Jump to content


Photo

Ad-Aware won't scan


  • Please log in to reply
3 replies to this topic

#1 ericerb

ericerb

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 07 January 2009 - 12:11 AM

w2k, sp4; dell optiplex GX100; 256K ram.
an old machine to be sure but still kicking, up until this. My grandfather told me about computers like this but i never thought i'd see one. sentimental value.
assistance greatly appreciated. thanks

ad-aware event log:
20090106 18-14-33 : Startup scan disabled.
20090106 19-09-54 : Scan terminated by user.
20090106 19-09-54 : Scan terminated by user.
20090106 19-14-25 : Startup scan disabled.
20090106 20-03-07 : Full scan started.
20090106 20-08-12 : Startup scan disabled.

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:55 PM, on 1/6/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\WINNT\System32\PSSVC.EXE
C:\DMI\bin\dmisrv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\DMI\bin\win32sl.exe
C:\DMI\bin\nic.exe
C:\DMI\bin\coo.exe
C:\DMI\bin\dnar.exe
C:\DMI\bin\nodemngr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local>;localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [WorkFlow] D:\installs\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123890679626
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.18...lay/PopupSh.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoShutdown - Dell Computer Corporation - C:\WINNT\System32\PSSVC.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dmisrv - Unknown owner - C:\DMI\bin\dmisrv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Win32sl - Intel - C:\DMI\bin\win32sl.exe
--
End of file - 7572 bytes

rootkit revealer won't save, found five items:
HKU\\remoteaccess\internetprofile data mismatch between Windows API and raw hive data
HKLM\SECURITY\policy\secrets\SAC* key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\XATM:8c06e058...79be* key name contains embedded nulls (*)
HKLM\SOFTWARE error dumping hive: The system cannot find the file specified

#2 GoddersUK

GoddersUK

    Valued Member/ Ad-Aware Beta Tester

  • Valued Member
  • PipPipPip
  • 688 posts

Posted 07 January 2009 - 04:36 PM

Hi can you provide a bit more information about the problem -e.g. error messages received and the like.

Edited by GoddersUK, 07 January 2009 - 04:46 PM.

If you are a paying user (Plus/Pro License) you should visit the Lavasoft Support Centre.

If you need help to remove an infection:

Read this first. Follow ALL the steps in it. If you do not then you will just be asked to go away and do so.
Then post your HJT log (copy and paste, don't attach) into a NEW topic in the HJT Log Forum
Await advice from either a Volunteer Security Advisor or a member of Lavasoft staff.


If you see anyone other than a VSA or Lavasoft staff member giving advice in the HijackThis forum please PM a mod.


DO NOT POST HJT LOGS IN ANY FORUM OTHER THAN THE OFFICIAL HJT LOG FORUM. We will be unable to deal with them there and will just tell you to go to the right place.


Please do NOT bump HijackThis log posts, it won't help you receive help any faster - the VSAs look for posts with zero replies. If after one week you have not received a response please repost your log file in a NEW thread.

#3 ericerb

ericerb

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 09 January 2009 - 12:14 AM

i'd tell you about error msg but there are none. it proceeds, appears to be scanning, hangs a bit (see attached) and then goes to the scan results screen, which reads Files scanned: 0

Attached Thumbnails

  • lavasofthang.gif


#4 ericerb

ericerb

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 09 January 2009 - 12:18 AM

here is what it comes to rest at. total scanning time has varied a bit but that's a good median value, 4-5 min

Attached Thumbnails

  • lavasoftscanresults.gif
  • lavasoftscanresults.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users