HJT Pre and Post cure logs, still needs tweeking please

Discussion in 'adware, spyware & hijack cleaning' started by jgil, Apr 21, 2004.

Thread Status:
Not open for further replies.
  1. jgil

    jgil Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    5
    you do still have a couple of problems in the log so if you post on the
    wilders forums either i or one of the others will help you fix it

    Derek


    Subject: HJT logs pre and post cure

    Also on initial boot get macafee error - unable to run firewall filter
    00000009

    Have been updating microsoft applications patches and now have TDS -3 guard
    and blaster, and when payday comes will purchase package.

    Thanks for your work for freedom from evil doers.

    We have no hedge hogs in the wilds where I live and work (boreal forest,
    precambrian sheild) but I am very aware of your plight with human
    encroachment and domination of wild life. Human arrogance is boundless in
    the wilderness here. Will support your cause via snail mail.



    Logfile of HijackThis v1.97.7
    Scan saved at 8:36:43 AM, on 21/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\msrexe.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bad Manors\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    http://www.dell.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
    Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: SpywareGuard Download Protection -
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
    Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update
    Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
    /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
    Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [sws.exe] c:\program
    files\GlobalDialer\domer00095\gd-dial.exe -remove
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online
    4.0\aoltray.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL
    8.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix:
    O13 - Mosaic Prefix:
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
    System Class) -
    http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38092.955474537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    FORMER INFECTED LOG

    Logfile of HijackThis v1.97.7
    Scan saved at 10:07:18 AM, on 18/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\msrexe.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bad Manors\Local Settings\Temporary Internet
    Files\Content.IE5\R6SRJTGH\HijackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://nkvd.us/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http://nkvd.us/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://nkvd.us/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://nkvd.us/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://nkvd.us/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http://nkvd.us/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://nkvd.us/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
    Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} -
    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update
    Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    Experience\PCMService.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
    /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
    Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
    /autorun
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [sws.exe] c:\program
    files\GlobalDialer\domer00095\gd-dial.exe -remove
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online
    4.0\aoltray.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL
    8.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O13 - DefaultPrefix: http://www.nkvd.us/
    O13 - WWW Prefix: http://www.nkvd.us/
    O13 - Home Prefix: http://www.nkvd.us/
    O13 - Mosaic Prefix: http://www.nkvd.us/
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
    System Class) -
    http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38092.955474537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{3672F38D-7203-4820-BDDD-9CDE5D13A921}:
    NameServer = 69.26.64.254
     
  2. dave38

    dave38 Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    377
    Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.




    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe

    O4 - HKCU\..\Run: [sws.exe] c:\program
    files\GlobalDialer\domer00095\gd-dial.exe -remove

    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix:
    O13 - Mosaic Prefix:


    Reboot, and delete

    file
    C:\WINDOWS\System32\msrexe.exe

    folder
    c:\program files\GlobalDialer

    These may be hidden files. See HERE for how to show hidden files.

    please post a followup Hijack this log.
     
  3. jgil

    jgil Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    5
    Thanks for all of this.

    no hidden files, I deleted C: windows syst32 msrexe.exe

    I notice when going to program files that I cannot find any global dialer, but there is a pl.exe sitting in the program files that is not a folder but odd looking window pane icon pl.exe and is 4.0 KB. I have received auto update from MS waiting to be downloaded, could this be it.

    Further as I could not find any global dialer in program files, I did a regedit search for 'global dialer' and was now in a domains list -- my computer/ Hkey_users/s-1-5-21-3084697248-3517219971-4262014179-1007/software/microsoft/windows/currentversion/internet/settings/zonemap/domains/...........and about 2,000 folders with sex porn and bizzare sex names, some of which even I had never heard of before, plus nkvd, which got me into this mess, and a bunch of cool web stuff. This all looks so neat and tidy though it must be the preselected denial from one of the spy protectors I have recently loaded. Right. Also, I know the above address should have back slash instead of forward slash, but for some reason my key board is doing french or spanish where the back slash, and the question mark, and other punctuation should be.

    An extra Q please. Would it not be feasible to delete IE6 and refresh software from a fresh disk or site.

    HERE is my latest log. YOU FOLKS ARE HEROS!

    Logfile of HijackThis v1.97.7
    Scan saved at 7:49:18 PM, on 21/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Bad Manors\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38092.955474537
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    I was reading around Wilders and see Ad-aware alot so downloaded it too.
    Hope I am not being redundant, or reading ahead too far... thanks.

    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :April 22, 2004 1:23:33 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R217 08.09.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    22-04-2004 1:23:33 AM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 22-04-2004 12:31:44 AM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 12:31:46 AM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 12:31:46 AM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 12:31:46 AM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 12:31:47 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 12:31:47 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 12:31:48 AM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:8 [mcvsrte.exe]
    FilePath : c:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 22-04-2004 12:31:48 AM
    BasePriority : Normal
    FileSize : 100 KB
    FileVersion : 4, 4, 0, 35
    ProductVersion : 4, 4, 0, 20
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee VirusScan Online Realtime Engine
    InternalName : mcvsrte
    OriginalFilename : mcvsrte.exe
    ProductName : McAfee VirusScan Online
    Created on : 09/12/2003 7:00:46 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 21/03/2003 6:51:52 PM

    #:9 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 22-04-2004 12:31:48 AM
    BasePriority : Normal
    FileSize : 64 KB
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    Copyright : Copyright
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    OriginalFilename : WanMPSvc.exe
    ProductName : America Online
    Created on : 22/01/2004 3:06:45 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 23/05/2003 11:38:28 PM

    #:10 [mcshield.exe]
    FilePath : c:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 22-04-2004 12:31:50 AM
    BasePriority : High
    FileSize : 220 KB
    Created on : 09/12/2003 7:00:46 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 13/03/2002 2:50:34 PM

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 22-04-2004 5:20:07 AM
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2002 11:00:00 AM

    #:12 [hkcmd.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 5:20:09 AM
    BasePriority : Normal
    FileSize : 112 KB
    FileVersion : 3,0,0,2104
    ProductVersion : 7,0,0,2104
    Copyright : Copyright 1999-2003, Intel Corporation
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    OriginalFilename : HKCMD.EXE
    ProductName : Intel(R) Common User Interface
    Created on : 01/01/1980 6:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 07/04/2003 6:07:38 AM

    #:13 [tfswctrl.exe]
    FilePath : C:\WINDOWS\system32\dla\
    ThreadCreationTime : 22-04-2004 5:20:09 AM
    BasePriority : Normal
    FileSize : 112 KB
    FileVersion : 1.04.05b
    Copyright : Copyright
    CompanyName : Sonic Solutions
    FileDescription : Drive Letter Access Component
    Created on : 09/12/2003 6:53:27 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 06/08/2003 7:04:00 AM

    #:14 [dsentry.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 5:20:10 AM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 1, 0, 5, 0
    ProductVersion : 1, 0, 5, 0
    Copyright : Copyright
    CompanyName : Dell - Advanced Desktop Engineering
    FileDescription : DVDSentry
    InternalName : DVDSentry
    OriginalFilename : DSentry.exe
    ProductName : Dell - DVDSentry
    Created on : 13/08/2003 4:27:40 PM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 13/08/2003 4:27:40 PM

    #:15 [pcmservice.exe]
    FilePath : C:\Program Files\Dell\Media Experience\
    ThreadCreationTime : 22-04-2004 5:20:11 AM
    BasePriority : Normal
    FileSize : 200 KB
    FileVersion : 1.0.0826
    ProductVersion : 1.0.0826
    Copyright : Copyright c 2003 CyberLink Corp.
    CompanyName : CyberLink Corp.
    FileDescription : PowerCinema Resident Program for Dell
    InternalName : PowerCinema Resident Program for Dell
    OriginalFilename : PCM2Launcher.EXE
    ProductName : PCM2Launcher Application
    Created on : 09/12/2003 6:54:06 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 27/08/2003 1:47:34 AM

    #:16 [realplay.exe]
    FilePath : C:\Program Files\Real\RealPlayer\
    ThreadCreationTime : 22-04-2004 5:20:11 AM
    BasePriority : Normal
    FileSize : 25 KB
    FileVersion : 6.0.9.584
    ProductVersion : 6.0.9.584
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealPlayer
    InternalName : REALPLAY
    OriginalFilename : REALPLAY.EXE
    ProductName : RealPlayer (32-bit)
    Created on : 09/12/2003 6:58:52 AM
    Last accessed : 22/04/2004 6:22:17 AM
    Last modified : 09/12/2003 6:58:52 AM

    #:17 [mcagent.exe]
    FilePath : C:\PROGRA~1\mcafee.com\agent\
    ThreadCreationTime : 22-04-2004 5:20:12 AM
    BasePriority : Normal
    FileSize : 240 KB
    FileVersion : 4, 3, 0, 27
    ProductVersion : 4, 3, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee SecurityCenter Agent
    InternalName : mcagent
    OriginalFilename : mcagent.exe
    ProductName : McAfee SecurityCenter
    Created on : 16/04/2004 3:42:47 PM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 08/12/2003 8:38:52 PM

    #:18 [mmtask.exe]
    FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
    ThreadCreationTime : 22-04-2004 5:20:13 AM
    BasePriority : Normal
    FileSize : 52 KB
    FileVersion : 1.0.0.1
    ProductVersion : 1.0.0.1
    Copyright : TODO: (c) <Company name>. All rights reserved.
    CompanyName : TODO: <Company name>
    FileDescription : TODO: <File description>
    InternalName : mmtask.exe
    OriginalFilename : mmtask.exe
    ProductName : TODO: <Product name>
    Created on : 09/12/2003 7:01:13 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 06/10/2003 4:05:40 PM

    #:19 [mm_tray.exe]
    FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
    ThreadCreationTime : 22-04-2004 5:20:15 AM
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 8.10.1006
    ProductVersion : 8.10.1006
    Copyright : Copyright
    CompanyName : MUSICMATCH, Inc.
    FileDescription : mm_tray
    InternalName : mm_tray
    OriginalFilename : mm_tray.exe
    ProductName : MUSICMATCH JUKEBOX
    Created on : 09/12/2003 7:01:13 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 06/10/2003 4:05:40 PM

    #:20 [mcvsshld.exe]
    FilePath : C:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 22-04-2004 5:20:16 AM
    BasePriority : Normal
    FileSize : 156 KB
    FileVersion : 4, 4, 0, 35
    ProductVersion : 4, 4, 0, 20
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee ActiveShield
    InternalName : msvcshld
    OriginalFilename : mcvsshld.exe
    ProductName : McAfee VirusScan Online
    Created on : 09/12/2003 7:00:46 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 21/03/2003 6:52:12 PM

    #:21 [support.exe]
    FilePath : C:\Program Files\Common Files\Dell\EUSW\
    ThreadCreationTime : 22-04-2004 5:20:18 AM
    BasePriority : Normal
    FileSize : 240 KB
    FileVersion : 2, 0, 0, 33
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Dell
    FileDescription : Support
    InternalName : Support
    OriginalFilename : Support.exe
    ProductName : Dell Support
    Created on : 24/06/2003 4:46:30 PM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 24/06/2003 4:46:30 PM

    #:22 [wkufind.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
    ThreadCreationTime : 22-04-2004 5:20:19 AM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 7.00.0716.0
    ProductVersion : 7.00.0716.0
    Copyright : Copyright
    CompanyName : Microsoft
    FileDescription : Microsoft
    InternalName : WkUFind
    OriginalFilename : WkUFind.exe
    ProductName : Update Detection Module
    Created on : 16/07/2002 1:21:48 PM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 16/07/2002 1:21:48 PM

    #:23 [mpftray.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 22-04-2004 5:20:22 AM
    BasePriority : Normal
    FileSize : 1348 KB
    FileVersion : 5.0.1.5
    ProductVersion : 5.0.1.5
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Tray Monitor
    InternalName : MpfTray
    OriginalFilename : MPFTRAY.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 29/01/2004 3:17:17 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 02/09/2003 7:00:00 PM

    #:24 [wuauclt.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 5:20:23 AM
    BasePriority : Normal
    FileSize : 145 KB
    FileVersion : 5.4.3790.20 built by: lab04_n
    ProductVersion : 5.4.3790.20
    CompanyName : Microsoft Corporation
    FileDescription : Windows Update AutoUpdate Client
    InternalName : wuauclt.exe
    OriginalFilename : wuauclt.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 10/02/2004 2:09:02 AM

    #:25 [mpfagent.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 22-04-2004 5:20:25 AM
    BasePriority : Normal
    FileSize : 500 KB
    FileVersion : 4.1.0.1
    ProductVersion : 4.1.0.1
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Agent Interface
    InternalName : MpfAgent
    OriginalFilename : MPFAGENT.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 29/01/2004 3:17:17 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 02/09/2003 7:00:00 PM

    #:26 [dlg.exe]
    FilePath : C:\Program Files\Digital Line Detect\
    ThreadCreationTime : 22-04-2004 5:20:27 AM
    BasePriority : Normal
    FileSize : 24 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : BVRP Software
    FileDescription : Digital Line Detection
    InternalName : TestLine
    OriginalFilename : TestLine.exe
    ProductName : BVRP Software TestLine
    Created on : 09/12/2003 6:52:56 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 20/06/2003 9:43:00 AM

    #:27 [sgmain.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 22-04-2004 5:20:28 AM
    BasePriority : Normal
    FileSize : 352 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC
    FileDescription : SpywareGuard
    InternalName : sgmain
    OriginalFilename : sgmain.exe
    ProductName : SpywareGuard
    Created on : 30/08/2003 12:05:35 AM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 30/08/2003 12:05:35 AM

    #:28 [sgbhp.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 22-04-2004 5:20:31 AM
    BasePriority : Normal
    FileSize : 228 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
    FileDescription : SG Browser Hijacking Protection
    InternalName : sgbhp
    OriginalFilename : sgbhp.exe
    ProductName : SG Browser Hijacking Protection
    Created on : 29/08/2003 4:14:56 PM
    Last accessed : 22/04/2004 6:23:33 AM
    Last modified : 29/08/2003 4:14:56 PM

    #:29 [notifyalert.exe]
    FilePath : C:\Program Files\Dell\Support\Alert\bin\
    ThreadCreationTime : 22-04-2004 5:25:25 AM
    BasePriority : Normal
    FileSize : 244 KB
    FileVersion : 2.1.0.0
    ProductVersion : 2.1.0.0
    InternalName : NotifyAlert.exe
    OriginalFilename : NotifyAlert.exe
    Created on : 24/06/2003 4:46:40 PM
    Last accessed : 22/04/2004 5:25:22 AM
    Last modified : 24/06/2003 4:46:40 PM

    #:30 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 22-04-2004 6:23:05 AM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 22/04/2004 6:22:50 AM
    Last accessed : 22/04/2004 6:23:05 AM
    Last modified : 13/07/2003 3:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    DSSAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Broderbund Software\DSS


    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    Windows Object recognized!
    Type : RegData
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\MediaPlayer\Player\Settings
    Value : Client ID
    Data :


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 3


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 3


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 3


    1:24:35 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:01:01:875
    Objects scanned :38532
    Objects identified :3
    Objects ignored :0
    New objects :3
     
    Last edited: Apr 22, 2004
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi jgil,

    Please update AdAware. You're way behind:
    01R217 08.09.2003 should be 01R298 20.04.2004

    Use the Globe icon in Ad-Aware to update. If you have any problems let us know.

    Regards,

    Pieter
     
  5. jgil

    jgil Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    5

    Thank you Pieter, Please see my updated AD AWARE SCAN, AND above is HJT LOG. Bless you all...
    PS hope I am doing this cut and paste edit add reply to forum rules. THX!
    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :April 22, 2004 8:46:13 AM
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R298 20.04.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    22-04-2004 8:46:13 AM - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 22-04-2004 1:41:03 PM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 1:41:05 PM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 1:41:05 PM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 1:41:05 PM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 1:41:05 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 1:41:06 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 22-04-2004 1:41:07 PM
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 1:41:07 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 22-04-2004 1:41:07 PM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2002 11:00:00 AM

    #:9 [mcvsrte.exe]
    FilePath : c:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 22-04-2004 1:41:07 PM
    BasePriority : Normal
    FileSize : 100 KB
    FileVersion : 4, 4, 0, 35
    ProductVersion : 4, 4, 0, 20
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee VirusScan Online Realtime Engine
    InternalName : mcvsrte
    OriginalFilename : mcvsrte.exe
    ProductName : McAfee VirusScan Online
    Created on : 09/12/2003 7:00:46 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 21/03/2003 6:51:52 PM

    #:10 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 22-04-2004 1:41:07 PM
    BasePriority : Normal
    FileSize : 64 KB
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    Copyright : Copyright
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    OriginalFilename : WanMPSvc.exe
    ProductName : America Online
    Created on : 22/01/2004 3:06:45 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 23/05/2003 11:38:28 PM

    #:11 [hkcmd.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 1:41:08 PM
    BasePriority : Normal
    FileSize : 112 KB
    FileVersion : 3,0,0,2104
    ProductVersion : 7,0,0,2104
    Copyright : Copyright 1999-2003, Intel Corporation
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    OriginalFilename : HKCMD.EXE
    ProductName : Intel(R) Common User Interface
    Created on : 01/01/1980 6:00:00 AM
    Last accessed : 22/04/2004 1:41:08 PM
    Last modified : 07/04/2003 6:07:38 AM

    #:12 [tfswctrl.exe]
    FilePath : C:\WINDOWS\system32\dla\
    ThreadCreationTime : 22-04-2004 1:41:09 PM
    BasePriority : Normal
    FileSize : 112 KB
    FileVersion : 1.04.05b
    Copyright : Copyright
    CompanyName : Sonic Solutions
    FileDescription : Drive Letter Access Component
    Created on : 09/12/2003 6:53:27 AM
    Last accessed : 22/04/2004 1:41:09 PM
    Last modified : 06/08/2003 7:04:00 AM

    #:13 [sgtray.exe]
    FilePath : C:\Program Files\Common Files\Sonic\Update Manager\
    ThreadCreationTime : 22-04-2004 1:41:09 PM
    BasePriority : Normal
    FileSize : 152 KB
    FileVersion : 1.01.11a
    Copyright : Copyright
    CompanyName : Sonic Solutions
    FileDescription : Sonic Update Manager
    Created on : 13/02/2003 7:01:00 AM
    Last accessed : 22/04/2004 1:41:09 PM
    Last modified : 13/02/2003 7:01:00 AM

    #:14 [dsentry.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 1:41:09 PM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 1, 0, 5, 0
    ProductVersion : 1, 0, 5, 0
    Copyright : Copyright
    CompanyName : Dell - Advanced Desktop Engineering
    FileDescription : DVDSentry
    InternalName : DVDSentry
    OriginalFilename : DSentry.exe
    ProductName : Dell - DVDSentry
    Created on : 13/08/2003 4:27:40 PM
    Last accessed : 22/04/2004 1:41:09 PM
    Last modified : 13/08/2003 4:27:40 PM

    #:15 [pcmservice.exe]
    FilePath : C:\Program Files\Dell\Media Experience\
    ThreadCreationTime : 22-04-2004 1:41:09 PM
    BasePriority : Normal
    FileSize : 200 KB
    FileVersion : 1.0.0826
    ProductVersion : 1.0.0826
    Copyright : Copyright c 2003 CyberLink Corp.
    CompanyName : CyberLink Corp.
    FileDescription : PowerCinema Resident Program for Dell
    InternalName : PowerCinema Resident Program for Dell
    OriginalFilename : PCM2Launcher.EXE
    ProductName : PCM2Launcher Application
    Created on : 09/12/2003 6:54:06 AM
    Last accessed : 22/04/2004 1:41:09 PM
    Last modified : 27/08/2003 1:47:34 AM

    #:16 [realplay.exe]
    FilePath : C:\Program Files\Real\RealPlayer\
    ThreadCreationTime : 22-04-2004 1:41:10 PM
    BasePriority : Normal
    FileSize : 25 KB
    FileVersion : 6.0.9.584
    ProductVersion : 6.0.9.584
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealPlayer
    InternalName : REALPLAY
    OriginalFilename : REALPLAY.EXE
    ProductName : RealPlayer (32-bit)
    Created on : 09/12/2003 6:58:52 AM
    Last accessed : 22/04/2004 1:41:10 PM
    Last modified : 09/12/2003 6:58:52 AM

    #:17 [mcagent.exe]
    FilePath : C:\PROGRA~1\mcafee.com\agent\
    ThreadCreationTime : 22-04-2004 1:44:34 PM
    BasePriority : Normal
    FileSize : 240 KB
    FileVersion : 4, 3, 0, 27
    ProductVersion : 4, 3, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee SecurityCenter Agent
    InternalName : mcagent
    OriginalFilename : mcagent.exe
    ProductName : McAfee SecurityCenter
    Created on : 16/04/2004 3:42:47 PM
    Last accessed : 22/04/2004 1:44:34 PM
    Last modified : 08/12/2003 8:38:52 PM

    #:18 [mcupdate.exe]
    FilePath : C:\PROGRA~1\mcafee.com\agent\
    ThreadCreationTime : 22-04-2004 1:44:34 PM
    BasePriority : Normal
    FileSize : 176 KB
    FileVersion : 4, 3, 0, 24
    ProductVersion : 4, 3, 0, 0
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee SecurityCenter Update Engine
    InternalName : mcupdate
    OriginalFilename : mcupdate.exe
    ProductName : McAfee SecurityCenter
    Created on : 16/04/2004 3:42:47 PM
    Last accessed : 22/04/2004 1:44:34 PM
    Last modified : 21/11/2003 1:04:30 AM

    #:19 [mmtask.exe]
    FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
    ThreadCreationTime : 22-04-2004 1:44:34 PM
    BasePriority : Normal
    FileSize : 52 KB
    FileVersion : 1.0.0.1
    ProductVersion : 1.0.0.1
    Copyright : TODO: (c) <Company name>. All rights reserved.
    CompanyName : TODO: <Company name>
    FileDescription : TODO: <File description>
    InternalName : mmtask.exe
    OriginalFilename : mmtask.exe
    ProductName : TODO: <Product name>
    Created on : 09/12/2003 7:01:13 AM
    Last accessed : 22/04/2004 1:44:34 PM
    Last modified : 06/10/2003 4:05:40 PM

    #:20 [mm_tray.exe]
    FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
    ThreadCreationTime : 22-04-2004 1:44:35 PM
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 8.10.1006
    ProductVersion : 8.10.1006
    Copyright : Copyright
    CompanyName : MUSICMATCH, Inc.
    FileDescription : mm_tray
    InternalName : mm_tray
    OriginalFilename : mm_tray.exe
    ProductName : MUSICMATCH JUKEBOX
    Created on : 09/12/2003 7:01:13 AM
    Last accessed : 22/04/2004 1:44:35 PM
    Last modified : 06/10/2003 4:05:40 PM

    #:21 [mcvsshld.exe]
    FilePath : C:\PROGRA~1\mcafee.com\vso\
    ThreadCreationTime : 22-04-2004 1:44:35 PM
    BasePriority : Normal
    FileSize : 156 KB
    FileVersion : 4, 4, 0, 35
    ProductVersion : 4, 4, 0, 20
    Copyright : Copyright
    CompanyName : Networks Associates Technology, Inc
    FileDescription : McAfee ActiveShield
    InternalName : msvcshld
    OriginalFilename : mcvsshld.exe
    ProductName : McAfee VirusScan Online
    Created on : 09/12/2003 7:00:46 AM
    Last accessed : 22/04/2004 1:44:35 PM
    Last modified : 21/03/2003 6:52:12 PM

    #:22 [support.exe]
    FilePath : C:\Program Files\Common Files\Dell\EUSW\
    ThreadCreationTime : 22-04-2004 1:44:35 PM
    BasePriority : Normal
    FileSize : 240 KB
    FileVersion : 2, 0, 0, 33
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Dell
    FileDescription : Support
    InternalName : Support
    OriginalFilename : Support.exe
    ProductName : Dell Support
    Created on : 24/06/2003 4:46:30 PM
    Last accessed : 22/04/2004 1:44:35 PM
    Last modified : 24/06/2003 4:46:30 PM

    #:23 [wkufind.exe]
    FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
    ThreadCreationTime : 22-04-2004 1:44:35 PM
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 7.00.0716.0
    ProductVersion : 7.00.0716.0
    Copyright : Copyright
    CompanyName : Microsoft
    FileDescription : Microsoft
    InternalName : WkUFind
    OriginalFilename : WkUFind.exe
    ProductName : Update Detection Module
    Created on : 16/07/2002 1:21:48 PM
    Last accessed : 22/04/2004 1:44:35 PM
    Last modified : 16/07/2002 1:21:48 PM

    #:24 [mpftray.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 22-04-2004 1:44:36 PM
    BasePriority : Normal
    FileSize : 1348 KB
    FileVersion : 5.0.1.5
    ProductVersion : 5.0.1.5
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Tray Monitor
    InternalName : MpfTray
    OriginalFilename : MPFTRAY.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 29/01/2004 3:17:17 AM
    Last accessed : 22/04/2004 1:44:36 PM
    Last modified : 02/09/2003 7:00:00 PM

    #:25 [dlg.exe]
    FilePath : C:\Program Files\Digital Line Detect\
    ThreadCreationTime : 22-04-2004 1:44:38 PM
    BasePriority : Normal
    FileSize : 24 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : BVRP Software
    FileDescription : Digital Line Detection
    InternalName : TestLine
    OriginalFilename : TestLine.exe
    ProductName : BVRP Software TestLine
    Created on : 09/12/2003 6:52:56 AM
    Last accessed : 22/04/2004 1:44:38 PM
    Last modified : 20/06/2003 9:43:00 AM

    #:26 [mpfagent.exe]
    FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
    ThreadCreationTime : 22-04-2004 1:44:40 PM
    BasePriority : Normal
    FileSize : 500 KB
    FileVersion : 4.1.0.1
    ProductVersion : 4.1.0.1
    Copyright : Copyright
    CompanyName : McAfee Security
    FileDescription : McAfee Personal Firewall Agent Interface
    InternalName : MpfAgent
    OriginalFilename : MPFAGENT.EXE
    ProductName : McAfee Personal Firewall (MPF)
    Created on : 29/01/2004 3:17:17 AM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 02/09/2003 7:00:00 PM

    #:27 [sgmain.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 22-04-2004 1:44:40 PM
    BasePriority : Normal
    FileSize : 352 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC
    FileDescription : SpywareGuard
    InternalName : sgmain
    OriginalFilename : sgmain.exe
    ProductName : SpywareGuard
    Created on : 30/08/2003 12:05:35 AM
    Last accessed : 22/04/2004 1:44:40 PM
    Last modified : 30/08/2003 12:05:35 AM

    #:28 [sgbhp.exe]
    FilePath : C:\Program Files\SpywareGuard\
    ThreadCreationTime : 22-04-2004 1:44:41 PM
    BasePriority : Normal
    FileSize : 228 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
    FileDescription : SG Browser Hijacking Protection
    InternalName : sgbhp
    OriginalFilename : sgbhp.exe
    ProductName : SG Browser Hijacking Protection
    Created on : 29/08/2003 4:14:56 PM
    Last accessed : 22/04/2004 12:47:49 PM
    Last modified : 29/08/2003 4:14:56 PM

    #:29 [wuauclt.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 22-04-2004 1:44:57 PM
    BasePriority : Normal
    FileSize : 145 KB
    FileVersion : 5.4.3790.20 built by: lab04_n
    ProductVersion : 5.4.3790.20
    CompanyName : Microsoft Corporation
    FileDescription : Windows Update AutoUpdate Client
    InternalName : wuauclt.exe
    OriginalFilename : wuauclt.exe
    ProductName : Microsoft
    Created on : 29/08/2002 11:00:00 AM
    Last accessed : 22/04/2004 1:01:52 PM
    Last modified : 10/02/2004 2:09:02 AM

    #:30 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 22-04-2004 1:46:01 PM
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 22/04/2004 1:30:07 PM
    Last accessed : 22/04/2004 1:46:01 PM
    Last modified : 13/07/2003 3:00:20 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    DSSAgent Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Broderbund Software\DSS


    Win32.Backdoor.Jeem Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SYSTEM\ControlSet001\Services\Swartax


    Win32.Backdoor.Jeem Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SYSTEM\CurrentControlSet\Services\Swartax


    CoolWebSearch Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    Value : {3F143C3A-1457-6CCA-03A7-7AA23B61E40F}


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : 1c3943


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : 4lkf83


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : vk8593


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : 2340v93


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : 4c34


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : c0948273


    Win32.Backdoor.Jeem Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : Software\Microsoft\Windows\CurrentVersion\Welcome
    Value : 398349873


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 12
    Objects found so far: 12


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 12


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    CoolWebSearch Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 13


    8:47:28 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:01:15:672
    Objects scanned :45660
    Objects identified :13
    Objects ignored :0
    New objects :13
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi jgil,

    What Ad-Aware found looks like registry debris to me.
    Click the Quarantaine button after the scan and it will make a backup of the things it removes. One never knows. :)

    Regards,

    Pieter
     
  7. jgil

    jgil Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    5
    Thanks Peiter, Derek, Dave38 and ALL!
    I have quarantained those files, rebooted, and my pc seems to be working without negative incident. I will retain quarantined files for a while, curious how that works, but will not bog you all down with my triffle questions, I can research elsewhere. ... even though the MOST BURNING curiousity is ... could we not just dump IE and get another browser, or dump compromised IE and get clean version. Or would we just be fueling the MS money tree...

    I now have HJT, CWshredder, TDS3 spyware guard and blaster, Ad-AWARE, an my humble D--L factory loaded Macaffe firewall and antivirus, which are looking kind of drab and low function next to the rest.

    I simply did not believe that not only is all this freeware, but it comes with such HUGE and BRILLIANT SUPPORT. I will help in my small way to contribute to the funding. And I will relay the message. I know you all are busy and have great work to do... so cheers, and keep well.

    Joel.
     
Thread Status:
Not open for further replies.