Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adaware log

Started by khrisx42 , Apr 23 2005 02:50 PM

  • Please log in to reply

#1
khrisx42
Posted 23 April 2005 - 02:50 PM

khrisx42

    New Member

  • Member
  • Pip
  • 5 posts
I have the aurora popup along with the green links found in the text.

i am posting the adaware log. i also have the hijack-this log if needed.

thanks alot i appreciate the help!

Lavasoft Ad-Aware Personal Build 1.03
Logfile Created on:Saturday, April 23, 2005 4:23:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace(TAC index:10):10 total references.
MRU List(TAC index:0):6 total references.
Tracking Cookie(TAC index:3):13 total references.
Windows(TAC index:3):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definition file before updating
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 4:23:24 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1715567821-179605362-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1715567821-179605362-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1715567821-179605362-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 672
ThreadCreationTime : 4-23-2005 6:25:54 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 4-23-2005 6:25:56 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1164
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 4-23-2005 6:26:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1728
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1744
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:14 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1768
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:15 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1804
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:16 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1832
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:17 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1852
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:18 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1888
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1912
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1944
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2040
ThreadCreationTime : 4-23-2005 6:26:10 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:22 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 4-23-2005 6:26:13 PM
BasePriority : Normal


#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 4-23-2005 6:26:13 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1492
ThreadCreationTime : 4-23-2005 6:26:24 PM
BasePriority : High


#:25 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1552
ThreadCreationTime : 4-23-2005 6:26:25 PM
BasePriority : Normal
FileVersion : 5.3.10.177
ProductVersion : 5.3.10.177
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:26 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1640
ThreadCreationTime : 4-23-2005 6:26:25 PM
BasePriority : Normal
FileVersion : 2.1.35 2.1.35 10/23/2003 14:21:54
ProductVersion : 2.1.35 2.1.35 10/23/2003 14:21:54
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:27 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1676
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 6.14.10.5090
ProductVersion : 6.14.10.5090
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:28 [eabservr.exe]
FilePath : C:\Program Files\HPQ\Quick Launch Buttons\
ProcessID : 1460
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 4, 20, 4, 1
ProductVersion : 4, 20, 4, 1
ProductName : Quick Launch Buttons
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
LegalCopyright : Copyright © 2001-2003 Hewlett-Packard Company
OriginalFilename : eabsrvr.exe

#:29 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1880
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:30 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1908
ThreadCreationTime : 4-23-2005 6:26:29 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:31 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1416
ThreadCreationTime : 4-23-2005 6:26:29 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:32 [mcagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\Agent\
ProcessID : 220
ThreadCreationTime : 4-23-2005 6:26:30 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:33 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 460
ThreadCreationTime : 4-23-2005 6:26:31 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:34 [omempk.exe]
FilePath : c:\windows\system32\
ProcessID : 496
ThreadCreationTime : 4-23-2005 6:26:32 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2216
ThreadCreationTime : 4-23-2005 6:27:18 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:36 [waol.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 1260
ThreadCreationTime : 4-23-2005 8:18:43 PM
BasePriority : Normal


#:37 [shellmon.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 3656
ThreadCreationTime : 4-23-2005 8:19:30 PM
BasePriority : Normal


#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3652
ThreadCreationTime : 4-23-2005 8:23:08 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 10
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 16


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@2o7[1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@atdmt[2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@hitbox[2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@tribalfusion[2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@fastclick[1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@doubleclick[1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@apmebf[2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@qksrv[2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@overture[1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher amador@trafficmp[1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher [email protected][2].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher [email protected][1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : christopher [email protected][1].txt
Category : Data Miner
Comment : Cookie:christopher [email protected]/
Value : Cookie:christopher [email protected]/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 13
Objects found so far: 29



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 29


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New Critical Objects:0
Objects found so far: 29




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 30

4:37:27 PM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:03.625
Objects scanned:110197
Objects identified:24
Objects ignored:0
New Critical Objects:24
  • 0

Advertisements

#2
Guest_nommork_*
Posted 23 April 2005 - 02:53 PM

Guest_nommork_*
  • Guest
Boot into Windows Safe Mode
Please launch Ad-Aware SE and click on the gear to access the Configuration Menu.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion" > Click Proceed.

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
You can use CCcleaner www.ccleaner.com

Important: check that your last scan was a "Full System Scan". If not, please select that option and start a scan, cancelling the scan after it starts. The object is to ensure that a full system scan will run in the following step.

Please run Ad-Aware SE just a bit differently, using the command line below:

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

Click OK.

Note: The path above (between the quotes) is the default location of Ad-Aware SE, if this has been changed by the user, please adjust it to the location that they have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.
ADS Scan
Start another Ad-aware se scan
Choose the scan volume for ADS
Click the the Select and click on the C:\ so all folders are checked
Uncheck the Search for negligible entries
Scan
In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply

Edited by nommork, 23 April 2005 - 02:54 PM.

  • 0

#3
khrisx42
Posted 23 April 2005 - 03:47 PM

khrisx42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
here is the latest log file from adaware..

Lavasoft Ad-Aware Personal Build 1.03
Logfile Created on:Saturday, April 23, 2005 5:26:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references.
Windows(TAC index:3):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definition file before updating
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 5:26:14 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-1715567821-179605362-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1715567821-179605362-839522115-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 672
ThreadCreationTime : 4-23-2005 6:25:54 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 4-23-2005 6:25:56 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 4-23-2005 6:25:58 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1164
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 4-23-2005 6:25:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 4-23-2005 6:26:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1728
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1744
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:14 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1768
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:15 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1804
ThreadCreationTime : 4-23-2005 6:26:07 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:16 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1832
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:17 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1852
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:18 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1888
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1912
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1944
ThreadCreationTime : 4-23-2005 6:26:08 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2040
ThreadCreationTime : 4-23-2005 6:26:10 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:22 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 4-23-2005 6:26:13 PM
BasePriority : Normal


#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 508
ThreadCreationTime : 4-23-2005 6:26:13 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1492
ThreadCreationTime : 4-23-2005 6:26:24 PM
BasePriority : High


#:25 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1552
ThreadCreationTime : 4-23-2005 6:26:25 PM
BasePriority : Normal
FileVersion : 5.3.10.177
ProductVersion : 5.3.10.177
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:26 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1640
ThreadCreationTime : 4-23-2005 6:26:25 PM
BasePriority : Normal
FileVersion : 2.1.35 2.1.35 10/23/2003 14:21:54
ProductVersion : 2.1.35 2.1.35 10/23/2003 14:21:54
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:27 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1676
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 6.14.10.5090
ProductVersion : 6.14.10.5090
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:28 [eabservr.exe]
FilePath : C:\Program Files\HPQ\Quick Launch Buttons\
ProcessID : 1460
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 4, 20, 4, 1
ProductVersion : 4, 20, 4, 1
ProductName : Quick Launch Buttons
CompanyName : Hewlett-Packard
FileDescription : Quick Launch Buttons
InternalName : eabsrvr
LegalCopyright : Copyright © 2001-2003 Hewlett-Packard Company
OriginalFilename : eabsrvr.exe

#:29 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1880
ThreadCreationTime : 4-23-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:30 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1908
ThreadCreationTime : 4-23-2005 6:26:29 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:31 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1416
ThreadCreationTime : 4-23-2005 6:26:29 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:32 [mcagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\Agent\
ProcessID : 220
ThreadCreationTime : 4-23-2005 6:26:30 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:33 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 460
ThreadCreationTime : 4-23-2005 6:26:31 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:34 [omempk.exe]
FilePath : c:\windows\system32\
ProcessID : 496
ThreadCreationTime : 4-23-2005 6:26:32 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2216
ThreadCreationTime : 4-23-2005 6:27:18 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:36 [hpzwrp01.exe]
FilePath : c:\temp\photosmart\Setup\
ProcessID : 1252
ThreadCreationTime : 4-23-2005 9:15:52 PM
BasePriority : Normal
FileVersion : 2,6,0,20
ProductVersion : 2,6,0,20
ProductName : ICE 2.6
CompanyName : Hewlett-Packard
FileDescription : ICE 2.6 Setup Wrapper/3rd party installer Plug in
InternalName : ICE 2.6 Setup Wrapper/3rd party installer Plug in
LegalCopyright : Copyright © 2002
LegalTrademarks : Copyright© Hewlett-Packard 2002
OriginalFilename : HPZwrp01.EXE

#:37 [wrapper.exe]
FilePath : c:\temp\photosmart\setup\Wrapper\
ProcessID : 3084
ThreadCreationTime : 4-23-2005 9:15:52 PM
BasePriority : Normal


#:38 [setup.exe]
FilePath : c:\temp\photosmart\setup\Wrapper\
ProcessID : 1940
ThreadCreationTime : 4-23-2005 9:15:53 PM
BasePriority : Normal
FileVersion : 5, 52, 164, 0
ProductVersion : 5, 52
ProductName : InstallShield®
CompanyName : InstallShield Software Corporation
FileDescription : 32-bit Setup Launcher
LegalCopyright : Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111

#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3672
ThreadCreationTime : 4-23-2005 9:25:04 PM
BasePriority : Normal
FileVersion : 6.2.0.162
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 4


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 4


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New Critical Objects:0
Objects found so far: 4




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 4

5:39:16 PM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:02.375
Objects scanned:109409
Objects identified:1
Objects ignored:0
New Critical Objects:1


let me know if i have to do anything next...thanks
  • 0

#4
Eric the Red
Posted 23 April 2005 - 04:15 PM

Eric the Red

    Member

  • Member
  • PipPip
  • 13 posts
There is one thing that you must do and that is update your copy of Lavasoft's Ad-Aware SE:

Lavasoft Ad-Aware Personal Build 1.03



The latest version of ad-Aware is Build 1.05. You can get that version from this link or by visiting http://www.lavasoft.de


Ad-Aware SE may not function correctly if old versions are not removed prior to installing a new version or an upgrade. To ensure proper installation and operation of Ad-Aware SE please make sure "Yes, uninstall previous version of Ad-Aware. (Recommended)" is selected and click "Next" to continue.

a. Ad-Aware Plug-in Uninstall pop-up -- You might get a grey pop-up asking if you want to uninstall the plug-ins for the previous version of Ad-Aware. Click "Yes" to remove the old plug-ins and continue the uninstall process.

b. Select Uninstall method -- Select "Automatic" and click "Next".

c. Perform Uninstall -- Click finish to complete uninstalling your old version of Ad-Aware.

d. Uninstall Successful! -- Click "Next" to continue with the installation of Ad-Aware SE

Once you have installed the newly downloaded version ensure that you use the Webupdate feature to get the latest defs.ref signature file and scan again as my learned colleague normmork has described. :tazz:
  • 0

#5
Guest_nommork_*
Posted 23 April 2005 - 04:17 PM

Guest_nommork_*
  • Guest
:tazz: eric the red

were always a tema mo matter where we are ;)

Edited by nommork, 23 April 2005 - 04:20 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP