[jeffrey-clark]

Greetings: I'm new to posting in forums, and this is my first time here. Read and followed ( I hope) Sticky's "Please, Read This Before Posting A Hijackthis Log" instructions. Lady at my church received her first computer ever (used but, newly reformatted) and got infected the first day it was online. I.E. is hijacked and taken to wwwdotdcurtisdotcom/2/popup/1php?ref=john_p. There you are assaulted with some porn, told it is hopelessly embedded all over the hard drive, that information of somekind is constantly being collected and a link is given to click on in order to eliminate it. I did NOT click on the link. I installed firefox and used it to follow Sticky's instructions. It didn't seem to be affected. Thanks for any help you can give. Here is the Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:13 PM, on 1/17/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\AT&T SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\AT&T SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/p/hp/?http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://superwellbeing.com/?Enter=We... CLICK YES TO ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PostCopy] C:\WINDOWS\SYSTEM\Belkin\F5U109\PostCopy.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\AT&TSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\AT&T Self Support Tool\bin\matcli.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

 

[Ried]

Hello jeffrey-clark and welcome.

Our apologies for the delay. If you still require assistance, please do the following:

As I'm not seeing any malware manifesting itself in your log, please perform an online scan using Internet Explorer with Panda ActiveScan

1. Click on
   located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on
  then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

I'd also like to see the following:

Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

---------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
uninstall_list.txt
New HijackThis log

 

[jeffrey-clark]

Thanks for your help Ried. Here is the Panda-ActiveScan report:

Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\ [email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\ [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\59gkrdqr.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\59gkrdqr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\59gkrdqr.default\cookies.txt[statse.webtrendslive.com/]

Here is the HijackThis uninstall_list.txt file:

Adaptec DirectCD Reader
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
AudibleManager
BackWeb
Conexant SoftK56 Modem
Creative Mass Storage Drivers
Creative MediaSource
Creative System Information
Creative Zen Nano
F5U109 Driver Uninstall
GTE Easy Sign Up
HijackThis 1.99.1
HP Easy Internet
HP Help 2.1
HP Internet Center
HP Pavilion Desktop Tour
HP Printer Scanner Copier Enhancer
Internet Explorer Q891781
J2SE Runtime Environment 5.0 Update 10
Lavasoft VX2 Cleaner
Microsoft Encarta Encyclopedia 2000
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Money 2000 Standard Edition
Microsoft VGX Q833989
Microsoft Works 2000
Mozilla Firefox (2.0.0.1)
MusicMatch Jukebox 4
One-touch Multimedia Keyboard
Panda ActiveScan
Quicken Basic 2000
QuickLink III
RealPlayer G2
Riding Star
Riptide PCI Audio
SBC Self Support Tool
SiS Multimedia V1.06
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy 1.4
Starshine Episode 4
Trellix Web
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 KB908519 Update
Windows 98 KB918547 Update
Windows 98 Q823559 Update
Windows 98 Q888113 Update
Yahoo! Toolbar BETA
ZipGenius 6 (6.0.2.1060)


Here is the New HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 9:39:07 PM, on 1/22/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\AT&T SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\AT&T SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/p/hp/?http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: (no name) - rsion - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PostCopy] C:\WINDOWS\SYSTEM\Belkin\F5U109\PostCopy.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\AT&TSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\AT&T Self Support Tool\bin\matcli.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

I appreciate all your help. thanks again.

 

[Ried]

Hello,

The trouble here is that this is a 98se system and there are very few tools that are compatible with 98/ME systems. I see AdAware and Spybot are installed. Have they been updated and scanned with?

She is also in desperate need of an AntiVirus, which is likely why she got infected in the first place. We need to resolve that first. :sayyes:

Please download and install this excellent and FREE anti-virus program: (It is compatible with Windows 98se)

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.

• Please remember to register for your Activation Code using a legitimate email address.
• Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
  
  
  
  
  
  
  
• Then please update the program and run a systemwide scan by selecting My Computer. Allow it to neutralize all that it finds.
• When done, launch Active Virus Shield's main window.
  
  
  
  
  
  
  
• Click the Scan button on the left, and then click Detected.
  
  
• In the ensuing window, click the Save As button to save a copy of the log.
• Copy and paste that log in your next reply.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

------------------------------------------------------------

Next, let's make sure Spybot and AdAware are updated, then I'd like you to run scans with those programs as well:

To update AdAware, open the program and click on the 'World' icon at the top. Allow the updates to download. Wait to run the scan until after you've updated and immunized Spybot.

---------------------------------------------------

Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.

• Now click Mode menu and choose 'Advanced Mode'.
• Click on Immunize to your left.
• Next, click the Immunize button on top to Immunize your computer - you need to do this each time there is an update.
• Click 'Check for Problems' and fix all the entries, which are indicated in RED.

----------------------------------------------------------

Now run a full system scan with AdAware and fix everything that it finds.

----------------------------------------------------------

Please post all those logs here. You may have to use multiple posts to fit it all. Also let me know if IE is still being hijacked.

 

[jeffrey-clark]

Hello again Ried. Sorry to take so long getting back to you. I guess the email notification feature wasn't working or something. I finally checked back on the forum a few days later to make sure that I'd posted correctly and there was your reply. Then of course came the scans that took hours to run, etc. So... here we go.

Here is the AVS log (it found NO problems):

Scan My Computer
----------------
Scanned: 76728
Detected: 0
Untreated: 0
Start time: 1/27/07 10:36:03 AM
Duration: 04:37:22
Finish time: 1/27/07 3:13:25 PM


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
1/27/07 10:36:04 AM Memory: DOS Memory ok scanned
1/27/07 10:36:05 AM Running module: KERNEL32.DLL\USER32.DLL ok iChecker
1/27/07 10:36:05 AM File: C:\WINDOWS\SYSTEM\USER32.DLL ok iChecker
1/27/07 10:36:05 AM Running module: KERNEL32.DLL\GDI32.DLL ok iChecker
1/27/07 10:36:05 AM File: C:\WINDOWS\SYSTEM\GDI32.DLL ok iChecker
1/27/07 10:36:05 AM Running module: KERNEL32.DLL\ADVAPI32.DLL ok iChecker
1/27/07 10:36:05 AM File: C:\WINDOWS\SYSTEM\ADVAPI32.DLL ok iChecker
1/27/07 10:36:06 AM Running module: KERNEL32.DLL\KERNEL32.DLL ok scanned
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\KERNEL32.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\WSTRM32.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\WSTRM32.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\WINMM.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\WINMM.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\MPR.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\MPR.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\USER32.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\USER32.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\GDI32.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\GDI32.DLL ok iChecker
1/27/07 10:36:06 AM Running module: MSGSRV32.EXE\ADVAPI32.DLL ok iChecker
1/27/07 10:36:06 AM File: C:\WINDOWS\SYSTEM\ADVAPI32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MSGSRV32.EXE\KERNEL32.DLL ok scanned
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\KERNEL32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MSNP32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MSNP32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MSNET32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MSNET32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\IENPSTUB.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\IENPSTUB.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MSLOCUSR.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MSLOCUSR.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MPREXE.EXE ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MPREXE.EXE ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MPRSERV.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MPRSERV.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MSPWL32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MSPWL32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\MPR.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\MPR.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\USER32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\USER32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\GDI32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\GDI32.DLL ok iChecker
1/27/07 10:36:07 AM Running module: MPREXE.EXE\ADVAPI32.DLL ok iChecker
1/27/07 10:36:07 AM File: C:\WINDOWS\SYSTEM\ADVAPI32.DLL ok iChecker
1/27/07 10:36:08 AM Running module: MPREXE.EXE\KERNEL32.DLL ok scanned
1/27/07 10:36:08 AM File: C:\WINDOWS\SYSTEM\KERNEL32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSGLOOP.EXE\KERNEL32.DLL ok scanned
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\KERNEL32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\MSIDLE.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\MSIDLE.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\MSTASK.EXE ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\MSTASK.EXE ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\SHELL32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\SHELL32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\COMCTL32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\COMCTL32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\SHLWAPI.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\SHLWAPI.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\MSVCRT.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\MSVCRT.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\USER32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\USER32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\GDI32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\GDI32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\ADVAPI32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\ADVAPI32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: MSTASK.EXE\KERNEL32.DLL ok scanned
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\KERNEL32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: ENCMONTR.EXE\OLEPRO32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\OLEPRO32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: ENCMONTR.EXE\RASAPI32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\RASAPI32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: ENCMONTR.EXE\SECUR32.DLL ok iChecker
1/27/07 10:36:09 AM File: C:\WINDOWS\SYSTEM\SECUR32.DLL ok iChecker
1/27/07 10:36:09 AM Running module: ENCMONTR.EXE\MSVCRT20.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MSVCRT20.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\SVRAPI.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\SVRAPI.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\MSNET32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MSNET32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\MSPWL32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MSPWL32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\TAPI32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\TAPI32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\NETAPI32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\NETAPI32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\NETBIOS.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\NETBIOS.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\MPR.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MPR.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\ENCMONTR.EXE ok iChecker
1/27/07 10:36:10 AM File: C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\WSOCK32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\WSOCK32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\MSWSOCK.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MSWSOCK.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\WS2_32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\WS2_32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\WININET.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\WININET.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\CRYPT32.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\CRYPT32.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\RPCRT4.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\RPCRT4.DLL ok iChecker
1/27/07 10:36:10 AM Running module: ENCMONTR.EXE\MSOSS.DLL ok iChecker
1/27/07 10:36:10 AM File: C:\WINDOWS\SYSTEM\MSOSS.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\WS2HELP.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\WS2HELP.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\OLEAUT32.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\OLEAUT32.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\OLE32.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\OLE32.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\SHELL32.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\SHELL32.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\COMCTL32.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\COMCTL32.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\SHLWAPI.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\WINDOWS\SYSTEM\SHLWAPI.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\ENCMON.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\PROGRAM FILES\EASY INTERNET\ENCMON.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\BR_SRVC.DLL ok iChecker
1/27/07 10:36:11 AM File: C:\PROGRAM FILES\EASY INTERNET\BR_SRVC.DLL ok iChecker
1/27/07 10:36:11 AM Running module: ENCMONTR.EXE\MFC42.DLL ok iChecker


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archived Compressed Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ---------- ------------------ ---------
Total 76728 0 0 0 0 734 103 116 2
System Memory 1109 0 0 0 0 0 0 0 0
Startup Objects 232 0 0 0 0 0 0 0 0
System Restore 0 0 0 0 0 0 0 0 0
Mailboxes 0 0 0 0 0 0 0 0 0
All Hard Drives 75387 0 0 0 0 734 103 116 2
All Removable Drives 0 0 0 0 0 0 0 0 0


Settings
--------
Name Value
---- -----
Security Level Recommended
Action Prompt for action when the scan is complete
File types All
Scan new and changed files only No
Scan archives All
Scan embedded OLE objects All
Skip if object is greater than No
Skip if scan takes longer than No
Parse e-mail formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes

I couldn't find out how to save a log with Spybot, but noted the problems it found below:

Advertising.com
Avenue A, Inc.
MediaPlex
TagASaurus
WebTrends live

Here is the Adaware scan:

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, January 28, 2007 7:25:32 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R147 25.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):5 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


1-28-07 7:25:32 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279190513
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294931457
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933625
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294905417
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294936861
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:6 [ENCMONTR.EXE]
FilePath : C:\PROGRAM FILES\EASY INTERNET\
ProcessID : 4294966313
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : EncMontr Application
CompanyName : Yahoo! Inc.
FileDescription : EncMontr Application
InternalName : EncMontr
LegalCopyright : Copyright © 1997-1999 Yahoo! Inc. All rights reserved worldwide.
OriginalFilename : EncMontr.EXE

#:7 [KB918547.EXE]
FilePath : C:\WINDOWS\SYSTEM\KB918547\
ProcessID : 4294852661
Threads : 1
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB918547 EXE component
InternalName : KB918547
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2005
OriginalFilename : KB918547.EXE

#:8 [KB891711.EXE]
FilePath : c:\windows\SYSTEM\KB891711\
ProcessID : 4294854397
Threads : 1
Priority : Normal
FileVersion : 4.10.2223
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:9 [MSGLOOP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294846973
Threads : 1
Priority : Normal
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright (c) Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:10 [MSG32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294852249
Threads : 1
Priority : Realtime
FileVersion : 4.05.00.2112
ProductVersion : 4.05.00.2112
ProductName : WaveStream\Endless Wave
CompanyName : Rockwell Corporation
FileDescription : Rockwell WaveStream Message Server
InternalName : MSGLOOP.EXE
LegalCopyright : Copyright © Rockwell Corporation 1996-1998.
OriginalFilename : MSGLOOP.EXE

#:11 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294852593
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:12 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294890977
Threads : 8
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:13 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4278284137
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:14 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278286073
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:15 [MMKEYBD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4278312281
Threads : 8
Priority : Normal
FileVersion : 3.1.1.5
ProductVersion : 3.1.1.5
ProductName : One-touch Multimedia Keyboard
CompanyName : Netropa Corp.
FileDescription : One-touch Multimedia Keyboard
InternalName : MMKEYBD
LegalCopyright : Copyright © 1995-1999 Netropa Corp.
All Rights Reserved.
OriginalFilename : MMKEYBD.EXE

#:16 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278293869
Threads : 1
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:17 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4278217301
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:18 [CTDETECT.EXE]
FilePath : C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\
ProcessID : 4278219997
Threads : 1
Priority : Normal
FileVersion : 3.0.2.0
ProductVersion : 3.0.0.0
ProductName : Creative MediaSource Detector
CompanyName : Creative Technology Ltd
FileDescription : Creative MediaSource Detector
InternalName : CTDetect
LegalCopyright : Copyright (c) Creative Technology Ltd., 2003-2004. All rights reserved.
OriginalFilename : CTDetect.EXE

#:19 [SURFBRD.EXE]
FilePath : C:\HP INTERNET\SURFBOARD\
ProcessID : 4278196705
Threads : 4
Priority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
ProductName : AutoRun
CompanyName : Hewlett-Packard Company
FileDescription : AutoRun Application
InternalName : AutoRun
LegalCopyright : Copyright (C) 1999
OriginalFilename : AutoRun.exe

#:20 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4278198165
Threads : 1
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright © 1999, Netropa Corp.
OriginalFilename : KeybdMgr.exe

#:21 [WKCALREM.EXE]
FilePath : C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\
ProcessID : 4278242825
Threads : 2
Priority : Normal
FileVersion : 5.00.1928.1
ProductVersion : 5.00.1928.1
ProductName : Microsoft® Works 2000
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : © 1999 Microsoft Corp. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:22 [OSD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4278398941
Threads : 1
Priority : Normal
FileVersion : 2.43
ProductVersion : 2.43
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1995-1999 Netropa Corp.
LegalTrademarks : Netropa
OriginalFilename : OSD.EXE

#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4278444421
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:24 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4278539781
Threads : 1
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe

#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4278425093
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie: [email protected]/
Expires : 1-25-12 8:16:24 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6



Deep scanning and examining files (c
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\ [email protected][1].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

7:40:32 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:00.400
Objects scanned:87371
Objects identified:2
Objects ignored:0
New critical objects:2

I.E. is no longer being "hijacked". A week ago, I simply changed the home page and had no problem afterwards. I'm not sure if it was that, and I was just hoodwinked, or if one of the past procedures helped.

Also, can you recommend an always-on spyware killer for win98? Or does AVS take care of spyware too.

Thanks for all your help

 

[Ried]

Hi,

AVS is mainly an Anti Virus. If you're looking for real-time protection, you can enable TeaTimer in Spybot:

Launch Spybot S&D>Mode>Advanced>Tools and select 'Resident'.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them--these will work with Windows 98:

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected will reduce dramatically. :smile:

 

[jeffrey-clark]

Thanks a lot for your help Ried. All seems to be well, except that Spyware Guard doesn't appear to update definitions any more (since 2004). I've downloaded and installed all the rest, though. We really appreciated your time.

 

[Ried]

You're welcome. :smile:

That is normal for SpywareGuard--download it anyway.:sayyes:

From the folks at SpywareGuard:

The reason for less frequent updates with SpywareGuard is that much of its detection abilities are heuristics in nature. (Basically this means it doesn't need a specific signature for every spyware it catches, simply an overall pattern or approach-used, which it can identify and then trigger off of.) So, SpywareGuard works for many of the newer versions of the same spyware installers even without adding "signatures" for them.