006 3:06:53 PM
Using definitions file:SE1R104 18.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):7 total references
MRU List(TAC index:0):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-19-06 3:06:53 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291815119
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294947443
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949451
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294944927
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294845403
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4294890323
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [CCEVTMGR.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294845203
Threads : 26
Priority : Normal
FileVersion : 1.01.10
ProductVersion : 1.01.10
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:8 [NISUM.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294900755
Threads : 10
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:9 [CCPXYSVC.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294876867
Threads : 18
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:10 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294827903
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294641207
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294703711
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [CCAPP.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294684027
Threads : 39
Priority : Normal
FileVersion : 1.02.05
ProductVersion : 1.02.05
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:14 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294624395
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:15 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294470635
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:16 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294764683
Threads : 24
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : CRTRUST.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CRTRUST.DLL)


#:17 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294610747
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : BNACKBOX.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\BNACKBOX.DLL)




Part ll
#:18 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294222011
Threads : 2
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:19 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\
ProcessID : 4294640283
Threads : 3
Priority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : File
Data : RNABASE.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : QNSNAME.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : IC_NDI.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : JLCRIPT.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : NXSWAN16.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
31 entries scanned.
New critical objects:0
Objects found so far: 8




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

3:10:31 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:37.950
Objects scanned:54042
Objects identified:5
Objects ignored:0
New critical objects:5


I did like you asked and ran a scan in safe mode but the same thing happens including the same errors in explorer ann rundll32 and when it comes time to delete it just hangs and nothing happens. also I forgot to mention that all the new pages that open with adds , well after the www.adress they all have this /muon.html if that means anything, here is the scan I did in safe mode:
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 19, 2006 5:06:07 PM
Using definitions file:SE1R104 18.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):8 total references
MRU List(TAC index:0):2 total references
Tracking Cookie(TAC index:3):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-19-06 5:06:07 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291802101
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952721
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294963329
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294841809
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : CRTRUST.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CRTRUST.DLL)


#:5 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294900845
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : CCSWPP.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CCSWPP.DLL)


#:6 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\
ProcessID : 4294796757
Threads : 3
Priority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@bravenet[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim davolt@bravenet.com/
Expires : 4/16/16 4:42:58 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:jim davolt@doubleclick.net/
Expires : 4/18/09 3:17:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@statcounter[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jim davolt@statcounter.com/
Expires : 4/18/11 4:12:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@advertising[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:jim davolt@advertising.com/
Expires : 4/18/11 4:45:10 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@atdmt[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:jim davolt@atdmt.com/
Expires : 4/17/11 5:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:jim davolt@tribalfusion.com/
Expires : 12/31/37 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 10



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : File
Data : RNABASE.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : QNSNAME.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : IC_NDI.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : JLCRIPT.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : NXSWAN16.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : bnackbox.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@doubleclick[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@statcounter[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@bravenet[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@bravenet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@tribalfusion[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@advertising[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
31 entries scanned.
New critical objects:0
Objects found so far: 22




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

5:08:51 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:43.900
Objects scanned:54554
Objects identified:18
Objects ignored:0
New critical objects:18


Thanks again..Jim

#4 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 20 April 2006 - 10:42 AM

jimdav48,
please can you clear out your cache folder ie: temporary internet folder.
There are some free programs that you can use that will do that for you if needed like :D
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
Then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

Please NOTE from the AAW SE help file, if you set "Read current settings from system:" under "default settings" in Ad-Aware SE,

Default IE Pages
Default homepage: Ad-Aware SE uses the defined homepage when recovering from a browser hijack

Default Search Engine: Ad-Aware SE uses the defined search engine when recovering from a browser hijack


GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown

#5 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 20 April 2006 - 05:17 PM

This is my problem Grafx I have run CCleaner 20 times in the last 2 days and run adaware that many also. I have tried to mark and remove the files and I can with no problem all except the ones marked "process". I can't manually delete them all I get is this can't be deleted as its used by windows. I will do it again just like you say and post the results in a few min.

okay this is my first adaware log after running CCleaner.
Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 20, 2006 8:13:36 AM
Using definitions file:SE1R104 18.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):10 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4/20/06 8:13:36 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291816297
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950869
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294944837
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE


#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294854797
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294851153
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4294849629
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [CCEVTMGR.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294848057
Threads : 26
Priority : Normal
FileVersion : 1.01.10
ProductVersion : 1.01.10
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:8 [NISUM.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294888597
Threads : 10
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:9 [CCPXYSVC.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294900313
Threads : 18
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:10 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294698929
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294677441
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [CCAPP.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294681449
Threads : 40
Priority : Normal
FileVersion : 1.02.05
ProductVersion : 1.02.05
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:13 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294576053
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:14 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294534113
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:15 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294378313
Threads : 2
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:16 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\
ProcessID : 4294324793
Threads : 5
Priority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:17 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294398473
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : CRTRUST.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CRTRUST.DLL)


#:18 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294509329
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : COSWPP.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\COSWPP.DLL)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@bravenet[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim davolt@bravenet.com/
Expires : 4/17/16 7:58:32 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@www.stopzilla[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:jim davolt@www.stopzilla.com/
Expires : 4/20/09 7:56:12 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@revenue[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim davolt@revenue.net/
Expires : 6/9/22 10:05:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 5


Adware.Look2Me Object Recognized!
Type : File
Data : RNABASE.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : QNSNAME.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : IC_NDI.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : JLCRIPT.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\










Adware.Look2Me Object Recognized!
Type : File
Data : NXSWAN16.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : bnackbox.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : CCSWPP.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\












Adware.Look2Me Object Recognized!
Type : File
Data : IL50_32.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@revenue[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@revenue[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@www.stopzilla[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@www.stopzilla[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim davolt@bravenet[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\jim davolt@bravenet[1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
32 entries scanned.
New critical objects:0
Objects found so far: 16




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

8:15:44 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:08.410
Objects scanned:52503
Objects identified:14
Objects ignored:0
New critical objects:14






Again it hung up and wouldn't delete so I went to windows/system and deletedall the listed .dll files except it wouldn't let me delete crtrust.dll. I rebooted and ran CCleaner again then ran adaware again and this is the log file from that one:

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 20, 2006 8:40:57 AM
Using definitions file:SE1R104 18.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):4 total references
MRU List(TAC index:0):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


4-20-06 8:40:57 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291815465
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950037
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294945541
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294855637
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294850841
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4294850265
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711

LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [CCEVTMGR.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294847797
Threads : 26
Priority : Normal
FileVersion : 1.01.10
ProductVersion : 1.01.10
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:8 [NISUM.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294889465
Threads : 10
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:9 [CCPXYSVC.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294900893
Threads : 18
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:10 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294704809
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294700133
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:12 [CCAPP.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294688273
Threads : 39
Priority : Normal
FileVersion : 1.02.05
ProductVersion : 1.02.05
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:13 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294579669
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:14 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294545389
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:15 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294651693
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : CRTRUST.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\CRTRUST.DLL)


#:16 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294504925
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : MPVIDC32.DLL
Category : Possible Browser Hijack attempt
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\MPVIDC32.DLL)


#:17 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294220737
Threads : 2
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:18 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\
ProcessID : 4294604521
Threads : 3
Priority : Normal
FileVersion : 6.2.0.208
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : File
Data : hzocps01.dll
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Adware.Look2Me Object Recognized!
Type : File
Data : CCSWPP.DLL
Category : Possible Browser Hijack attempt
Comment :
Object : c:\WINDOWS\SYSTEM\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
32 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

8:43:37 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:39.400
Objects scanned:54023
Objects identified:2
Objects ignored:0
New critical objects:2


Any help would be greatly appreciated.

#6 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 20 April 2006 - 05:34 PM

jimdav48,
Most of your problem you will find is that you are using an out of date version of Ad-aware

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 20, 2006 8:13:36 AM
Using definitions file:SE1R104 18.04.2006

Please update to Ad-aware SE Build 106
Then use the WebUpDate
to get the latest Definition file
SE1R104 18.04.2006 once you have done that scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .

GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown

#7 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 20 April 2006 - 07:52 PM

I got it fixed but i will update Adaware, but are you telling me that if I had the newest version of adaware, even though my definitions were current I would have been able to delete the file that was causing the problems?

Anyway I was doing a virus scan using Nortons in safe mode and while in safemode decided to go and try and delete the crtrust.dll. I tried to delete it yuesterday in safemode and coulkdn't. This time in safemode it let me do it. go figure. Anyway from there I was able to run adware again and take off the remaining problems. Thanks for your help it was appreciated.

#8 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 20 April 2006 - 09:48 PM

jimdav48,

are you telling me that if I had the newest version of adaware, even though my definitions were current I would have been able to delete the file that was causing the problems

As you were using an old vesion then yes it is more than lighly the reason why you were unable to remove the items found.

GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown

#9 Corrine

Corrine

    Advanced Member

  • Members
  • PipPipPip
  • 238 posts

Posted 21 April 2006 - 12:06 AM

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
32 entries scanned.

Hi, jimdav48. If you still have those entries in your Hosts file and did not add them yourself, your system is not clean yet. Look2Me is not easy to remove and often takes other tools to help remove.

When you have an infection of that nature, it is often necessary to scan in Safe Mode, restart in normal mode, scan again, shutdown/restart and scan again.

If the problem returns or you still have entries in your Hosts file, post a fresh Ad-Aware logfile.

Regards,

Corrine

#10 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 22 April 2006 - 07:40 PM

Corrine I am not having problems but it shows that it scanned 32 entries in my host file. What or how many should there be? And to be honest I don't even know what a host file is for so I am pretty sure I didn't add any. When looking for the host file in Windows all I seen was a file marked Hosts, it is not a folder and clicking on properties it shows a file with 952 bytes (8192 bytes used). Can I delete this? There is also one next to it that says hosts log..which i included after the scan log.

Grafx I d/l the current version of adaware also. Thanks


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, April 22, 2006 11:31:09 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R104 21.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-22-06 11:31:09 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291817241
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949797
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294945845
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294855933
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294853945
Threads : 3
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [KB891711.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB891711\
ProcessID : 4294848529
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [CCEVTMGR.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294847053
Threads : 27
Priority : Normal
FileVersion : 1.01.10
ProductVersion : 1.01.10
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:8 [NISUM.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294887657
Threads : 11
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:9 [CCPXYSVC.EXE]
FilePath : C:\PROGRAM FILES\NORTON INTERNET SECURITY\
ProcessID : 4294901729
Threads : 19
Priority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294785977
Threads : 16
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294651821
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294696853
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [CCAPP.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\
ProcessID : 4294678077
Threads : 40
Priority : Normal
FileVersion : 1.02.05
ProductVersion : 1.02.05
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:14 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294598305
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:15 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294601025
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:16 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294388241
Threads : 2
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:17 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294574013
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
32 entries scanned.
New critical objects:0
Objects found so far: 0


11:34:42 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:33.440
Objects scanned:54026
Objects identified:0
Objects ignored:0
New critical objects:0

# Copyright © 1998 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

#11 Corrine

Corrine

    Advanced Member

  • Members
  • PipPipPip
  • 238 posts

Posted 22 April 2006 - 08:29 PM

If you wish, you can download the "Host File Viewer" © Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. You will want to restore to the default settings. Just unzip the file and launch the HostFileReader.exe. Select "Reset Default"

http://members.acces...sFileReader.zip

If after doing that and a couple shutdown/restarts you find entries returned to your Hosts file, the L2M infection may be still lurking in the background. If that's the case, let us know and we'll check for the L2M symptoms in a HJT log and provide instrutions for using Atribune's tool.

Let us know.

#12 jimdav48

jimdav48

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 22 April 2006 - 10:15 PM

Do I need the contents of the host file looks like all ads and such...
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
Is it safew to delete these...

Okay Corrine I think I got it using the tool you mentioned for reading host files i found the above. then I reset to default and run another scan and rather than put the whole scan in i put just the part in question.

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

2:06:57 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
is this what you wanted to see?
hoping I did that right...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users