Help!

Help Please Getting Rid Of Morze1

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  Sata Pci Controller  
Author Message
lynn822



Joined: Apr 04, 2004
Posts: 2
PostPosted: Sun Apr 04, 2004 9:31 pm    Post subject:
I have downloaded Hijack This and here are the results please tell me what I need to delete to get my computer back to normal. Thanks :unsure:

Logfile of HijackThis v1.97.7
Scan saved at 9:26:33 PM, on 4/4/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.1.8.0\HBSRV.EXE
C:\UNZIPPED\HIJACKTHIS1977[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sharempeg.com/find/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:24491;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.1.8.0\HBHOSTIE.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.1.8.0\HBHOSTIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSATE~2.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: A5QAG0YJ.lnk = C:\WINDOWS\a5qag0yj.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: KJEOP02Q.lnk = C:\WINDOWS\a5qag0yj.exe
O4 - Global Startup: 0UQEEDQ7.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: A5QAG0YJ.lnk = C:\WINDOWS\a5qag0yj.exe
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://www.ea.com/downloads/games/common/b...trap/iegils.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.terra.es/personal5/jenna18f/webcam.exe
O16 - DPF: {BAA165DA-1DAF-4F18-9A28-E0D2D3937A1F} (Wrapper Class) - http://webevents.broadcast.com/wsp/VisionBrowser.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {4C470CD2-7394-11D4-9691-00D0B707528C} (Upload Class) - http://www.expressit.com/plugin/UpldPlug.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?37898.8590625
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/hotbar...rams/hotbar.cab
Back to top
Die Hard



Joined: Apr 05, 2003
Posts: 2196
PostPosted: Mon Apr 05, 2004 2:45 am    Post subject:
lynn822 , hi and welcome :)

Could you please go to this link and download AdAware6: http://help.lockergnome.com/index.php?showtopic=11785

Read the setup info and configure the progran according to "step 4" and "custom mode"
Don´t forget to download the latest reference-file by clicking on "check for updates" in the main window of the program.

Then post the logfile produced in this thread and let´s have a look at it.
It will be an extended log, so maybe you will have to use more than one reply to get it all in .

Regards

Die Hard Smile
Back to top
lynn822



Joined: Apr 04, 2004
Posts: 2
PostPosted: Mon Apr 05, 2004 8:39 pm    Post subject:
Hi Die Hard: Here is the file I tried to go through and clean up some files after reading other post. See if anything else needs cleaning. Thank you
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, April 05, 2004 6:52:40 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R279 31.03.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R279 31.03.2004
Internal build : 207
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1010390 Bytes
Signature data size : 992994 Bytes
Reference data size : 17332 Bytes
Signatures total : 22327
Target categories : 10
Target families : 470

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:27 %
Total physical memory:130476 kb
Available physical memory:108 kb
Total page file size:1051328 kb
Available on page file:970776 kb
Total virtual memory:2093056 kb
Available virtual memory:2050304 kb
OS:Windows (98)

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Automatically try to unregister objects prior to deletion
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


4-5-04 6:52:40 PM - Scan started. (Custom mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279183511
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294934379
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928891
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294922683
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:5 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294944771
Threads : 15
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 5/12/98 12:01:00 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:6 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294840083
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:7 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294867083
Threads : 1
Priority : Normal
FileSize : 36 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:8 [ctlauncher.exe]
FilePath : C:\PROGRAM FILES\CREATIVE\LAUNCHER\
ProcessID : 4294853607
Threads : 1
Priority : Normal
FileSize : 184 KB
FileVersion : 1.0.0.15
ProductVersion : 1.0
Copyright : Copyright © Creative Technology Ltd 1998
CompanyName : Creative Technology Ltd
FileDescription : Creative Launcher
InternalName : Launcher
OriginalFilename : Launcher
ProductName : Creative Launcher
Created on : 6/25/01 11:50:47 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 7/15/98 5:00:00 AM

#:9 [ahqtb.exe]
FilePath : C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\
ProcessID : 4294879135
Threads : 1
Priority : Normal
FileSize : 187 KB
FileVersion : 1.0.172
ProductVersion : 1.0.172
Copyright : Copyright © Creative Technology Ltd. 1997-1998
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
OriginalFilename : AHQTb.exe
ProductName : AudioHQ
Created on : 6/25/01 11:51:06 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 7/16/98 5:00:00 AM

#:10 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294873375
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 8/18/01 3:23:26 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/3/00 9:23:10 PM

#:11 [atiptaxx.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294889991
Threads : 1
Priority : Normal
FileSize : 240 KB
FileVersion : 6.13.2519
ProductVersion : 6.13.2519
Copyright : Copyright © 1998-2001 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 12/17/01 11:32:28 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 9/23/01 5:17:14 AM

#:12 [weather.exe]
FilePath : C:\PROGRAM FILES\AWS\WEATHERBUG\
ProcessID : 4294779055
Threads : 7
Priority : Normal
FileSize : 772 KB
FileVersion : 4, 1, 0, 5
ProductVersion : 4, 1, 0, 5
Copyright : Copyright
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
OriginalFilename : WeatherBug.exe
ProductName : AWS, Inc.WeatherBug
Created on : 11/25/02 8:48:56 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 11/19/02 2:31:08 PM

#:13 [msnmsgr.exe]
FilePath : C:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294787443
Threads : 2
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 3/4/04 7:01:00 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 3/4/04 7:01:00 PM

#:14 [gmt.exe]
FilePath : C:\PROGRAM FILES\COMMON FILES\GMT\
ProcessID : 4294827347
Threads : 18
Priority : Normal
FileSize : 2068 KB
FileVersion : 6.0.3.4
ProductVersion : 6.0.3.4
Copyright : Copyright
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
OriginalFilename : GMT.exe
ProductName : GAIN
Created on : 3/26/04 6:50:34 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 3/26/04 6:50:34 PM

#:15 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294119031
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 6/26/01 12:01:05 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:16 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294179187
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 1/1/01
Last accessed : 4/5/04 4:00:00 AM
Last modified : 5/12/98 12:01:00 AM

#:17 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294745943
Threads : 3
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/4/04 6:01:54 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 7/13/03 2:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Claria Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}


Claria Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Gator.com


WildTangent Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\WildTangent


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 3
Objects found so far: 3


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagedefault-homepage-network.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://default-homepage-network.com/start.cgi?hklm"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://default-homepage-network.com/start.cgi?hklm"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwww.websearch.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://www.websearch.com/ie.aspx?tb_id=50038"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.websearch.com/ie.aspx?tb_id=50038"


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostol.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{00C1117B-AB91-4ADD-9BBF-5D22D099DEBD}


HotBar Object recognized!
Type : File
Data : hbhostol.dll
Category : Data Miner
Comment :
Object : c:\program files\hotbar\bin\4.1.8.0\
FileSize : 420 KB
FileVersion : 4, 1, 13, 1174
ProductVersion : 4, 1, 13, 1174
Copyright : Copyright 2001
CompanyName : Hotbar.com Inc.
FileDescription : HbHostOL Module
InternalName : HbHostOL
OriginalFilename : HbHostOL.DLL
ProductName : Hotbar
Created on : 10/2/02 11:40:11 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/2/02 11:42:42 AM



HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostol.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbcoresrv.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}


HotBar Object recognized!
Type : File
Data : hbcoresrv.dll
Category : Data Miner
Comment :
Object : c:\program files\hotbar\bin\4.1.8.0\
FileSize : 448 KB
FileVersion : 4, 1, 6, 1174
ProductVersion : 4, 1, 6, 1174
Copyright : Copyright 2001
CompanyName : Hotbar.com Inc.
FileDescription : HbCoreSrv Module
InternalName : HbCoreSrv
OriginalFilename : HbCoreSrv.DLL
ProductName : Hotbar
Created on : 10/2/02 11:42:49 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/2/02 11:42:50 AM



HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostol.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8}


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostie.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}


HotBar Object recognized!
Type : File
Data : hbhostie.dll
Category : Data Miner
Comment :
Object : c:\program files\hotbar\bin\4.1.8.0\
FileSize : 316 KB
FileVersion : 4, 1, 1, 1174
ProductVersion : 4, 1, 1, 1174
Copyright : Copyright 2001
CompanyName : Hotbar.com Inc.
FileDescription : HbHostIE Module
InternalName : HbHostIE
OriginalFilename : HbHostIE.DLL
ProductName : Hobar
Created on : 10/2/02 11:40:15 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/2/02 11:42:46 AM



HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbtoolbar.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : File
Data : hbtoolbar.dll
Category : Data Miner
Comment :
Object : c:\program files\hotbar\bin\4.1.8.0\
FileSize : 468 KB
FileVersion : 4, 1, 3, 1174
ProductVersion : 4, 1, 3, 1174
Copyright : Copyright 2001
CompanyName : Hotbar.com Inc.
FileDescription : HbToolbar Module
InternalName : HbToolbar
OriginalFilename : HbToolbar.DLL
ProductName : Hotbar
Created on : 10/2/02 11:42:46 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/2/02 11:42:48 AM



HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostie.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostie.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data : c:\program files\hotbar\bin\4.1.8.0\hbcoresrv.dll
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{60F63095-41EC-11D5-B558-00D0B77F0A6D}


HotBar Object recognized!
Type : RegKey
Data : c:\program files\hotbar\bin\4.1.8.0\hbhostol.dll
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}


HotBar Object recognized!
Type : RegKey
Data : c:\program files\hotbar\bin\4.1.8.0\hbtoolbar.dll
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{A80347D3-F757-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : RegKey
Data : c:\program files\hotbar\bin\4.1.8.0\hbhostie.dll
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{B195B3A5-8A05-11D3-97A4-0004ACA6948E}


HotBar Object recognized!
Type : RegKey
Data : c:\program files\hotbar\bin\4.1.8.0\hbsrv.exe
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{B701A704-F828-11D4-A466-00508B5BA2DF}


HotBar Object recognized!
Type : File
Data : hbsrv.exe
Category : Data Miner
Comment :
Object : c:\program files\hotbar\bin\4.1.8.0\
FileSize : 348 KB
FileVersion : 4, 1, 4, 1174
ProductVersion : 4, 1, 4, 1174
Copyright : Copyright 2001
CompanyName : Hotbar.com Inc.
FileDescription : HbSrv Module
InternalName : HbSrv
OriginalFilename : HbSrv.EXE
ProductName : Hotbar
Created on : 10/2/02 11:42:55 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/2/02 11:42:56 AM



HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({1038DD23-8AE8-451B-A134-4DB8A49AA519})
Rootkey : HKEY_CLASSES_ROOT
Object : Atlnet.HbWebmailSend


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({1038DD23-8AE8-451B-A134-4DB8A49AA519})
Rootkey : HKEY_CLASSES_ROOT
Object : Atlnet.HbWebmailSend.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({60F630A2-41EC-11D5-B558-00D0B77F0A6D})
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreSrv.HbCoreServices


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({60F630A2-41EC-11D5-B558-00D0B77F0A6D})
Rootkey : HKEY_CLASSES_ROOT
Object : HbCoreSrv.HbCoreServices.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({B195B3B3-8A05-11D3-97A4-0004ACA6948E})
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostIE.HbBho.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({00C1117B-AB91-4ADD-9BBF-5D22D099DEBD})
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbElementFocus


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({00C1117B-AB91-4ADD-9BBF-5D22D099DEBD})
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbElementFocus.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({6FE00B71-7251-4E00-9186-ED89BBB946B8})
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbMailAnim


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({6FE00B71-7251-4E00-9186-ED89BBB946B8})
Rootkey : HKEY_CLASSES_ROOT
Object : HbHostOL.HbMailAnim.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({A80347E0-F757-11D4-A466-00508B5BA2DF})
Rootkey : HKEY_CLASSES_ROOT
Object : HbToolbar.HbToolbarCtl


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({A80347E0-F757-11D4-A466-00508B5BA2DF})
Rootkey : HKEY_CLASSES_ROOT
Object : HbToolbar.HbToolbarCtl.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({B195B3B3-8A05-11D3-97A4-0004ACA6948E})
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbBho


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({BECAFC17-BAF9-11D4-B492-00D0B77F0A6D})
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbCommBand


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({BECAFC17-BAF9-11D4-B492-00D0B77F0A6D})
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbCommBand.1


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({75D2080B-4857-4B96-9B7D-732634FBD01F})
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbMain


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({75D2080B-4857-4B96-9B7D-732634FBD01F})
Rootkey : HKEY_CLASSES_ROOT
Object : Hotbar.HbMain.1


HotBar Object recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : ({B195B3B3-8A05-11D3-97A4-0004ACA6948E})
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value : {B195B3B3-8A05-11D3-97A4-0004ACA6948E}

Possible browser hijack attempt : {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab)

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Possible browser hijack attempt : http://installs.hotbar.com/installs/hotbar...rams/hotbar.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}


DSSAgent Object recognized!
Type : RegValue
Data : dssagent.exe
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\BBStore\DSS\DSSAGENT.EXE


HotBar Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : c:\program files\hotbar\bin\4.1.8.0\hbhostie.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 35
Objects found so far: 43


Deep scanning and examining files (CSmile
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Favoriteman Object recognized!
Type : File
Data : browserhelper.dll
Category : Data Miner
Comment :
Object : C:\




IBIS Toolbar Object recognized!
Type : File
Data : wintools.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 6 KB
Created on : 3/25/04 10:44:14 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 3/19/04 3:21:54 AM



WildTangent Object recognized!
Type : File
Data : wtcpl.cpl
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 44 KB
FileVersion : 1.6.0.37
ProductVersion : 1.6.0.37
Copyright : Copyright
CompanyName : WildTangent, Inc.
FileDescription : wtcpl
InternalName : wtcpl
OriginalFilename : wtcpl.cpl
ProductName : Wild Tangent wtcpl
Created on : 10/18/02 7:40:33 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 9/27/02 6:47:26 PM



Winpup32 Object recognized!
Type : File
Data : tmrusxxa.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright :
Created on : 3/26/04 8:52:04 PM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 2/26/04 8:17:50 PM



Winpup32 Object recognized!
Type : File
Data : tr9dgaaa.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\
FileSize : 64 KB
Copyright : Hos
Created on : 3/27/04 12:41:36 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 2/26/04 8:17:50 PM



DownloadWare Object recognized!
Type : File
Data : webinstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Adware\
FileSize : 10 KB
FileVersion : 1.0.0.41
ProductVersion : 1.0.0.41
Copyright : Copyright
CompanyName : Copyright
FileDescription : Web Install
InternalName : 1.0.0.41
OriginalFilename : 1.0.0.41
ProductName : 1.0.0.41
Created on : 12/21/02 1:20:09 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/28/02 5:37:26 PM



WhenU Object recognized!
Type : File
Data : savenowinst.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Adware\
FileSize : 141 KB
FileVersion : 1, 6, 0, 2
ProductVersion : 1, 6, 0, 2
Copyright : Copyright 2000
CompanyName : WhenU.com, Inc.
FileDescription : SaveNow Setup
InternalName : SaveNowInst
OriginalFilename : SaveNowInst.exe
ProductName : SaveNow Setup
Created on : 12/21/02 1:20:09 AM
Last accessed : 4/5/04 4:00:00 AM
Last modified : 10/28/02 5:37:26 PM



IBIS Toolbar Object recognized!
Type : File
Data : btiein.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\msiein\CAB37826.7020634259\
FileSize : 201 KB
Copyright :
Back to top
Die Hard



Joined: Apr 05, 2003
Posts: 2196
PostPosted: Tue Apr 06, 2004 3:06 am    Post subject:
lynn822 :)

Quote:
It will be an extended log, so maybe you will have to use more than one reply to get it all in .


Unfortunately all of your logfile didn´t fit in Wink
Please do this:
Navigate to "C:\Programs\Lavasoft\AdAware6\logs" and there look for the logfile with the corresponding date and time and continue copy from here and downwards and post it:

IBIS Toolbar Object recognized!
Type : File
Data : btiein.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\msiein\CAB37826.7020634259\
FileSize : 201 KB
Copyright :

Die Hard Smile
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum