• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
ericerb

Ad-Aware won't scan

4 posts in this topic

w2k, sp4; dell optiplex GX100; 256K ram.

an old machine to be sure but still kicking, up until this. My grandfather told me about computers like this but i never thought i'd see one. sentimental value.

assistance greatly appreciated. thanks

 

ad-aware event log:

20090106 18-14-33 : Startup scan disabled.

20090106 19-09-54 : Scan terminated by user.

20090106 19-09-54 : Scan terminated by user.

20090106 19-14-25 : Startup scan disabled.

20090106 20-03-07 : Full scan started.

20090106 20-08-12 : Startup scan disabled.

 

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:19:55 PM, on 1/6/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\WINNT\System32\PSSVC.EXE

C:\DMI\bin\dmisrv.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe

C:\WINNT\system32\hidserv.exe

C:\WINNT\system32\drivers\KodakCCS.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\ScsiAccess.EXE

C:\WINNT\System32\tcpsvcs.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\wanmpsvc.exe

C:\DMI\bin\win32sl.exe

C:\DMI\bin\nic.exe

C:\DMI\bin\coo.exe

C:\DMI\bin\dnar.exe

C:\DMI\bin\nodemngr.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;<local>;localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [WorkFlow] D:\installs\BrdJmp\WorkFlow.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - .DEFAULT Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')

O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123890679626

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab

O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/display/PopupSh.ocx

O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab

O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AutoShutdown - Dell Computer Corporation - C:\WINNT\System32\PSSVC.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: dmisrv - Unknown owner - C:\DMI\bin\dmisrv.exe

O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

O23 - Service: Win32sl - Intel - C:\DMI\bin\win32sl.exe

--

End of file - 7572 bytes

 

rootkit revealer won't save, found five items:

HKU\\remoteaccess\internetprofile data mismatch between Windows API and raw hive data

HKLM\SECURITY\policy\secrets\SAC* key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\XATM:8c06e058...79be* key name contains embedded nulls (*)

HKLM\SOFTWARE error dumping hive: The system cannot find the file specified

Share this post


Link to post
Share on other sites

Hi can you provide a bit more information about the problem -e.g. error messages received and the like.

Edited by GoddersUK

Share this post


Link to post
Share on other sites

i'd tell you about error msg but there are none. it proceeds, appears to be scanning, hangs a bit (see attached) and then goes to the scan results screen, which reads Files scanned: 0

post-65900-1231456445.gif

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0