21Jo

Hello!

Two viruses (drk.localnrd.com and offer optimizer.com) don't seem to want to leave me alone. I've seen similar problems on this forum and have gone ahead and done some of the recommended actions - I've gone into safe mode and run Ad-ware 6.0 (no viruses found); Spybot and HijackThis (log is below) - but, after doing that I'm still showing those 2 viruses when I open Internet Explorer.

Below are the latest logs from the 3 'safe mode' scans completed this morning. I didn't do anything as a result of the 'HijackThis' scan because they recommend that they let someone 'knowledgable' check out the log and that's not me! :)

Any assistance you can offer is greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 1152 AM, on 2004-10-25
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\jdavis\Desktop\HijackThis.exe

O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [upddtidy] C:\WINNT\system32\tbinstal.exe TIDY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lemangroup.com

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :October 25, 2004 10:48:16 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R346 24.10.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R346 24.10.2004
Internal build : 280
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1370795 Bytes
Signature data size : 1348367 Bytes
Reference data size : 22364 Bytes
Signatures total : 29815
Target categories : 10
Target families : 581

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:45 %
Total physical memory:130460 kb
Available physical memory:58484 kb
Total page file size:309416 kb
Available on page file:246400 kb
Total virtual memory:2097024 kb
Available virtual memory:2054316 kb
OS:Windows 2000

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


2004-10-25 10:48:16 AM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 2004-10-25 2:46:45 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 2004-10-25 2:46:52 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 2004-10-25 2:46:56 PM
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1980-01-01 4:00:00 AM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2003-06-19 7:05:04 PM

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 2004-10-25 2:46:56 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
OriginalFilename : lsasrv.dll and lsass.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2002-07-22 7:54:58 PM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2004-02-25 11:59:08 PM

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 2004-10-25 2:47:00 PM
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 1980-01-01 4:00:00 AM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2000-07-26 11:00:00 AM

#:6 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 2004-10-25 2:47:36 PM
BasePriority : Normal
FileSize : 237 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2004-09-16 1:42:57 PM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2003-06-19 7:05:04 PM

#:7 [cmd.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 2004-10-25 2:47:36 PM
BasePriority : Normal
FileSize : 230 KB
FileVersion : 5.00.2195.6824
ProductVersion : 5.00.2195.6824
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows NT Command Processor
InternalName : cmd
OriginalFilename : Cmd.Exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 2004-04-16 9:03:44 PM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2003-09-21 12:45:06 AM

#:8 [autopcc.exe]
FilePath : \\SERVER\OFCSCAN\
ThreadCreationTime : 2004-10-25 2:47:37 PM
BasePriority : Normal
FileSize : 180 KB
Created on : 2002-12-31 3:53:12 AM
Last accessed : 2004-10-25 2:48:16 PM
Last modified : 2004-01-19 6:50:18 PM

#:9 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 2004-10-25 2:47:57 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 2004-02-20 1:22:10 PM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2003-07-13 2:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 0



10:55:48 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:07:32:260
Objects scanned :95262
Objects identified :0
Objects ignored :0
New objects :0

--- Report generated: 2004-10-25 11:00 ---

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1645522239-1214440339-1417001333-1114\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-08-11 Includes\Cookies.sbi
2004-10-11 Includes\Dialer.sbi
2004-10-14 Includes\Hijackers.sbi
2004-10-07 Includes\Keyloggers.sbi
2004-10-12 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-09-16 Includes\Security.sbi
2004-10-12 Includes\Spybots.sbi
2004-10-11 Includes\Trojans.sbi
2004-08-30 Includes\Tracks.uti

Horse

Hello and welcome to TSF

I see that you are using an outdated version of Hijack This. Please get the latest version here or use the link in my signature, click and download the program.

Open Hijack This and click on Scan. Check the following entry

O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll

Please remember to close any open windows and browsers before fixing any entries.

In Hijack This, hit the Fix checked button.

Run an online scan at Trend Micro or RAV Antivirus.
Please select the “autoclean” option when using Trend Micro.

Please post a fresh Hijack This log so that we can check if your system is clean.

__________________
Please Read The 5 Step Process Before You post A Log
Hijack This v2.02 :: Adaware SE :: Spybot Search & Destroy :: SpywareBlaster :: CWShredder

To Donate :: Please Click Here ::

PROUD MEMBER OF ASAP SINCE NOVEMBER 2004

21Jo

Hello again -

Cheers for your reply.....I've done as instructed and below is the updated log from Hijack This - how does it look?

Thanks again - in advance! - for checking this out. You provide better support then the support we pay for - planning any trips to Toronto? :)

Logfile of HijackThis v1.98.2
Scan saved at 9:43:26 AM, on 2004-10-26
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [upddtidy] C:\WINNT\system32\tbinstal.exe TIDY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lemangroup.com

CTSNKY

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [upddtidy] C:\WINNT\system32\tbinstal.exe TIDY <<<If you know this program and wish to keep it, ignore this instruction and those below regarding it.
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Reboot into Safe Mode (hit F8 key until menu shows up). Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINNT\system32\tbinstal.exe

Reboot into Normal Mode and post a new HijackThis log file so we can make sure it's clean.

__________________


GO BIG BLUE!!

21Jo

Hello -

Well, I've done everything commanded, in the order it was commanded, and below is the latest Hijack This log - is everything cool?

Many thanks again!!!!

Jo

Logfile of HijackThis v1.98.2
Scan saved at 3:33:38 PM, on 2004-10-28

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\unzipped\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lemangroup.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lemangroup.com

MicroBell

Your log looks clean and those two files are no longer listed. Everything running fine??

__________________

21Jo

Hello -

All is running fine, except I did another SpyBot and Ad-aware check right now and more of the little devils were found....here's the log sheet.

I guess there's no way of staying completely clean?

Jo

SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware.exe
Category : Malware
Comment :
Object : C:\Program Files\NoAdware\
FileSize : 1344 KB
FileVersion : 3.0
ProductVersion : 2.01
Copyright : Copyright (C) 2003
CompanyName : NoAdware (http://www.noadware.net)
FileDescription : NoAdware Application
InternalName : NoAdware
OriginalFilename : NoAdware.EXE
ProductName : NoAdware Application
Created on : 2004-10-08 6:20:18 PM
Last accessed : 2004-10-29 4:00:00 AM
Last modified : 2004-10-08 6:20:18 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Scanning Hosts file(C:\WINNT\system32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1 entries scanned.
New objects :0
Objects found so far: 1




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

SCAM.Enigma.NoAdware Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : SOFTWARE\NoAdware


SCAM.Enigma.NoAdware Object recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\program files\NoAdware


SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : unins000.dat
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 1 KB
Created on : 2004-10-25 3:02:29 PM
Last accessed : 2004-10-29 4:00:00 AM
Last modified : 2004-10-25 3:02:32 PM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : unins000.exe
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 75 KB
FileVersion : 51.13.0.0
ProductVersion :
Copyright : Copyright (C) 1997-2004 Jordan Russell
FileDescription : Uninstaller
ProductName : Inno Setup
Created on : 2004-03-19 6:00:00 AM
Last accessed : 2004-10-29 4:00:00 AM
Last modified : 2004-03-19 6:00:00 AM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : logs
Category : Malware
Comment :
Object : c:\program files\noadware\

Created on : 2004-10-25 3:02:30 PM
Last accessed : 2004-10-25 4:00:00 AM
Last modified : 2004-10-25 3:02:32 PM



SCAM.Enigma.NoAdware Object recognized!
Type : File
Data : noadware_102204_v201.na
Category : Malware
Comment :
Object : c:\program files\noadware\
FileSize : 871 KB
Created on : 2004-10-25 3:02:52 PM
Last accessed : 2004-10-29 4:00:00 AM
Last modified : 2004-10-25 3:02:56 PM



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 6
Objects found so far: 7


2:56:35 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:10:17:831
Objects scanned :95203
Objects identified :7
Objects ignored :0
New objects :7

greyknight17

NoAdware is not good to keep and that's why it's caught by Ad-aware. Go to Add/Remove Panel to make sure it's not listed anymore. If so, remove it.

Then delete this folder:
C:\Program Files\NoAdware\

To help prevent future spyware installations/infections, please read the Anti-Spyware Section and use the tools provided.

Any problems now?

__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.

Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D

Anti-Spyware Tutorial :: Spyware Prevention Tools